[Webkit-unassigned] [Bug 44610] Malformed SVG causes crash in updateContainerOffset
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 5 00:43:05 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=44610
Dirk Schulze <krit at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #77978|review?, commit-queue? |review-, commit-queue-
Flag| |
--- Comment #15 from Dirk Schulze <krit at webkit.org> 2011-01-05 00:43:05 PST ---
(From update of attachment 77978)
View in context: https://bugs.webkit.org/attachment.cgi?id=77978&action=review
just a snippet
> WebCore/svg/SVGUseElement.cpp:726
> - handleDeepUseReferencing(static_cast<SVGUseElement*>(target), targetInstance, foundProblem);
> + if (targetHasUseTag && newTarget) {
> + RefPtr<SVGElementInstance> newInstance = SVGElementInstance::create(this, newTarget);
> + SVGElementInstance* newInstancePtr = newInstance.get();
> + targetInstance->appendChild(newInstance.release());
> + buildInstanceTree(newTarget, newInstancePtr, foundProblem);
> + }
should be
if (!targetHasUseTag || !newTarget)
return;
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list