[Webkit-unassigned] [Bug 47498] Crash while processing ill-formed SVG with cycles.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Oct 15 02:15:26 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=47498
--- Comment #8 from Nikolas Zimmermann <zimmermann at kde.org> 2010-10-15 02:15:25 PST ---
(From update of attachment 70819)
View in context: https://bugs.webkit.org/attachment.cgi?id=70819&action=review
> WebCore/rendering/SVGResources.cpp:166
> + RenderSVGResourceType resourceType = container->resourceType();
> + if (resourceType == PatternResourceType || resourceType == LinearGradientResourceType || resourceType == RadialGradientResourceType)
> + return container;
This is dangerous, if the type doesn't match, it will now set hasPendingResource to true, before returning 0.
It's not a pending resource, it's just wrong resource type. So should definately add a "return 0" right after the "return container" statement, in case the types don't match.
> WebCore/rendering/SVGResources.cpp:475
> + ASSERT(resourceType == FilterResourceType);
These asserts are really helpful, but there's no need to store them in a local variable, that would also save ossys suggestion to add ASSERT_UNUSED.
Just use ASSERT(filter->resourceType() == FilterResourceType).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list