[Webkit-unassigned] [Bug 33269] Improve HTMLElement::tagPriority()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 6 16:15:28 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=33269
--- Comment #6 from Darin Adler <darin at apple.com> 2010-01-06 16:15:28 PST ---
(In reply to comment #4)
> (In reply to comment #3)
> > Is there a guarantee that localName().impl() is never 0?
>
> I think so for the current code though there is no ASSERTION for it.
> However, 0 makes no problems because the HashMap key is AtomicStringImpl*. The
> generic PtrHash is used and tagPriorityMap.get(0) simply returns emptyValue().
That's not true.
If you call tagPriorityMap.get(0) there’s a chance that you could get an
uninitialized value from an empty hash table entry. There is no special check
for the empty value and if the value you pass hashes to a slot that has a 0 in
it, then it will return the value in that slot.
It is *not* safe to call get(0).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list