[Webkit-unassigned] [Bug 84657] Crash or assertion failure (m_isAnimating) when adding another instance of an animated element while the animation is running

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 23 17:33:04 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=84657


Tim Horton <timothy_horton at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Assertion failure           |Crash or assertion failure
                   |(m_isAnimating) when adding |(m_isAnimating) when adding
                   |another instance of an      |another instance of an
                   |animated element while the  |animated element while the
                   |animation is running        |animation is running




--- Comment #1 from Tim Horton <timothy_horton at apple.com>  2012-04-23 17:33:04 PST ---
Oh, hey, it crashes instead if it's a release build:

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000028

0   com.apple.WebCore                 0x00007fff9069b864 void WebCore::SVGAnimatedTypeAnimator::executeAction<WebCore::SVGAnimatedPropertyTearOff<WebCore::SVGLength> >(WebCore::SVGAnimatedTypeAnimator::AnimationAction, WTF::Vector<WebCore::SVGAnimatedProperty*, 0ul> const&, unsigned int, WebCore::SVGAnimatedPropertyTearOff<WebCore::SVGLength>::ContentType*) + 244
1   com.apple.WebCore                 0x00007fff906a420d WebCore::SVGAnimateElement::targetElementWillChange(WebCore::SVGElement*, WebCore::SVGElement*) + 141
2   com.apple.WebCore                 0x00007fff9070191b WebCore::SVGSMILElement::resetTargetElement() + 27
3   com.apple.WebCore                 0x00007fff8fda0718 WebCore::SVGDocumentExtensions::removeAllAnimationElementsFromTarget(WebCore::SVGElement*) + 104
4   com.apple.WebCore                 0x00007fff8fdae22d WebCore::SVGElement::removedFromDocument() + 29
5   com.apple.WebCore                 0x00007fff8fdae1cf WebCore::SVGStyledElement::removedFromDocument() + 31
6   com.apple.WebCore                 0x00007fff90129083 void WebCore::Private::addChildNodesToDeletionQueue<WebCore::Node, WebCore::ContainerNode>(WebCore::Node*&, WebCore::Node*&, WebCore::ContainerNode*) + 83
7   com.apple.WebCore                 0x00007fff8fc0aee8 void WebCore::removeAllChildrenInContainer<WebCore::Node, WebCore::ContainerNode>(WebCore::ContainerNode*) + 136
8   com.apple.WebCore                 0x00007fff8fc0ac21 WebCore::Document::removedLastRef() + 449
9   com.apple.WebCore                 0x00007fff904b0daf WebCore::JSNode::destroy(JSC::JSCell*) + 47
10  com.apple.JavaScriptCore          0x00007fff89b215fe JSC::MarkedBlock::FreeCell* JSC::MarkedBlock::sweepHelper<true>(JSC::MarkedBlock::SweepMode) + 350
11  com.apple.JavaScriptCore          0x00007fff89ace6cb JSC::Heap::sweep() + 107
12  com.apple.JavaScriptCore          0x00007fff89acef57 JSC::Heap::collect(JSC::Heap::SweepToggle) + 151

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list