[Webkit-unassigned] [Bug 17771] New: SVGImage accesses m_frame w/o checking for NULL

Tue Mar 11 09:34:35 PDT 2008

http://bugs.webkit.org/show_bug.cgi?id=17771

           Summary: SVGImage accesses m_frame w/o checking for NULL
           Product: WebKit
           Version: 525+ (Nightly build)
          Platform: PC
               URL: http://www.trilulilu.ro/audio/cele-mai-recente/
        OS/Version: Mac OS X 10.5
            Status: NEW
          Keywords: NeedsReduction
          Severity: Normal
          Priority: P2
         Component: SVG
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: eric at webkit.org

SVGImage accesses m_frame w/o checking for NULL

I don't know how to get real crashlogs out of this machine (I'm on windows for
the moment).  But the top of the stack was something like this:

Frame::document()
SVGImage::hasRelativeWidth()
RenderImage::calcReplacedWidth()
RenderImage::calcPrefWidths()
RenderBox::minPrefWidth()

Looking at SVGImage.cpp it's clear we have many instances of un-guarded usage
of m_frame.  I'm sure there are other crashes like this to be found.

We'll need to create a reduction (by staring @ the SVGImage source code)

-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.