[Webkit-unassigned] [Bug 199426] New: Assertion fires when setting the event of an SVG element which is referenced by a <use> element

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jul 2 17:57:37 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=199426

            Bug ID: 199426
           Summary: Assertion fires when setting the event of an SVG
                    element which is referenced by a <use> element
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: SVG
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: sabouhallawa at apple.com
                CC: zimmermann at kde.org

Open the following test case in WebKit.

    <svg>
        <tspan id="text"/>
        <use xlink:href="#text"/>
    </svg>
    <script>
        setTimeout( function() {
            var text = document.getElementById("text");
            text.setAttribute("onfocusout", "onfocusout");
        }, 0);
    </script>

Result: The following assertion fires:

#0      0x000000011300b5e0 in ::WTFCrash()
#1      0x0000000118bd32db in WTFCrashWithInfo(int, char const*, char const*, int)
#2      0x000000011ac58b0c in WebCore::JSLazyEventListener::checkValidityForEventTarget(WebCore::EventTarget&)
#3      0x000000011b28a1b9 in WebCore::EventTarget::addEventListener(WTF::AtomString const&, WTF::Ref<WebCore::EventListener, WTF::DumbPtrTraits<WebCore::EventListener> >&&, WebCore::EventTarget::AddEventListenerOptions const&)
#4      0x000000011b2fcea0 in WebCore::tryAddEventListener(WebCore::Node*, WTF::AtomString const&, WTF::Ref<WebCore::EventListener, WTF::DumbPtrTraits<WebCore::EventListener> >&&, WebCore::EventTarget::AddEventListenerOptions const&)
#5      0x000000011b2fce38 in WebCore::Node::addEventListener(WTF::AtomString const&, WTF::Ref<WebCore::EventListener, WTF::DumbPtrTraits<WebCore::EventListener> >&&, WebCore::EventTarget::AddEventListenerOptions const&)
#6      0x000000011c9717a0 in WebCore::SVGElement::addEventListener(WTF::AtomString const&, WTF::Ref<WebCore::EventListener, WTF::DumbPtrTraits<WebCore::EventListener> >&&, WebCore::EventTarget::AddEventListenerOptions const&)
#7      0x000000011b28ae2b in WebCore::EventTarget::setAttributeEventListener(WTF::AtomString const&, WTF::RefPtr<WebCore::EventListener, WTF::DumbPtrTraits<WebCore::EventListener> >&&, WebCore::DOMWrapperWorld&)
#8      0x000000011b240e86 in WebCore::Element::setAttributeEventListener(WTF::AtomString const&, WebCore::QualifiedName const&, WTF::AtomString const&)
#9      0x000000011c9713c5 in WebCore::SVGElement::parseAttribute(WebCore::QualifiedName const&, WTF::AtomString const&)
#10     0x000000011cac7e40 in WebCore::SVGGraphicsElement::parseAttribute(WebCore::QualifiedName const&, WTF::AtomString const&)
#11     0x000000011cbe8d37 in WebCore::SVGTextContentElement::parseAttribute(WebCore::QualifiedName const&, WTF::AtomString const&)
#12     0x000000011cbe5ad5 in WebCore::SVGTextPositioningElement::parseAttribute(WebCore::QualifiedName const&, WTF::AtomString const&)
#13     0x000000011b23baa8 in WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomString const&, WTF::AtomString const&, WebCore::Element::AttributeModificationReason)
#14     0x000000011b39778f in WebCore::StyledElement::attributeChanged(WebCore::QualifiedName const&, WTF::AtomString const&, WTF::AtomString const&, WebCore::Element::AttributeModificationReason)
#15     0x000000011c9720fb in WebCore::SVGElement::attributeChanged(WebCore::QualifiedName const&, WTF::AtomString const&, WTF::AtomString const&, WebCore::Element::AttributeModificationReason)
#16     0x000000011b2429df in WebCore::Element::didAddAttribute(WebCore::QualifiedName const&, WTF::AtomString const&)
#17     0x000000011b242923 in WebCore::Element::addAttributeInternal(WebCore::QualifiedName const&, WTF::AtomString const&, WebCore::Element::SynchronizationOfLazyAttribute)
#18     0x000000011b23b241 in WebCore::Element::setAttributeInternal(unsigned int, WebCore::QualifiedName const&, WTF::AtomString const&, WebCore::Element::SynchronizationOfLazyAttribute)
#19     0x000000011b23b4fd in WebCore::Element::setAttribute(WTF::AtomString const&, WTF::AtomString const&)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190703/6d815817/attachment-0001.html>

More information about the webkit-unassigned mailing list