[webkit-reviews] review requested: [Bug 47498] Crash while processing ill-formed SVG with cycles. : [Attachment 70819] First attempt to fix
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 14 19:11:02 PDT 2010
Cosmin Truta <ctruta at chromium.org> has asked for review:
Bug 47498: Crash while processing ill-formed SVG with cycles.
https://bugs.webkit.org/show_bug.cgi?id=47498
Attachment 70819: First attempt to fix
https://bugs.webkit.org/attachment.cgi?id=70819&action=review
------- Additional Comments from Cosmin Truta <ctruta at chromium.org>
I'm submitting this patch to ask for review and advice only, without a test, a
ChangeLog entry, or an intention to commit.
I am checking the resource type inside paintingResourceFromSVGPaint, instead of
doing this inside buildCachedResources. The other alternative would have
required doing the same check, two times: once for fill, and once for stroke.
The patch also contains a series of ASSERT's that I consider useful.
But this seems not to be sufficient, as the code still crashes inside
RenderInline::layout. I'm probably missing a node that should be set to NULL,
but I don't know where exactly should I do that. Since the filter has been
invalidated, nothing should be rendered. I think there are some children at a
point where shouldn't be.
It is worth mentioning that the crash after applying the patch is the same,
regardless what attribute (clip=, fill=, mask=, stroke=) is being used.
I believe the patch that I'm submitting does solve the initialization issue
discussed in comment #2, but there is another lingering issue that's causing
grief. I also believe that the fix to do for the remaining issue will resolve
the behavior of all of these attributes.
More information about the webkit-reviews
mailing list