[Webkit-unassigned] [Bug 26117] REGRESSION (r37381-r37442) : Reproducible crash viewing an SVG
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Sep 22 00:32:52 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=26117
Robin Qiu <robin.qiu at torchmobile.com.cn> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #39906| |review?
Flag| |
--- Comment #9 from Robin Qiu <robin.qiu at torchmobile.com.cn> 2009-09-22 00:32:52 PDT ---
Created an attachment (id=39906)
--> (https://bugs.webkit.org/attachment.cgi?id=39906)
patch to fix this bug
If there is a structure like this:
<g id="G">
<use id="A" ... >
<set> ... </set>
</use>
</g>
<use id="B" xlink:href="#G">
</use>
In SVGUseElement.cpp:builtInstanceTree(), when building instance tree for
<use>B, the <use>A will be handled twice, the result is that the instance tree
is incorrect (more nodes than expected). In later process, on these unwanted
nodes, associations with shadow tree is broken and this causes crash when they
are referred.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list