[webkit-reviews] review requested: [Bug 22357] Crash when setting className via SVG className.baseVal : [Attachment 25970] Possible patch for issue 22357
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Dec 11 17:33:10 PST 2008
Glenn Wilson <gwilson at google.com> has asked for review:
Bug 22357: Crash when setting className via SVG className.baseVal
https://bugs.webkit.org/show_bug.cgi?id=22357
Attachment 25970: Possible patch for issue 22357
https://bugs.webkit.org/attachment.cgi?id=25970&action=review
------- Additional Comments from Glenn Wilson <gwilson at google.com>
>From what I could find, StyledElement::classAttributeChanged method would set
hasClass before checking for the existence of namedAttributeMap. So it was
possible to change the class attribute (via baseVal) without the
namedAttributeMap ever getting created. Later on, when CSSStyleSelector tries
to figure out which styles to apply, it finds that StyledElement says it has a
class set, but it has no mapped attributes! Barf.
This patch modifies StyledElement::classAttributeChanged to create the
namedAttributeMap if it doesn't exist, rather than just checking for its
existence. After all, if a StyledElement has its class attribute set, and the
class is *always* a mapped attribute, shouldn't it be guaranteed that
namedAttributeMap exists and is populated correctly?
I'm not sure if this is the right class to do this, since I don't know the
entire life cycle of namedAttributeMap. Should SVG elements automatically
create namedAttributeMap when they are created? Is there a better place to add
this behavior other than StyledElement?
More information about the webkit-reviews
mailing list