[webkit-reviews] review denied: [Bug 62147] Use styling test from ietestcenter fails : [Attachment 97595] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jun 17 07:44:12 PDT 2011
Nikolas Zimmermann <zimmermann at kde.org> has denied Rob Buis
<rwlbuis at gmail.com>'s request for review:
Bug 62147: Use styling test from ietestcenter fails
https://bugs.webkit.org/show_bug.cgi?id=62147
Attachment 97595: Patch
https://bugs.webkit.org/attachment.cgi?id=97595&action=review
------- Additional Comments from Nikolas Zimmermann <zimmermann at kde.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=97595&action=review
> Source/WebCore/svg/SVGUseElement.cpp:1078
> + element->setCorrespondingElement(originalElement);
As discussed on IRC, this is very dangerous. No one clears the corresponding
element, this is likely a source of dangling pointer crashes, if
'originalElement' dies and someone calls element->styleForRenderer() on the
'element' (which is the shadow tree element).
More information about the webkit-reviews
mailing list