[webkit-reviews] review denied: [Bug 11221] REGRESSION: iExploder
crash due to style="cursor: url()" : [Attachment 11031] Now
with testcase
bugzilla-request-daemon at macosforge.org
bugzilla-request-daemon at macosforge.org
Wed Oct 11 05:28:45 PDT 2006
mitz at webkit.org has denied mitz at webkit.org's request for review:
Bug 11221: REGRESSION: iExploder crash due to style="cursor: url()"
http://bugs.webkit.org/show_bug.cgi?id=11221
Attachment 11031: Now with testcase
http://bugs.webkit.org/attachment.cgi?id=11031&action=edit
------- Additional Comments from mitz at webkit.org
+ list = new CSSValueList;
This will allocate a new CSSValueList on every iteration through the loop,
throwing away the previously allocated one.
I noticed that the current code leaks a CSSValueList in a couple of places. One
of them this patch fixes, another one is here:
if ((strict && !value) || (value && !(value->unit ==
Value::Operator && value->iValue == ',')))
return false;
(So for example, "cursor: url(cursor.png) ex" will leak a CSSValueList).
if (strict || coords.size() == 0) {
This code after this 'if' is insufficiently indented, please clean it up.
In WebCore/ChangeLog, please add a line noting the test that goes with your
patch. The usual format is "Test: fast/css/invalid-cursor-property-crash.html",
right after the bug summary.
More information about the webkit-reviews
mailing list