[webkit-reviews] review requested: [Bug 26117] REGRESSION (r37381-r37442) : Reproducible crash viewing an SVG : [Attachment 39906] patch to fix this bug
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Sep 22 00:32:52 PDT 2009
Robin Qiu <robin.qiu at torchmobile.com.cn> has asked for review:
Bug 26117: REGRESSION (r37381-r37442) : Reproducible crash viewing an SVG
https://bugs.webkit.org/show_bug.cgi?id=26117
Attachment 39906: patch to fix this bug
https://bugs.webkit.org/attachment.cgi?id=39906&action=review
------- Additional Comments from Robin Qiu <robin.qiu at torchmobile.com.cn>
If there is a structure like this:
<g id="G">
<use id="A" ... >
<set> ... </set>
</use>
</g>
<use id="B" xlink:href="#G">
</use>
In SVGUseElement.cpp:builtInstanceTree(), when building instance tree for
<use>B, the <use>A will be handled twice, the result is that the instance tree
is incorrect (more nodes than expected). In later process, on these unwanted
nodes, associations with shadow tree is broken and this causes crash when they
are referred.
More information about the webkit-reviews
mailing list