[webkit-reviews] review granted: [Bug 89148] Null-pointer crash when a derived color like -webkit-activelink is set in a gradient stop : [Attachment 153159] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jul 19 10:13:29 PDT 2012


Simon Fraser (smfr) <simon.fraser at apple.com> has granted
dstockwell at chromium.org's request for review:
Bug 89148: Null-pointer crash when a derived color like -webkit-activelink is
set in a gradient stop
https://bugs.webkit.org/show_bug.cgi?id=89148

Attachment 153159: Patch
https://bugs.webkit.org/attachment.cgi?id=153159&action=review

------- Additional Comments from Simon Fraser (smfr) <simon.fraser at apple.com>
View in context: https://bugs.webkit.org/attachment.cgi?id=153159&action=review


> Source/WebCore/css/CSSGradientValue.cpp:441
> +	   if
(StyleResolver::colorFromPrimitiveValueIsDerivedFromElement(stop.m_color.get())
)

Shame that we do this test here as well as in gradientWithStylesResolved().
Maybe we should just cache this state?

> Source/WebCore/css/StyleResolver.cpp:3372
> +		       if (item->isGradientValue()) {
> +			  
m_style->setContent(StyleGeneratedImage::create(static_cast<CSSGradientValue*>(
item)->gradientWithStylesResolved(this).get()), didSet);
> +			   didSet = true;
> +		       } else {
> +			  
m_style->setContent(StyleGeneratedImage::create(static_cast<CSSImageGeneratorVa
lue*>(item)), didSet);
> +			   didSet = true;
> +		       }

didSet is true for both branches, so not sure why you have to do that inside
the conditional.


More information about the webkit-reviews mailing list