27693 2009-07-26 12:16:20 -0700 Crash with DOM manipulation of <use> elements 2009-09-28 06:35:51 -0700 1 1 1 Unclassified WebKit SVG 528+ (Nightly build) Mac (Intel) OS X 10.5 RESOLVED FIXED P2 Normal --- 0 dankna webkit-unassigned charles.wei commit-queue staikos zimmermann oldest_to_newest 134827 0 33514 dankna 2009-07-26 12:16:20 -0700 Created attachment 33514 Causes a crash I have produced the attached file, which reproduces the crash for me here. The issue appears to be triggered when a <use> element is added via DOM that references an ID that doesn't exist. 134831 1 staikos 2009-07-26 14:25:20 -0700 Unable to reproduce @46406 150365 2 40189 charles.wei 2009-09-27 00:30:08 -0700 Created attachment 40189 patch that fixes crash caused by using a symbol that doesn't exist When a symbol that was referenced by a <use> does not exist, the SVGUseElement doesn't bother to build the instance tree and shadow tree in SVGUseElement::buildPendingResource(). Thus in : static bool shadowTreeContainsChangedNodes(SVGElementInstance* target) we should first check if target exists, if target is NULL, we just return false. 150496 3 40189 zimmermann 2009-09-28 06:19:20 -0700 Comment on attachment 40189 patch that fixes crash caused by using a symbol that doesn't exist Looks good. r=me. 150499 4 40189 commit-queue 2009-09-28 06:35:47 -0700 Comment on attachment 40189 patch that fixes crash caused by using a symbol that doesn't exist Clearing flags on attachment: 40189 Committed r48810: <http://trac.webkit.org/changeset/48810> 150500 5 commit-queue 2009-09-28 06:35:51 -0700 All reviewed patches have been landed. Closing bug. 33514 2009-07-26 12:16:20 -0700 2009-07-26 12:16:20 -0700 Causes a crash crash.svg image/svg+xml 482 dankna PD94bWwgdmVyc2lvbj0iMS4xIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB4bWxuczpzdmc9Imh0 dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9z dmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIx LjEiIHdpZHRoPSI4MDBweCIgaGVpZ2h0PSI4MDBweCIgb25sb2FkPSJjcmFzaCgpOyI+PHNjcmlw dCB0eXBlPSJhcHBsaWNhdGlvbi9lY21hc2NyaXB0Ij4KZnVuY3Rpb24gY3Jhc2goKSB7CiAgdmFy IGNlbGwgPSBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnZm9vJyk7CiAgdmFyIHBhcmVudCA9IGNl bGwucGFyZW50Tm9kZTsKICBjZWxsLnBhcmVudE5vZGUucmVtb3ZlQ2hpbGQoY2VsbCk7CiAgcGFy ZW50LmFwcGVuZENoaWxkKGNlbGwpOwp9Cjwvc2NyaXB0Pjx1c2UgaWQ9ImZvbyIgeGxpbms6aHJl