[Webkit-unassigned] [Bug 18971] Crash on sierpinski svg
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat May 24 23:35:38 PDT 2008
http://bugs.webkit.org/show_bug.cgi?id=18971
------- Comment #4 from rwlbuis at gmail.com 2008-05-24 23:35 PDT -------
Hi Darin,
(In reply to comment #3)
> (From update of attachment 21053 [edit])
> + Node *cloneParentPtr = cloneParent.get();
>
> There's no guaranteed that this node won't go away due to DOM mutation code.
> The local variable needs to be a RefPtr. And the result needs to be a
> PassRefPtr<Node>, not a raw Node* pointer.
>
> The test case should be included in the patch, too.
I would love to include it in the patch, but am worried about copyrights.
I mailed the owner, but got no reply. I'll create a similar testcase that also
causes a crash due to the broad and deep use hierarchy but represent some
random
image instead of sierpinsky. I'll include that in the patch along with a fix
for the above.
Cheers,
Rob.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list