[Webkit-unassigned] [Bug 109699] New: ASSERT(m_context->document()->documentElement() != m_context) in SVGLengthContext

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Feb 13 08:14:31 PST 2013


https://bugs.webkit.org/show_bug.cgi?id=109699

           Summary: ASSERT(m_context->document()->documentElement() !=
                    m_context) in SVGLengthContext
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: SVG
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: reni at webkit.org
                CC: zimmermann at kde.org, krit at webkit.org,
                    zherczeg at webkit.org, pdr at google.com,
                    fmalita at chromium.org


During SVG Fuzzing I've got an assertion faulire:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4d23494 in WebCore::SVGLengthContext::determineViewport (this=0x7fffffffc640, width=@0x7fffffffc4f8: 0, height=@0x7fffffffc4fc: 0)
    at /home/reni/Data/REPOS/webkit/Source/WebCore/svg/SVGLengthContext.cpp:298
298        ASSERT(m_context->document()->documentElement() != m_context);



The test was:

<svg xmlns="http://www.w3.org/2000/svg">
    <animate attributeName="width" to="0%"></animate>
</svg>

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list