[Webkit-unassigned] [Bug 164774] New: Crash in WebCore::SVGRenderSupport::updateMaskedAncestorShouldIsolateBlending

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 15 08:22:57 PST 2016 

https://bugs.webkit.org/show_bug.cgi?id=164774

            Bug ID: 164774
           Summary: Crash in
                    WebCore::SVGRenderSupport::updateMaskedAncestorShouldI
                    solateBlending
    Classification: Unclassified
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: Macintosh
               URL: https://www.theguardian.com/world/2016/nov/15/japan-fi
                    xes-vast-fukuoka-city-sinkhole-repaired-two-days
                OS: macOS 10.12
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dieter at komendera.com

Created attachment 294836
  --> https://bugs.webkit.org/attachment.cgi?id=294836&action=review
crash log

I can reliably reproduce the crash with these steps:

1) Go go https://www.theguardian.com/world/2016/nov/15/japan-fixes-vast-fukuoka-city-sinkhole-repaired-two-days
2) Scroll down towards the "related content" section

macOS 10.12.1 (16B2555)
Release 17 (Safari 10.1, WebKit 12603.1.11.1)

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                 0x000000010cb8844b WebCore::SVGRenderSupport::updateMaskedAncestorShouldIsolateBlending(WebCore::RenderElement const&) + 123
1   com.apple.WebCore                 0x000000010cadcdda WebCore::RenderElement::styleDidChange(WebCore::StyleDifference, WebCore::RenderStyle const*) + 122
2   com.apple.WebCore                 0x000000010be22e1d WebCore::RenderSVGModelObject::styleDidChange(WebCore::StyleDifference, WebCore::RenderStyle const*) + 77
3   com.apple.WebCore                 0x000000010cbc74fa WebCore::RenderTreeUpdater::createRenderer(WebCore::Element&, WebCore::RenderStyle&&) + 778
4   com.apple.WebCore                 0x000000010cbc652d WebCore::RenderTreeUpdater::updateElementRenderer(WebCore::Element&, WebCore::Style::ElementUpdate&) + 349
5   com.apple.WebCore                 0x000000010cbc5700 WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&) + 592
6   com.apple.WebCore                 0x000000010cbc543b WebCore::RenderTreeUpdater::commit(std::__1::unique_ptr<WebCore::Style::Update, std::__1::default_delete<WebCore::Style::Update> >) + 411
7   com.apple.WebCore                 0x000000010c193a8e WebCore::Document::recalcStyle(WebCore::Style::Change) + 766
8   com.apple.WebCore                 0x000000010bd824d6 WebCore::Document::updateLayout() + 134

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161115/0efc3ef9/attachment-0001.html>

More information about the webkit-unassigned mailing list