Zj0iI2RvZXNOb3RFeGlzdCIvPjwvc3ZnPgo= 40189 2009-09-27 00:30:08 -0700 2009-09-28 06:35:46 -0700 patch that fixes crash caused by using a symbol that doesn't exist 27693.patch text/plain 3515 charles.wei SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA0ODc5NykKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTUgQEAKKzIwMDktMDktMjcgIENoYXJsZXMgV2VpICA8Y2hhcmxlcy53ZWlAdG9y Y2htb2JpbGUuY29tLmNuPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgor CisgICAgICAgIEZpeCB0aGUgY3Jhc2ggb2YgU1ZHIHRoYXQgY3Jhc2hlcyB3aGVuIHVzZSBhIG5v bi1leGlzdCBzeW1ib2wKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcu Y2dpP2lkPTI3NjkzCisKKyAgICAgICAgVGVzdDogc3ZnL2N1c3RvbS91c2Utbm9uLWV4aXN0aW5n LXN5bWJvbC1jcmFzaC5zdmcKKworICAgICAgICAqIHN2Zy9TVkdVc2VFbGVtZW50LmNwcDoKKyAg ICAgICAgKFdlYkNvcmU6OnNoYWRvd1RyZWVDb250YWluc0NoYW5nZWROb2Rlcyk6CisKIDIwMDkt MDktMjYgIFBhdmVsIEZlbGRtYW4gIDxwZmVsZG1hbkBjaHJvbWl1bS5vcmc+CiAKICAgICAgICAg UmV2aWV3ZWQgYnkgVGltb3RoeSBIYXRjaGVyLgpJbmRleDogV2ViQ29yZS9zdmcvU1ZHVXNlRWxl bWVudC5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PQotLS0gV2ViQ29yZS9zdmcvU1ZHVXNlRWxlbWVudC5jcHAJKHJl dmlzaW9uIDQ4Nzk2KQorKysgV2ViQ29yZS9zdmcvU1ZHVXNlRWxlbWVudC5jcHAJKHdvcmtpbmcg Y29weSkKQEAgLTEsNiArMSw3IEBACiAvKgogICAgIENvcHlyaWdodCAoQykgMjAwNCwgMjAwNSwg MjAwNiwgMjAwNywgMjAwOCBOaWtvbGFzIFppbW1lcm1hbm4gPHppbW1lcm1hbm5Aa2RlLm9yZz4K ICAgICAgICAgICAgICAgICAgIDIwMDQsIDIwMDUsIDIwMDYsIDIwMDcgUm9iIEJ1aXMgPGJ1aXNA a2RlLm9yZz4KKyAgICBDb3B5cmlnaHQgKEMpIFJlc2VhcmNoIEluIE1vdGlvbiBMaW1pdGVkIDIw MDksIEFsbCByaWdodHMgcmVzZXJ2ZWQuIENoYXJsZXMgV2VpIDxjaGFybGVzLndlaUB0b3JjaG1v YmlsZS5jb20uY24+CiAKICAgICBUaGlzIGZpbGUgaXMgcGFydCBvZiB0aGUgS0RFIHByb2plY3QK IApAQCAtMTU4LDYgKzE1OSw5IEBAIHZvaWQgU1ZHVXNlRWxlbWVudDo6Y2hpbGRyZW5DaGFuZ2Vk KGJvb2wKICAKIHN0YXRpYyBib29sIHNoYWRvd1RyZWVDb250YWluc0NoYW5nZWROb2RlcyhTVkdF bGVtZW50SW5zdGFuY2UqIHRhcmdldCkKIHsKKyAgICBpZiAoIXRhcmdldCkgICAgICAvLyB3aGVu IHVzZSBpcyByZWZlcmVuY2luZyBhbiBub24tZXhpc3RpbmcgZWxlbWVudCwgdGhlcmUgd2lsbCBi ZSBubyBJbnN0YW5jZSB0cmVlIGJ1aWx0CisgICAgICAgIHJldHVybiBmYWxzZTsKKwogICAgIGlm ICh0YXJnZXQtPm5lZWRzVXBkYXRlKCkpCiAgICAgICAgIHJldHVybiB0cnVlOwogCkluZGV4OiBM YXlvdXRUZXN0cy9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvQ2hhbmdlTG9n CShyZXZpc2lvbiA0ODc5NykKKysrIExheW91dFRlc3RzL0NoYW5nZUxvZwkod29ya2luZyBjb3B5 KQpAQCAtMSwzICsxLDEzIEBACisyMDA5LTA5LTI3ICBDaGFybGVzIFdlaSAgPGNoYXJsZXMud2Vp