[Webkit-unassigned] [Bug 30313] New: NULL ptr in SVGPathSegList::getPathSegAtLength()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 12 14:20:26 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=30313
Summary: NULL ptr in SVGPathSegList::getPathSegAtLength()
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Windows Vista
Status: NEW
Keywords: GoogleBug
Severity: Normal
Priority: P1
Component: SVG
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: skylined at chromium.org
CC: eric at webkit.org
Repro:
<SCRIPT>
SVGPathElement = document.createElementNS("http://www.w3.org/2000/svg",
"path");
SVGPathElement.pathSegList.initialize();
SVGPathElement.getPathSegAtLength(2699076708.473027);
</SCRIPT>
In the below code, "getItem(i, ec).get();" returns NULL, which is not handled
properly, so "segment->pathSegType()" gets called and a NULL ptr read exception
is thrown.
unsigned SVGPathSegList::getPathSegAtLength(double)
{
// FIXME : to be useful this will need to support non-normalized
SVGPathSegLists
ExceptionCode ec = 0;
int len = numberOfItems();
// FIXME: Eventually this will likely move to a "path applier"-like model,
until then PathTraversalState is less useful as we could just use locals
PathTraversalState
traversalState(PathTraversalState::TraversalSegmentAtLength);
for (int i = 0; i < len; ++i) {
SVGPathSeg* segment = getItem(i, ec).get();
float segmentLength = 0;
switch (segment->pathSegType()) {
<snip>
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list