[Webkit-unassigned] [Bug 12283] SVG wastes time in stringToLengthType, should use CSS parser (or atoms) instead
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jan 28 18:15:52 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=12283
darin at apple.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #12716|review? |review-
Flag| |
------- Comment #2 from darin at apple.com 2007-01-28 18:15 PDT -------
(From update of attachment 12716)
I think this code has a buffer overrun. It looks at ptr[1] without checking if
end is == ptr + 1.
Also, I think that String::endsWith should have a fast case for a char*
parameter that avoids creating a String. There's really no need to rewrite this
code to avoid allocating those String objects -- that should be fixed in the
String class.
This patch also changes behavior -- it adds a new "isWhitespace" check, and it
checks after the current ptr value rather than looking at the end of the string
-- the old code would allow arbitrary text between the number and the unit
type. The new code allows arbitrary text after the unit type. I'm not sure
either of these is correcet.
We need a test case showing the change in behavior and if possible,
systematically testing as many of the edge cases as possible.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list