Summary: | Reproducible crash in WebCore::parseNumber in svg/custom/js-update-bounce.svg under guard-malloc | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Mark Rowe (bdash) <mrowe> | ||||
Component: | SVG | Assignee: | Nobody <webkit-unassigned> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Major | Keywords: | LayoutTestFailure | ||||
Priority: | P1 | ||||||
Version: | 420+ | ||||||
Hardware: | Mac | ||||||
OS: | OS X 10.4 | ||||||
Attachments: |
|
Description
Mark Rowe (bdash)
2007-01-21 18:05:08 PST
This is a case of missing parentheses. if (ptr < end && *ptr == 'e' || *ptr == 'E') { // read the exponent part The && binds tighter than the ||. Instead we need to put parentheses around the || part of the expression. Created attachment 12593 [details]
Patch
Comment on attachment 12593 [details]
Patch
r=me
|