[Webkit-unassigned] [Bug 95002] New: Crash when same SVG used as a CSS background AND drawn on canvas

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=95002

           Summary: Crash when same SVG used as a CSS background AND drawn
                    on canvas
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh Intel
               URL: http://lea.verou.me/tests/svg-background.html
        OS/Version: Mac OS X 10.7
            Status: UNCONFIRMED
          Severity: Critical
          Priority: P2
         Component: SVG
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: lea at w3.org
                CC: zimmermann at kde.org, krit at webkit.org,
                    simon.fraser at apple.com, tabatkins at google.com


After reducing this bug for a painfully long time, I narrowed it down to the linked testcase, which should be sufficiently simple: If the same SVG file is drawn on a canvas AND used as a CSS background, the browser (or tab, in Canary) crashes. 

The testcase crashes both Chrome Canary and WebKit nightlies. The bug first appeared around 2±1 updates ago.

Things that do NOT seem to be relevant to the bug:

- The element where the SVG is applied
- The way to CSS is applied (JavaScript, inline style, linked etc)
- Whether the canvas is generated or pre-existing in the page
- The element that contains the canvas
- The dimensions of the canvas or SVG
- The SVG itself (tried with multiple)
- Other CSS properties that also accept <image> do not seem to trigger this (I tried content, border-image, cursor, list-style-image).

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.