[Webkit-unassigned] [Bug 106011] New: Repaint rect for SVG box shadow is wrong, and crashes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 3 05:57:26 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=106011
Summary: Repaint rect for SVG box shadow is wrong, and crashes
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
URL: http://jsbin.com/ocizep/1
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: SVG
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: schenney at chromium.org
CC: zimmermann at kde.org, krit at webkit.org, pdr at google.com,
timothy_horton at apple.com, fmalita at chromium.org
See the example at the given URL. This is Chrome bug http://code.google.com/p/chromium/issues/detail?id=167584
When scrolling down the page, then back up, one can see that the box shadow is not cleared upon repaint. I assume this is because the repaint rect does not include the shadow. thorton, can you look at this? As I recall you were in this space very recently.
Here's the example:
<html>
<head>
</head>
<body>
<svg style='height:10px; position:fixed; top:0px; left:0px; width:100%; box-shadow:1px 1px 5px 3px #aaaaaa;'>
<rect x="0" width="100%" height="100%" style="fill:rgb(102,86,134);"></rect>
</svg>
<div style='height:3000px;'></div>
</body>
</html>
Even better! This crashes on startup in ToT Debug chrome with an assertion:
ASSERTION FAILED: mode & UseTransforms
../../third_party/WebKit/Source/WebCore/rendering/svg/RenderSVGRoot.cpp(407) : virtual void WebCore::RenderSVGRoot::mapLocalToContainer(const WebCore::RenderLayerModelObject *, WebCore::TransformState &, MapCoordinatesFlags, bool *) const
Received signal 11
base::debug::StackTrace::StackTrace() [0x7f330e0efdbe]
base::debug::(anonymous namespace)::StackDumpSignalHandler() [0x7f330e0efd75]
<unknown> [0x7f330427d4a0]
WebCore::RenderSVGRoot::mapLocalToContainer() [0x7f330f987be3]
WebCore::RenderObject::localToAbsolute() [0x7f3311ef879e]
WebCore::accumulateOffsetTowardsAncestor() [0x7f3311e870dd]
WebCore::RenderLayer::convertToLayerCoords() [0x7f3311e7fb65]
WebCore::RenderLayer::paintLayerContents() [0x7f3311e9093d]
WebCore::RenderLayer::paintLayerContentsAndReflection() [0x7f3311e907a4]
WebCore::RenderLayer::paintLayer() [0x7f3311e8fdef]
WebCore::RenderLayer::paintList() [0x7f3311e927f9]
WebCore::RenderLayer::paintLayerContents() [0x7f3311e91a3b]
WebCore::RenderLayer::paintLayerContentsAndReflection() [0x7f3311e907a4]
WebCore::RenderLayer::paintLayer() [0x7f3311e8fdef]
WebCore::RenderLayer::paintList() [0x7f3311e927f9]
WebCore::RenderLayer::paintLayerContents() [0x7f3311e91a3b]
WebCore::RenderLayer::paintLayerContentsAndReflection() [0x7f3311e907a4]
WebCore::RenderLayer::paintLayer() [0x7f3311e8fdef]
WebCore::RenderLayer::paint() [0x7f3311e8f63e]
WebCore::FrameView::paintContents() [0x7f330f5f83e0]
WebCore::ScrollView::paint() [0x7f33111d218e]
WebKit::PageWidgetDelegate::paint() [0x7f330ddb854a]
WebKit::WebViewImpl::paint() [0x7f330dd5cd19]
content::RenderWidget::PaintRect() [0x7f33109a36af]
content::RenderWidget::DoDeferredUpdate() [0x7f331099e7b8]
content::RenderWidget::DoDeferredUpdateAndSendInputAck() [0x7f33109a2ae9]
content::RenderWidget::InvalidationCallback() [0x7f33109a4467]
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list