[Webkit-unassigned] [Bug 64104] SVG animation API crashes on SVGAnimateTransform
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jul 14 06:53:35 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=64104
--- Comment #6 from Nikolas Zimmermann <zimmermann at kde.org> 2011-07-14 06:53:35 PST ---
(In reply to comment #5)
> (From update of attachment 100724 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=100724&action=review
>
> Patch looks great, still some questions before I can set r+/r-:
>
> >> Source/WebCore/svg/SVGAnimateTransformElement.cpp:124
> >> + return static_cast<SVGStyledTransformableElement*>(element)->transformAnimated();
> >
> > we don't want to have animVal but baseVal here.
>
> This is not related. "fooAnimated()" gives back an SVGAnimatedProperty which holds both animVal and baseVal.
>
> > Source/WebCore/svg/SVGAnimateTransformElement.cpp:154
> > + if (RefPtr<SVGAnimatedTransformList> list = animatedTransformListFor(targetElement)) {
> > + list->detachListWrappers(0);
> > + list->values().clear();
> > + }
>
> This is just fine as-is. When we support animVal, we want to clear only the anim val wrappers and list here, not the baseVal.
>
> > Source/WebCore/svg/SVGAnimateTransformElement.cpp:173
> > + if (!isAdditive()) {
> > + animatedList->detachListWrappers(0);
> > + animatedList->values().clear();
> > + }
>
> Ditto.
>
> > Source/WebCore/svg/SVGAnimateTransformElement.cpp:178
> > + animatedList->wrappers().append(static_cast<WebCore::SVGPropertyTearOff<SVGTransform> *>(0));
>
> Why is passing 0 safe here?
Self-reply: passing 0 is correct, as the wrapper only comes to existance if it's used from JS. If it's not used no wrapper will ever be created - though the wrapper list size must always be equal to the values list size, so what you're doing is correct. Doesn't animatedList->wrappers().append(nullptr) work the same?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list