<html>
    <head>
      <base href="https://bugs.webkit.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Calling SVGAnimatedPropertyTearOff::animationEnded() will crash if the SVG property is not animating"
   href="https://bugs.webkit.org/show_bug.cgi?id=156549">156549</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Calling SVGAnimatedPropertyTearOff::animationEnded() will crash if the SVG property is not animating
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>WebKit
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>WebKit Nightly Build
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Unspecified
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Unspecified
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>Normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P2
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>SVG
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>webkit-unassigned&#64;lists.webkit.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>sabouhallawa&#64;apple.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>zimmermann&#64;kde.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>There is no repro steps or a test case for this crash but there is this call stack: 

0   WebCore                           0x0000000186b76e9c void WebCore::SVGAnimatedTypeAnimator::executeAction&lt;WebCore::SVGAnimatedPropertyTearOff&lt;WebCore::SVGLength&gt; &gt;(WebCore::SVGAnimatedTypeAnimator::AnimationAction, WTF::Vector&lt;WebCore::SVGElementAnimatedProperties, 0ul, WTF::CrashOnOverflow, 16ul&gt; const&amp;, unsigned int, WebCore::SVGAnimatedPropertyTearOff&lt;WebCore::SVGLength&gt;::ContentType*) + 132 (SVGAnimatedPropertyTearOff.h:93)
1   WebCore                           0x0000000186b76e5c void WebCore::SVGAnimatedTypeAnimator::executeAction&lt;WebCore::SVGAnimatedPropertyTearOff&lt;WebCore::SVGLength&gt; &gt;(WebCore::SVGAnimatedTypeAnimator::AnimationAction, WTF::Vector&lt;WebCore::SVGElementAnimatedProperties, 0ul, WTF::CrashOnOverflow, 16ul&gt; const&amp;, unsigned int, WebCore::SVGAnimatedPropertyTearOff&lt;WebCore::SVGLength&gt;::ContentType*) + 68 (SVGAnimatedTypeAnimator.h:192)
2   WebCore                           0x0000000186b8096c WebCore::SVGAnimateElementBase::clearAnimatedType(WebCore::SVGElement*) + 728 (SVGAnimateElementBase.cpp:326)
3   WebCore                           0x0000000186c00068 WebCore::SVGSMILElement::setTargetElement(WebCore::SVGElement*) + 120 (SVGSMILElement.cpp:599)
4   WebCore                           0x0000000186b85b9c WebCore::SVGAnimationElement::setTargetElement(WebCore::SVGElement*) + 28 (SVGAnimationElement.cpp:685)
5   WebCore                           0x0000000186b810f4 WebCore::SVGAnimateElementBase::setTargetElement(WebCore::SVGElement*) + 20 (SVGAnimateElementBase.cpp:420)
6   WebCore                           0x0000000186b8ff08 WebCore::SVGDocumentExtensions::clearTargetDependencies(WebCore::SVGElement&amp;) + 216 (SVGElement.h:155)
7   WebCore                           0x0000000186b92814 WebCore::SVGElement::removedFrom(WebCore::ContainerNode&amp;) + 92 (SVGElement.cpp:395)
8   WebCore                           0x0000000186145e8c void WebCore::Private::addChildNodesToDeletionQueue&lt;WebCore::Node, WebCore::ContainerNode&gt;(WebCore::Node*&amp;, WebCore::Node*&amp;, WebCore::ContainerNode&amp;) + 208 (ContainerNodeAlgorithms.h:233)
9   WebCore                           0x0000000185f314f8 WebCore::ContainerNode::removeDetachedChildren() + 132 (ContainerNodeAlgorithms.h:103)
10  WebCore                           0x0000000186221874 WebCore::Document::removedLastRef() + 336 (Document.cpp:680)
11  JavaScriptCore                    0x0000000185b3abc8 0x00000001856ac000 + 4778952
12  JavaScriptCore                    0x00000001859eb230 JSC::IncrementalSweeper::sweepNextBlock() + 104 (IncrementalSweeper.cpp:91)
13  JavaScriptCore                    0x00000001856c1dd4 JSC::IncrementalSweeper::doSweep(double) + 40 (IncrementalSweeper.cpp:69)
14  JavaScriptCore                    0x00000001856bd550 JSC::HeapTimer::timerDidFire(__CFRunLoopTimer*, void*) + 220 (HeapTimer.cpp:100)
15  CoreFoundation                    0x0000000181fe5834 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 28 (CFRunLoop.c:1628)
16  CoreFoundation                    0x0000000181fe54d8 __CFRunLoopDoTimer + 884 (CFRunLoop.c:2167)
17  CoreFoundation                    0x0000000181fe2bec __CFRunLoopRun + 1520 (CFRunLoop.c:2306)
18  CoreFoundation                    0x0000000181f0ce80 CFRunLoopRunSpecific + 384 (CFRunLoop.c:2814)
19  Foundation                        0x000000018291ccfc -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 308 (NSRunLoop.m:366)
20  Foundation                        0x0000000182972030 -[NSRunLoop(NSRunLoop) run] + 88 (NSRunLoop.m:388)
21  libxpc.dylib                      0x0000000181cd0c64 _xpc_objc_main + 660 (main.m:181)
22  libxpc.dylib                      0x0000000181cd29dc xpc_main + 200 (init.c:1439)
23  com.apple.WebKit.WebContent       0x00000001000e3924 main + 56 (XPCServiceMain.mm:89)
24  libdyld.dylib                     0x0000000181aaa8b8 start + 4 (start_glue.s:78)</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>