[Webkit-unassigned] [Bug 74858] New: chrome.dll!WebCore::SVGTRefElement::updateReferencedText ReadAV at NULL (e85cb8e140071fa7790cad215b0109dc)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Dec 19 05:48:46 PST 2011 

https://bugs.webkit.org/show_bug.cgi?id=74858

           Summary: chrome.dll!WebCore::SVGTRefElement::updateReferencedTe
                    xt ReadAV at NULL (e85cb8e140071fa7790cad215b0109dc)
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Windows Vista
            Status: NEW
          Severity: Normal
          Priority: P1
         Component: SVG
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: skylined at chromium.org
                CC: eric at webkit.org, zimmermann at kde.org


Chromium: http://code.google.com/p/chromium/issues/detail?id=108057

<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
  <text id="text"></text>
  <tref xlink:href="#text"/>
  <script>
    document.documentElement.replaceChild(
        document.createElement('anything'), // inserted element
        document.getElementById('text'));   // removed element
  </script>
</svg>

stack:          chrome.dll!WebCore::SVGTRefElement::updateReferencedText
                chrome.dll!WebCore::SubtreeModificationEventListener::handleEvent
                chrome.dll!WebCore::EventTarget::fireEventListeners
                chrome.dll!WebCore::EventTarget::fireEventListeners
                chrome.dll!WebCore::Node::handleLocalEvents
                chrome.dll!WebCore::EventDispatcher::dispatchEvent
                chrome.dll!WebCore::EventDispatchMediator::dispatchEvent
                chrome.dll!WebCore::EventDispatcher::dispatchEvent
                chrome.dll!WebCore::ScopedEventQueue::dispatchEvent
                chrome.dll!WebCore::ScopedEventQueue::enqueueEventDispatchMediator
                chrome.dll!WebCore::EventDispatcher::dispatchScopedEvent
                chrome.dll!WebCore::Node::dispatchScopedEvent
                chrome.dll!WebCore::Node::dispatchSubtreeModifiedEvent
                chrome.dll!WebCore::ContainerNode::replaceChild
                chrome.dll!WebCore::Node::replaceChild
                chrome.dll!WebCore::V8Node::replaceChildCallback
                chrome.dll!v8::internal::HandleApiCallHelper<...>
                chrome.dll!v8::internal::Builtin_HandleApiCall
                chrome.dll!v8::internal::Invoke
                chrome.dll!v8::internal::Execution::Call
                ...

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list