[webkit-reviews] review granted: [Bug 52732] [CSS Gradients] Crash due to out-of-memory with repeating-linear-gradient and latter stop positioned before former : [Attachment 79472] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 19 13:21:09 PST 2011
Adam Roben (aroben) <aroben at apple.com> has granted Simon Fraser (smfr)
<simon.fraser at apple.com>'s request for review:
Bug 52732: [CSS Gradients] Crash due to out-of-memory with
repeating-linear-gradient and latter stop positioned before former
https://bugs.webkit.org/show_bug.cgi?id=52732
Attachment 79472: Patch
https://bugs.webkit.org/attachment.cgi?id=79472&action=review
------- Additional Comments from Adam Roben (aroben) <aroben at apple.com>
View in context: https://bugs.webkit.org/attachment.cgi?id=79472&action=review
> Source/WebCore/css/CSSGradientValue.cpp:240
> + float gradientRange = stops[numStops - 1].offset - stops[0].offset;
> + if (!gradientRange) {
> + stops[0].offset = 0;
> + stops[0].color = stops[numStops - 1].color;
> + stops.shrink(1);
> + numStops = 1;
I think using .first() and .last() would be clearer than [0] and [numStops -
1].
More information about the webkit-reviews
mailing list