[webkit-reviews] review granted: [Bug 89148] Null-pointer crash when a derived color like -webkit-activelink is set in a gradient stop : [Attachment 153159] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jul 19 10:13:29 PDT 2012
Simon Fraser (smfr) <simon.fraser at apple.com> has granted
dstockwell at chromium.org's request for review:
Bug 89148: Null-pointer crash when a derived color like -webkit-activelink is
set in a gradient stop
https://bugs.webkit.org/show_bug.cgi?id=89148
Attachment 153159: Patch
https://bugs.webkit.org/attachment.cgi?id=153159&action=review
------- Additional Comments from Simon Fraser (smfr) <simon.fraser at apple.com>
View in context: https://bugs.webkit.org/attachment.cgi?id=153159&action=review
> Source/WebCore/css/CSSGradientValue.cpp:441
> + if
(StyleResolver::colorFromPrimitiveValueIsDerivedFromElement(stop.m_color.get())
)
Shame that we do this test here as well as in gradientWithStylesResolved().
Maybe we should just cache this state?
> Source/WebCore/css/StyleResolver.cpp:3372
> + if (item->isGradientValue()) {
> +
m_style->setContent(StyleGeneratedImage::create(static_cast<CSSGradientValue*>(
item)->gradientWithStylesResolved(this).get()), didSet);
> + didSet = true;
> + } else {
> +
m_style->setContent(StyleGeneratedImage::create(static_cast<CSSImageGeneratorVa
lue*>(item)), didSet);
> + didSet = true;
> + }
didSet is true for both branches, so not sure why you have to do that inside
the conditional.
More information about the webkit-reviews
mailing list