<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - Crash when appending an SVG <use> element dynamically which has animated SVG <path> element"
href="https://bugs.webkit.org/show_bug.cgi?id=146690#c2">Comment # 2</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - Crash when appending an SVG <use> element dynamically which has animated SVG <path> element"
href="https://bugs.webkit.org/show_bug.cgi?id=146690">bug 146690</a>
from <span class="vcard"><a class="email" href="mailto:sabouhallawa@apple.com" title="Said Abou-Hallawa <sabouhallawa@apple.com>"> <span class="fn">Said Abou-Hallawa</span></a>
</span></b>
<pre>I was wring about the above call stack. It is just an assertion call stack. But if we comment all the assertion in SVGAnimatedListPropertyTearOff::animValDidChange() and VGAnimatedPathSegListPropertyTearOff::animValDidChange() we get the following crashing call stack which we should hit in a release build:
#0 0x00000001072a2360 in WebCore::SVGListProperty<WebCore::SVGPathSegList>::values() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/svg/properties/SVGListProperty.h:434
#1 0x00000001072a43bd in WebCore::SVGAnimatedListPropertyTearOff<WebCore::SVGPathSegList>::synchronizeWrappersIfNeeded() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/svg/properties/SVGAnimatedListPropertyTearOff.h:134
#2 0x00000001072a4715 in WebCore::SVGAnimatedListPropertyTearOff<WebCore::SVGPathSegList>::animValDidChange() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/svg/properties/SVGAnimatedListPropertyTearOff.h:153
#3 0x00000001072a40c6 in WebCore::SVGAnimatedPathSegListPropertyTearOff::animValDidChange() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:101
#4 0x00000001072a3e87 in void WebCore::SVGAnimatedTypeAnimator::executeAction<WebCore::SVGAnimatedPathSegListPropertyTearOff>(WebCore::SVGAnimatedTypeAnimator::AnimationAction, WTF::Vector<WebCore::SVGElementAnimatedProperties, 0ul, WTF::CrashOnOverflow, 16ul> const&, unsigned int, WebCore::SVGAnimatedPathSegListPropertyTearOff::ContentType*) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/svg/SVGAnimatedTypeAnimator.h:214
#5 0x00000001072a16c7 in void WebCore::SVGAnimatedTypeAnimator::animValDidChangeForType<WebCore::SVGAnimatedPathSegListPropertyTearOff>(WTF::Vector<WebCore::SVGElementAnimatedProperties, 0ul, WTF::CrashOnOverflow, 16ul> const&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/svg/SVGAnimatedTypeAnimator.h:100
#6 0x00000001072a0288 in WebCore::SVGAnimatedPathAnimator::animValDidChange(WTF::Vector<WebCore::SVGElementAnimatedProperties, 0ul, WTF::CrashOnOverflow, 16ul> const&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/svg/SVGAnimatedPath.cpp:85
#7 0x00000001072b828c in WebCore::SVGAnimateElementBase::resetAnimatedType() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/svg/SVGAnimateElementBase.cpp:215
#8 0x000000010739fb9f in WebCore::SVGSMILElement::progress(WebCore::SMILTime, WebCore::SVGSMILElement*, bool) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/svg/animation/SVGSMILElement.cpp:1098
#9 0x00000001071352cb in WebCore::SMILTimeContainer::updateAnimations(WebCore::SMILTime, bool) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/svg/animation/SMILTimeContainer.cpp:288
#10 0x000000010713430b in WebCore::SMILTimeContainer::timerFired() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/svg/animation/SMILTimeContainer.cpp:217
#11 0x0000000107138378 in decltype(*(std::__1::forward<WebCore::SMILTimeContainer*&>(fp0)).*fp(std::__1::forward<>(fp1))) std::__1::__invoke<void (WebCore::SMILTimeContainer::*&)(), WebCore::SMILTimeContainer*&, void>(void (WebCore::SMILTimeContainer::*&&&)(), WebCore::SMILTimeContainer*&&&) [inlined] at /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.11.xctoolchain/usr/bin/../include/c++/v1/__functional_base:382
#12 0x00000001071382f2 in std::__1::__bind_return<void (WebCore::SMILTimeContainer::*)(), std::__1::tuple<WebCore::SMILTimeContainer*>, std::__1::tuple<>, _is_valid_bind_return<void (WebCore::SMILTimeContainer::*)(), std::__1::tuple<WebCore::SMILTimeContainer*>, std::__1::tuple<> >::value>::type std::__1::__apply_functor<void (WebCore::SMILTimeContainer::*)(), std::__1::tuple<WebCore::SMILTimeContainer*>, 0ul, std::__1::tuple<> >(void (WebCore::SMILTimeContainer::*&)(), std::__1::tuple<WebCore::SMILTimeContainer*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) [inlined] at /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.11.xctoolchain/usr/bin/../include/c++/v1/functional:2060
#13 0x00000001071382ca in std::__1::__bind_return<void (WebCore::SMILTimeContainer::*)(), std::__1::tuple<WebCore::SMILTimeContainer*>, std::__1::tuple<>, _is_valid_bind_return<void (WebCore::SMILTimeContainer::*)(), std::__1::tuple<WebCore::SMILTimeContainer*>, std::__1::tuple<> >::value>::type std::__1::__bind<void (WebCore::SMILTimeContainer::*&)(), WebCore::SMILTimeContainer*>::operator()<>() [inlined] at /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.11.xctoolchain/usr/bin/../include/c++/v1/functional:2123
#14 0x00000001071382ab in decltype(std::__1::forward<std::__1::__bind<void (WebCore::SMILTimeContainer::*&)(), WebCore::SMILTimeContainer*>&>(fp)(std::__1::forward<>(fp0))) std::__1::__invoke<std::__1::__bind<void (WebCore::SMILTimeContainer::*&)(), WebCore::SMILTimeContainer*>&>(std::__1::__bind<void (WebCore::SMILTimeContainer::*&)(), WebCore::SMILTimeContainer*>&&&) [inlined] at /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.11.xctoolchain/usr/bin/../include/c++/v1/__functional_base:415
#15 0x00000001071382a0 in void std::__1::__invoke_void_return_wrapper<void>::__call<std::__1::__bind<void (WebCore::SMILTimeContainer::*&)(), WebCore::SMILTimeContainer*>&>(std::__1::__bind<void (WebCore::SMILTimeContainer::*&)(), WebCore::SMILTimeContainer*>&&&) at /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.11.xctoolchain/usr/bin/../include/c++/v1/__functional_base:440
#16 0x000000010713824c in std::__1::__function::__func<std::__1::__bind<void (WebCore::SMILTimeContainer::*&)(), WebCore::SMILTimeContainer*>, std::__1::allocator<std::__1::__bind<void (WebCore::SMILTimeContainer::*&)(), WebCore::SMILTimeContainer*> >, void ()>::operator()() at /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.11.xctoolchain/usr/bin/../include/c++/v1/functional:1407
#17 0x000000010542e24a in std::__1::function<void ()>::operator()() const at /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.11.xctoolchain/usr/bin/../include/c++/v1/functional:1793
#18 0x000000010542e16c in WebCore::Timer::fired() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/platform/Timer.h:133
#19 0x0000000107470aba in WebCore::ThreadTimers::sharedTimerFiredInternal() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/platform/ThreadTimers.cpp:132
#20 0x0000000107470779 in WebCore::ThreadTimers::sharedTimerFired() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/platform/ThreadTimers.cpp:107
#21 0x000000010711f8e2 in WebCore::timerFired(__CFRunLoopTimer*, void*) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/platform/cf/SharedTimerCF.cpp:82</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>