[Webkit-unassigned] [Bug 87964] New: Lonely stop crashes

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu May 31 06:06:46 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=87964

           Summary: Lonely stop crashes
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: SVG
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: pdr at google.com
                CC: zimmermann at kde.org


Created an attachment (id=145071)
 --> (https://bugs.webkit.org/attachment.cgi?id=145071&action=review)
Repro case

The following will crash:
<svg xmlns="http://www.w3.org/2000/svg">
  <stop/>
</svg>

Stacktrace:
Program received signal SIGSEGV, Segmentation fault.
0x00007fa9362a101a in WebCore::RenderObject::nodeAtFloatPoint (this=0x7fa9313e0cd8) at ../../third_party/WebKit/Source/WebCore/rendering/RenderObject.cpp:2966
2966        ASSERT_NOT_REACHED();
(gdb) bt
#0  0x00007fa9362a101a in WebCore::RenderObject::nodeAtFloatPoint (this=0x7fa9313e0cd8) at ../../third_party/WebKit/Source/WebCore/rendering/RenderObject.cpp:2966
#1  0x00007fa9348799cc in WebCore::RenderSVGRoot::nodeAtPoint (this=0x7fa92463c198, request=..., result=..., pointInContainer=..., accumulatedOffset=..., hitTestAction=
    WebCore::HitTestForeground) at ../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGRoot.cpp:429
#2  0x00007fa93629f471 in WebCore::RenderObject::hitTest (this=0x7fa92463c198, request=..., result=..., pointInContainer=..., accumulatedOffset=..., hitTestFilter=
    WebCore::HitTestDescendants) at ../../third_party/WebKit/Source/WebCore/rendering/RenderObject.cpp:2465
#3  0x00007fa9362526a8 in WebCore::RenderLayer::hitTestContents (this=0x7fa92462f018, request=..., result=..., layerBounds=..., hitTestPoint=..., hitTestFilter=
    WebCore::HitTestDescendants) at ../../third_party/WebKit/Source/WebCore/rendering/RenderLayer.cpp:3596
#4  0x00007fa93625225c in WebCore::RenderLayer::hitTestLayer (this=0x7fa92462f018, rootLayer=0x7fa92462fb58, containerLayer=0x7fa92462fb58, request=..., result=..., 
    hitTestRect=..., hitTestPoint=..., appliedTransform=false, transformState=0x0, zOffset=0x0) at ../../third_party/WebKit/Source/WebCore/rendering/RenderLayer.cpp:3551
#5  0x00007fa93625297d in WebCore::RenderLayer::hitTestList (this=0x7fa92462fb58, list=0x7fa92463ede0, rootLayer=0x7fa92462fb58, request=..., result=..., hitTestRect=..., 
    hitTestPoint=..., transformState=0x0, zOffsetForDescendants=0x0, zOffset=0x0, unflattenedTransformState=0x0, depthSortDescendants=false)
    at ../../third_party/WebKit/Source/WebCore/rendering/RenderLayer.cpp:3639
#6  0x00007fa9362520bd in WebCore::RenderLayer::hitTestLayer (this=0x7fa92462fb58, rootLayer=0x7fa92462fb58, containerLayer=0x0, request=..., result=..., hitTestRect=..., 
    hitTestPoint=..., appliedTransform=false, transformState=0x0, zOffset=0x0) at ../../third_party/WebKit/Source/WebCore/rendering/RenderLayer.cpp:3531
#7  0x00007fa936251382 in WebCore::RenderLayer::hitTest (this=0x7fa92462fb58, request=..., result=...)
    at ../../third_party/WebKit/Source/WebCore/rendering/RenderLayer.cpp:3313
#8  0x00007fa9362fc397 in WebCore::RenderView::hitTest (this=0x7fa931329498, request=..., result=...) at ../../third_party/WebKit/Source/WebCore/rendering/RenderView.cpp:83
#9  0x00007fa9349e12e1 in WebCore::Document::prepareMouseEvent (this=0x7fa924611000, request=..., documentPoint=..., event=...)
    at ../../third_party/WebKit/Source/WebCore/dom/Document.cpp:3081
#10 0x00007fa9345e77ac in WebCore::EventHandler::prepareMouseEvent (this=0x7fa92457ea88, request=..., mev=...)
    at ../../third_party/WebKit/Source/WebCore/page/EventHandler.cpp:2090
#11 0x00007fa9345e5f29 in WebCore::EventHandler::handleMouseMoveEvent (this=0x7fa92457ea88, mouseEvent=..., hoveredNode=0x7fff3f091cf0, onlyUpdateScrollbars=false)
    at ../../third_party/WebKit/Source/WebCore/page/EventHandler.cpp:1769
#12 0x00007fa9345e5a8c in WebCore::EventHandler::mouseMoved (this=0x7fa92457ea88, event=...) at ../../third_party/WebKit/Source/WebCore/page/EventHandler.cpp:1691
#13 0x00007fa93368c465 in WebKit::PageWidgetEventHandler::handleMouseMove (this=0x7fa93130ee38, mainFrame=..., event=...)
    at ../../third_party/WebKit/Source/WebKit/chromium/src/PageWidgetDelegate.cpp:193
#14 0x00007fa93368c1cd in WebKit::PageWidgetDelegate::handleInputEvent (page=0x7fa931397200, handler=..., event=...)
    at ../../third_party/WebKit/Source/WebKit/chromium/src/PageWidgetDelegate.cpp:116
#15 0x00007fa933643c85 in WebKit::WebViewImpl::handleInputEvent (this=0x7fa93130ee00, inputEvent=...)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list