[Webkit-unassigned] [Bug 15715] Nested XSL stylesheets can produce memory corruption

Tue Aug 5 18:16:50 PDT 2008

https://bugs.webkit.org/show_bug.cgi?id=15715

eric at webkit.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #22661|review?                     |review-
               Flag|                            |

------- Comment #17 from eric at webkit.org  2008-08-05 18:16 PDT -------
(From update of attachment 22661)
Looks good except...

Should use spaces, not tabs:
9298     bool m_stylesheetDocTaken;
 99     XSLStyleSheet* m_parentStyleSheet;

This needs a comment to explain why this is done:
+    if (parentStyleSheet()) {
+        xmlDictFree(ctxt->dict);
+        ctxt->dict = parentStyleSheet()->m_stylesheetDoc->dict;
+    }
Really the code could just use a comment or two in general to tell why we're
stuffing away this parent document pointer, and under which circumstances we
could ever stop...

Also, this needs a test case which demonstrates the crash.   Your test case
should work under run-webkit-tests and should crash before your patch and not
after your patch.

Thanks for the patch!

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.