[Webkit-unassigned] [Bug 106432] New: [Qt] WebKit crashes in QPainterPath::elementAt()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 9 02:37:25 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=106432
Summary: [Qt] WebKit crashes in QPainterPath::elementAt()
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: SVG
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: reni at webkit.org
CC: zimmermann at kde.org, zherczeg at webkit.org,
fmalita at chromium.org
During SVG fuzzing I got a crash in QPainterPath::elementAt() function. The used test is attached.
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x00007fffe9608dfe in QPainterPath::elementAt(int) const () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Gui.so.5
(gdb) bt
#0 0x00007fffe9608dfe in QPainterPath::elementAt(int) const () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Gui.so.5
#1 0x00007fffe961d674 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Gui.so.5
#2 0x00007fffe961e75c in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Gui.so.5
#3 0x00007fffe961ea69 in QPathClipper::intersect(QPainterPath const&, QRectF const&) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Gui.so.5
#4 0x00007fffe961fbb5 in QPathClipper::clip(QPathClipper::Operation) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Gui.so.5
#5 0x00007fffe960de6f in QPainterPath::intersected(QPainterPath const&) const () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Gui.so.5
#6 0x00007fffe95d3942 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Gui.so.5
#7 0x00007fffe95d29d8 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Gui.so.5
#8 0x00007fffe95d3d3b in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Gui.so.5
#9 0x00007fffe95ebfd8 in QRasterPaintEngine::fill(QVectorPath const&, QBrush const&) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Gui.so.5
#10 0x00007fffe9608142 in QPainter::fillPath(QPainterPath const&, QBrush const&) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Gui.so.5
#11 0x00007ffff48292dc in fillPathStroke (painter=0x7fffffffbce0, pathStroker=..., platformPath=..., brush=...)
at /home/reni/WebKit-git/Source/WebCore/platform/graphics/qt/GraphicsContextQt.cpp:597
#12 0x00007ffff4829a0e in WebCore::GraphicsContext::strokePath (this=0x7fffffffba90, path=...)
at /home/reni/WebKit-git/Source/WebCore/platform/graphics/qt/GraphicsContextQt.cpp:653
#13 0x00007ffff4994506 in WebCore::RenderSVGShape::strokeShape (this=0x9ab928, context=0x7fffffffba90)
at /home/reni/WebKit-git/Source/WebCore/rendering/svg/RenderSVGShape.cpp:98
#14 0x00007ffff4991d87 in WebCore::RenderSVGPath::strokeShape (this=0x9ab928, context=0x7fffffffba90)
at /home/reni/WebKit-git/Source/WebCore/rendering/svg/RenderSVGPath.cpp:85
#15 0x00007ffff49b932b in WebCore::RenderSVGResourceSolidColor::postApplyResource (this=0x6855d0, context=@0x7fffffffa188, resourceMode=4, path=0x0,
shape=0x9ab928) at /home/reni/WebKit-git/Source/WebCore/rendering/svg/RenderSVGResourceSolidColor.cpp:105
#16 0x00007ffff4994ef3 in WebCore::RenderSVGShape::strokeShape (this=0x9ab928, style=0x724440, context=0x7fffffffba90)
at /home/reni/WebKit-git/Source/WebCore/rendering/svg/RenderSVGShape.cpp:241
#17 0x00007ffff4995058 in WebCore::RenderSVGShape::fillAndStrokeShape (this=0x9ab928, context=0x7fffffffba90)
at /home/reni/WebKit-git/Source/WebCore/rendering/svg/RenderSVGShape.cpp:268
...
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list