[Webkit-unassigned] [Bug 47498] Crash while processing ill-formed	SVG with cycles.
    bugzilla-daemon at webkit.org 
    bugzilla-daemon at webkit.org
       
    Tue Oct 12 12:50:09 PDT 2010
    
    
  
https://bugs.webkit.org/show_bug.cgi?id=47498
--- Comment #2 from Cosmin Truta <ctruta at chromium.org>  2010-10-12 12:50:09 PST ---
Here is what happens, according to Niko's interpretation of the debug output:
It's processing the <textPath>, and it has "Fill" set to the filter element. That should be avoided, in advance.
The failing ASSERT is placed correctly.
We shouldn't store a fill resource pointing to a filter at all. Only linear/radialGradients/patterns should be allowed as fill/stroke: only clip as clipper, only mask as masker, only filter as filter.
That's just missing. It should be easy to patch into SVGResources::buildCachedResources.
Once that is fixed, the cycle detection logic won't run at all for these cases in "static inline RenderSVGResourceContainer* paintingResourceFromSVGPaint(Document* document, SVGPaint* paint, AtomicString& id, bool& hasPendingResource)"
There's the getRenderSVGResourceContainerById() call that returns the filter here. We should check if the resource type is lingrad/radgrad or pattern. If it's not the container, it should be nulled.
-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
    
    
More information about the webkit-unassigned
mailing list