[Webkit-unassigned] [Bug 15715] Nested XSL stylesheets can produce memory corruption

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 31 17:31:57 PDT 2008 

https://bugs.webkit.org/show_bug.cgi?id=15715


pam at chromium.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #22944|0                           |1
        is obsolete|                            |
         AssignedTo|webkit-                     |pam at chromium.org
                   |unassigned at lists.webkit.org |
             Status|NEW                         |ASSIGNED
  Attachment #24827|                            |review?
               Flag|                            |




------- Comment #25 from pam at chromium.org  2008-10-31 17:31 PDT -------
Created an attachment (id=24827)
 --> (https://bugs.webkit.org/attachment.cgi?id=24827&action=view)
Patch addressing Darin's comments

Jonathan was working on Chromium but has since been called to work on some
other things.  I'm taking over getting his patch finished up.

> Mark Rowe requested a regression test; I'd like to see the patch include one.

Added.

> Since parentStyleSheet() is never used outside the XSLStyleSheet class, I don't
> think we need to define a function.

Removed.

> What guarantees that m_parentStyleSheet is not left pointing to a deleted
> object?

Sorry, I don't know this code that well; I'm just working with the patch and
tests.  If it's a concern, I'll ask Jonathan to weigh in.

> +    void setParentStyleSheet(XSLStyleSheet* parent) {
> +       m_parentStyleSheet = parent; 
> +       if (parent)
> +          setOwnerDocument(parent->ownerDocument());
> +    }
> 
> The opening brace is supposed to go on a separate line. This function is also
> getting long enough that it might be better to not put it inline.

Style fixed and method out-lined.

> Are there any callers left for XSLStyleSheet::setOwnerDocument()? If not,
> perhaps we should remove it.

Removed.


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list