[Webkit-unassigned] [Bug 198038] hitTest on a SVG zero-width rect with rounded corners crashes WebKit
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon May 20 18:09:37 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=198038
Said Abou-Hallawa <sabouhallawa at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |DUPLICATE
--- Comment #3 from Said Abou-Hallawa <sabouhallawa at apple.com> ---
Yes I believe this bug was fixed by <https://trac.webkit.org/changeset/243845>.
In the scenario of this bug RenderSVGShape::nodeAtFloatPoint() calls RenderSVGShape::fillContains() which calls RenderSVGRect::shapeDependentFillContains(). This last function checks the value of m_usePathFallback. If it is true, it calls Path::contains() via RenderSVGShape::shapeDependentFillContains().
Before r243845, m_usePathFallback could be set to true while m_path is null. After r243845, if m_usePathFallback is true, m_path has to be a valid pointer.
The crash log shows that the webkit build is 13607 (13607.2.6.1.2). I think is corresponds to safari-607.2.6.2-branch or very close to it. I checked this branch and it does not have r243845.
So I assume this is a duplicate of https://bugs.webkit.org/show_bug.cgi?id=196518.
*** This bug has been marked as a duplicate of bug 196518 ***
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190521/37c3ca93/attachment.html>
More information about the webkit-unassigned
mailing list