[Webkit-unassigned] [Bug 81992] New: SVG crash in getCTM on hidden text
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 22 16:51:37 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=81992
Summary: SVG crash in getCTM on hidden text
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: SVG
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: schenney at chromium.org
CC: zimmermann at kde.org, schenney at chromium.org
Created an attachment (id=133385)
--> (https://bugs.webkit.org/attachment.cgi?id=133385&action=review)
Test case
Chromium http://code.google.com/p/chromium/issues/detail?id=117139
In the attached test case, click on "Hide text" then "getCTM". Chrome crashes with this reported stack trace:
Thread 0 *CRASHED* ( EXC_BAD_ACCESS / KERN_PROTECTION_FAILURE @ 0x00000004 )
0x1dd34b13 [Google Chrome Framework - ../../JavaScriptCore/wtf/RefPtr.h:60] WebCore::SVGTextElement::animatedLocalTransform
0x1dd34e0c [Google Chrome Framework + 0x01c99e0c] non-virtual thunk to WebCore::SVGTextElement::animatedLocalTransform() const
0x1dd35521 [Google Chrome Framework - ../svg/SVGTransformable.h:49] WebCore::SVGTextElement::localCoordinateSpaceTransform
0x1dcfb4bf [Google Chrome Framework - SVGLocatable.cpp:92] WebCore::SVGLocatable::computeCTM
0x1dd34a36 [Google Chrome Framework - SVGTextElement.cpp:104] WebCore::SVGTextElement::getCTM
0x1db980d5 [Google Chrome Framework - V8SVGTextElement.cpp:85] WebCore::SVGTextElementInternal::getCTMCallback
0x1cd95b91 [Google Chrome Framework - builtins.cc:1136] v8::internal::Builtin_HandleApiCall
0x4020a335
0x40230b88
0x402308f6
0x40230ad1
0x40221b58
0x40213189
0x1cdb57c2 [Google Chrome Framework + 0x00d1a7c2] v8::internal::Invoke(bool, v8::internal::Handle<v8::internal::JSFunction>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, bool*)
0x1cdb5403 [Google Chrome Framework - execution.cc:170] v8::internal::Execution::Call
0x1cd760b0 [Google Chrome Framework - api.cc:3608] v8::Function::Call
0x1d6be756 [Google Chrome Framework - V8Proxy.cpp:437] WebCore::V8Proxy::instrumentedCallFunction
0x1d6be42b [Google Chrome Framework - V8Proxy.cpp:407] WebCore::V8Proxy::callFunction
0x1d6b9e92 [Google Chrome Framework - V8LazyEventListener.cpp:71] WebCore::V8LazyEventListener::callListenerFunction
0x1d6b22b2 [Google Chrome Framework - V8AbstractEventListener.cpp:159] WebCore::V8AbstractEventListener::invokeEventHandler
0x1d6b2125 [Google Chrome Framework - V8AbstractEventListener.cpp:104] WebCore::V8AbstractEventListener::handleEvent
0x1d417347 [Google Chrome Framework - EventTarget.cpp:231] WebCore::EventTarget::fireEventListeners
0x1d4171a5 [Google Chrome Framework - EventTarget.cpp:198] WebCore::EventTarget::fireEventListeners
0x1d4247d8 [Google Chrome Framework - Node.cpp:2787] WebCore::Node::handleLocalEvents
0x1d412631 [Google Chrome Framework - EventDispatcher.cpp:298] WebCore::EventDispatcher::dispatchEvent
0x1d41b50c [Google Chrome Framework - MouseEvent.cpp:207] WebCore::MouseEventDispatchMediator::dispatchEvent
0x1d411c7f [Google Chrome Framework - EventDispatcher.cpp:55] WebCore::EventDispatcher::dispatchEvent
0x1d42506c [Google Chrome Framework - Node.cpp:2852] WebCore::Node::dispatchMouseEvent
0x1d91b7ab [Google Chrome Framework - EventHandler.cpp:2207] WebCore::EventHandler::dispatchMouseEvent
0x1d91caad [Google Chrome Framework - EventHandler.cpp:1857] WebCore::EventHandler::handleMouseReleaseEvent
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list