[Webkit-unassigned] [Bug 98059] New: Assertion hit in SVGSMILElement.cpp:1118 ASSERT(time.isFinite());

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Oct 1 12:03:22 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=98059

           Summary: Assertion hit in SVGSMILElement.cpp:1118
                    ASSERT(time.isFinite());
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: SVG
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: dmazzoni at google.com
                CC: zimmermann at kde.org


The following file triggers an assertion when run under ASAN. It's easy to reproduce as a layout test, just compile with asan and then run DumpRenderTree and pass it a file containing the svg below.

The problem goes away if I add a duration to the set, e.g. dur="1s" - but I don't think there should be an assertion failure just because the duration is missing.

<svg xmlns:xlink="http://www.w3.org/1999/xlink">
  <text id="a">Text</text>
  <use xlink:href="#a">
    <set id="b" attributeName="xlink:href" begin="0s; b.end"/>
  </use>
</svg>

ASAN:SIGSEGV
=================================================================
==21425== ERROR: AddressSanitizer crashed on unknown address 0x0000bbadbeef (pc 0x7f9c4159abb7 sp 0x7fff8151b300 bp 0x7fff8151b810 T0)
AddressSanitizer can not provide additional info.
    #0 0x7f9c4159abb6 in WebCore::SVGSMILElement::createInstanceTimesFromSyncbase(WebCore::SVGSMILElement*, WebCore::SVGSMILElement::NewOrExistingInterval) out/Debug/../../third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.cpp:1118
    #1 0x7f9c4158fd7d in WebCore::SVGSMILElement::addTimeDependent(WebCore::SVGSMILElement*) out/Debug/../../third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.cpp:1131
    #2 0x7f9c4158da13 in WebCore::SVGSMILElement::connectConditions() out/Debug/../../third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.cpp:510
    #3 0x7f9c41598ada in WebCore::SVGSMILElement::progress(WebCore::SMILTime, WebCore::SVGSMILElement*, bool) out/Debug/../../third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.cpp:1023
    #4 0x7f9c415631df in WebCore::SMILTimeContainer::updateAnimations(WebCore::SMILTime, bool) out/Debug/../../third_party/WebKit/Source/WebCore/svg/animation/SMILTimeContainer.cpp:252
    #5 0x7f9c41562231 in WebCore::SMILTimeContainer::begin() out/Debug/../../third_party/WebKit/Source/WebCore/svg/animation/SMILTimeContainer.cpp:100
    #6 0x7f9c40f75a87 in WebCore::SVGDocumentExtensions::startAnimations() out/Debug/../../third_party/WebKit/Source/WebCore/svg/SVGDocumentExtensions.cpp:105
    #7 0x7f9c3ef43f30 in WebCore::Document::implicitClose() out/Debug/../../third_party/WebKit/Source/WebCore/dom/Document.cpp:2570

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list