[Webkit-unassigned] [Bug 15306] Animated Halloween card trips ASSERT in <use> code

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Sep 30 06:52:21 PDT 2007


------- Comment #3 from rwlbuis at gmail.com  2007-09-30 06:52 PDT -------
Hi Eric,

(In reply to comment #2)
> (From update of attachment 16458 [edit])
> I'm not sure I fully understand this fix.  I also worry (entirely due to my
> lack of understanding) if this change could introduce a cyclic <use> crash
> (i.e. make it possible to make an SVG to overflow the stack using your new
> code).

The idea is that when we are expanding <use> in the shadow tree we do that now
by cloning the <use> referenced content and replacing the <use> with the clone.
However we forget that the <use> can have children, and these are lost when we
do the replace! That is what the patch tries to fix.
The referencing could go wrong maybe if the svg is illegal, ie. the <use> can
only have desc or anim stuff as children. In an illegal <use> there could be a
<use> as child, I don't think we check that very well. Let me know if I should
investigate such an illegal svg, maybe its better...


Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list