QHRvcmNobW9iaWxlLmNvbS5jbj4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMh KS4KKworICAgICAgICBGaXggdGhlIGNyYXNoIG9mIFNWRyB0aGF0IGNyYXNoZXMgd2hlbiB1c2Ug YSBub24tZXhpc3Qgc3ltYm9sCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3df YnVnLmNnaT9pZD0yNzY5MworCisgICAgICAgICogc3ZnL2N1c3RvbS91c2Utbm9uLWV4aXN0aW5n LXN5bWJvbC1jcmFzaC1leHBlY3RlZC50eHQ6IEFkZGVkLgorICAgICAgICAqIHN2Zy9jdXN0b20v dXNlLW5vbi1leGlzdGluZy1zeW1ib2wtY3Jhc2guc3ZnOiBBZGRlZC4KKwogMjAwOS0wOS0yNSAg QWRhbSBCYXJ0aCAgPGFiYXJ0aEB3ZWJraXQub3JnPgogCiAgICAgICAgIFJldmlld2VkIGJ5IERh cmluIEFkbGVyLgpJbmRleDogTGF5b3V0VGVzdHMvc3ZnL2N1c3RvbS91c2Utbm9uLWV4aXN0aW5n LXN5bWJvbC1jcmFzaC1leHBlY3RlZC50eHQKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvc3Zn L2N1c3RvbS91c2Utbm9uLWV4aXN0aW5nLXN5bWJvbC1jcmFzaC1leHBlY3RlZC50eHQJKHJldmlz aW9uIDApCisrKyBMYXlvdXRUZXN0cy9zdmcvY3VzdG9tL3VzZS1ub24tZXhpc3Rpbmctc3ltYm9s LWNyYXNoLWV4cGVjdGVkLnR4dAkocmV2aXNpb24gMCkKQEAgLTAsMCArMSBAQAorUEFTUyAtLSBu b3QgY3Jhc2hpbmcsIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0yNzY5 MwpJbmRleDogTGF5b3V0VGVzdHMvc3ZnL2N1c3RvbS91c2Utbm9uLWV4aXN0aW5nLXN5bWJvbC1j cmFzaC5zdmcKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvc3ZnL2N1c3RvbS91c2Utbm9uLWV4 aXN0aW5nLXN5bWJvbC1jcmFzaC5zdmcJKHJldmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9zdmcv Y3VzdG9tL3VzZS1ub24tZXhpc3Rpbmctc3ltYm9sLWNyYXNoLnN2ZwkocmV2aXNpb24gMCkKQEAg LTAsMCArMSwyMCBAQAorPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KKzxz dmcgeG1sbnM6c3ZnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgCisgICAgIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgCisgICAgIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3 LnczLm9yZy8xOTk5L3hsaW5rIiAKKyAgICAgd2lkdGg9IjgwMHB4IiBoZWlnaHQ9IjgwMHB4Igor ICAgICBvbmxvYWQ9ImluaXQoKSI+CisKKzxzY3JpcHQgdHlwZT0iYXBwbGljYXRpb24vZWNtYXNj cmlwdCI+CitpZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVyKQorICAgIGxheW91dFRlc3RD b250cm9sbGVyLmR1bXBBc1RleHQoKTsKKyAgICAKK2Z1bmN0aW9uIGluaXQoKSB7CisgIHZhciBj ZWxsID0gZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ2ZvbycpOworICAgICAgY2VsbC5zZXRBdHRy aWJ1dGVOUyhudWxsLCAndmlzaWJpbGl0eScsJ2Rpc3BsYXknKTsKKyAgCit9Cis8L3NjcmlwdD4K Kzx1c2UgaWQ9ImZvbyIgeGxpbms6aHJlZj0iI2RvZXNOb3RFeGlzdCIvPgorPHRleHQgeD0iMTAi IHk9IjEwIiA+IFBBU1MgLS0gbm90IGNyYXNoaW5nLCAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcv c2hvd19idWcuY2dpP2lkPTI3NjkzIDwvdGV4dD4KKzwvc3ZnPgo=