[Webkit-unassigned] [Bug 11221] REGRESSION: iExploder crash due to style="cursor: url()"
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Oct 11 10:30:53 PDT 2006
http://bugs.webkit.org/show_bug.cgi?id=11221
------- Comment #7 from rwlbuis at gmail.com 2006-10-11 10:30 PDT -------
Hi Mitz,
(In reply to comment #6)
> (From update of attachment 11031 [edit])
> + list = new CSSValueList;
I clearly wasnt thinking :}
> This will allocate a new CSSValueList on every iteration through the loop,
> throwing away the previously allocated one.
See above :}
> I noticed that the current code leaks a CSSValueList in a couple of places. One
> of them this patch fixes, another one is here:
>
> if ((strict && !value) || (value && !(value->unit ==
> Value::Operator && value->iValue == ',')))
> return false;
Yep, the state after bug 6002 shows that there were some issues left in the
code. I guess the review should have been better, and I should have also
studied this (tricky) code better.
> (So for example, "cursor: url(cursor.png) ex" will leak a CSSValueList).
>
> if (strict || coords.size() == 0) {
>
> This code after this 'if' is insufficiently indented, please clean it up.
Ok.
> In WebCore/ChangeLog, please add a line noting the test that goes with your
> patch. The usual format is "Test: fast/css/invalid-cursor-property-crash.html",
> right after the bug summary.
Ok. Will try to make a new patch asap.
Cheers,
Rob.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list