[webkit-reviews] review requested: [Bug 33012] Marker code is buggy: referencePoint translation is off : [Attachment 45984] Updated patch v5
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 6 13:12:43 PST 2010
Nikolas Zimmermann <zimmermann at kde.org> has asked for review:
Bug 33012: Marker code is buggy: referencePoint translation is off
https://bugs.webkit.org/show_bug.cgi?id=33012
Attachment 45984: Updated patch v5
https://bugs.webkit.org/attachment.cgi?id=45984&action=review
------- Additional Comments from Nikolas Zimmermann <zimmermann at kde.org>
Okay, found the real cause of the marker problems. A bug in SVGUseElement: need
to detach() the shadow tree root element, before destructing it. Otherwhise
we'll end up calling into Render* code, that tries to access SVG*Element
objects, while those objects are being destructed. The bug only appears for the
shadow tree root element, as it does not live in a Document, thus no one holds
a RefPtr to it, all other regular nodes living in a Document are not affected.
As we attach() the tree manually, we allso have to detach() manually. This also
removes several hacks, about calling detach() from the
SVGSVGElement/SVGMarkerElement destructor.
Tested with from-scratch release & debug builds. I can not reproduce any
crashes/hangs/whatever anymore, should be safe. Builds on gtk/qt/win/mac &
chromium, as the previous landing have shown. This patch also includes a new
layout test, covering more marker stuff. Have fun reviewing :-)
More information about the webkit-reviews
mailing list