[Webkit-unassigned] [Bug 109699] New: ASSERT(m_context->document()->documentElement() != m_context) in SVGLengthContext
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 13 08:14:31 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=109699
Summary: ASSERT(m_context->document()->documentElement() !=
m_context) in SVGLengthContext
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: SVG
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: reni at webkit.org
CC: zimmermann at kde.org, krit at webkit.org,
zherczeg at webkit.org, pdr at google.com,
fmalita at chromium.org
During SVG Fuzzing I've got an assertion faulire:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4d23494 in WebCore::SVGLengthContext::determineViewport (this=0x7fffffffc640, width=@0x7fffffffc4f8: 0, height=@0x7fffffffc4fc: 0)
at /home/reni/Data/REPOS/webkit/Source/WebCore/svg/SVGLengthContext.cpp:298
298 ASSERT(m_context->document()->documentElement() != m_context);
The test was:
<svg xmlns="http://www.w3.org/2000/svg">
<animate attributeName="width" to="0%"></animate>
</svg>
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list