[Webkit-unassigned] [Bug 78700] SVG TRef/Use NULL ptr
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 15 05:31:36 PST 2012
https://bugs.webkit.org/show_bug.cgi?id=78700
--- Comment #1 from Nikolas Zimmermann <zimmermann at kde.org> 2012-02-15 05:31:36 PST ---
(In reply to comment #0)
> <<<snip>>>
> m_eventListener = SubtreeModificationEventListener::create(this, id);
> ASSERT(target->parentNode());
> target->parentNode()->addEventListener(eventNames().DOMSubtreeModifiedEvent, m_eventListener.get(), false);
> (*it) points to an SVGUseElement which doesn't have a shadowTreeElement, causing the NULL ptr.
Oh dear, apparently <tref> doesn't even check if the target is valid, just attaching its event listener. This is a bad idea. CC'ing Rob, who wrote the current <tref> implementation.
Reminds me of a similar <use> bug which is in the process of being fixed: white-list allowed targets, instead of black-listing disallowed ones.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list