[Webkit-unassigned] [Bug 258226] Handle SVGLength resolving in an inactive document gracefully

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Jul 22 04:26:37 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=258226

--- Comment #2 from Ahmad Saleem <ahmad.saleem792 at gmail.com> ---
Manage to confirm that it does not fix bug and not crash in 'Debug' with this patch and without patch, we get:

stderr:
SHOULD NEVER BE REACHED
/Users/ahmadsaleem/Documents/GitHub-Webkit-origin/Webkit/Source/WebCore/svg/SVGLengthContext.cpp(234) : const WebCore::RenderStyle *WebCore::renderStyleForLengthResolving(const WebCore::SVGElement *)
1   0x133bc1c68 WTFCrash
2   0x14d0434a0 WebCore::BaseAudioContext::currentSampleFrame() const
3   0x14fcf682c WebCore::renderStyleForLengthResolving(WebCore::SVGElement const*)
4   0x14fcf5ec0 WebCore::SVGLengthContext::convertValueFromEMSToUserUnits(float) const
5   0x14fcf5d18 WebCore::SVGLengthContext::convertValueToUserUnits(float, WebCore::SVGLengthType, WebCore::SVGLengthMode) const
6   0x14fcf7e50 WebCore::SVGLengthValue::valueForBindings(WebCore::SVGLengthContext const&) const
7   0x14bfef6a8 WebCore::SVGLength::valueForBindings()
8   0x14bfef614 WebCore::jsSVGLength_valueGetter(JSC::JSGlobalObject&, WebCore::JSSVGLength&)
9   0x14bf4f3f4 long long WebCore::IDLAttribute<WebCore::JSSVGLength>::get<&WebCore::jsSVGLength_valueGetter(JSC::JSGlobalObject&, WebCore::JSSVGLength&), (WebCore::CastedThisErrorBehavior)3>(JSC::JSGlobalObject&, long long, JSC::PropertyName)
10  0x14bf4f2c8 WebCore::jsSVGLength_value(JSC::JSGlobalObject*, long long, JSC::PropertyName)
11  0x1357efb64 WTF::FunctionPtr<(WTF::PtrTag)57072, long long (JSC::JSGlobalObject*, long long, JSC::PropertyName), (WTF::FunctionAttributes)1>::operator()(JSC::JSGlobalObject*, long long, JSC::PropertyName) const
12  0x135a57bd8 JSC::PropertySlot::customGetter(JSC::VM&, JSC::PropertyName) const
13  0x13420cc34 JSC::PropertySlot::getValue(JSC::JSGlobalObject*, JSC::PropertyName) const
14  0x134f0d1a8 JSC::JSValue::get(JSC::JSGlobalObject*, JSC::PropertyName, JSC::PropertySlot&) const
15  0x135556b20 JSC::LLInt::performLLIntGetByID(JSC::BytecodeIndex, JSC::CodeBlock*, JSC::JSGlobalObject*, JSC::JSValue, JSC::Identifier const&, JSC::GetByIdModeMetadata&)
16  0x135556920 llint_slow_path_get_by_id
17  0x13426d898 llint_entry
18  0x134261808 vmEntryToJavaScript
19  0x1353ae34c JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*,

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230722/12342da9/attachment.htm>

More information about the webkit-unassigned mailing list