Bug 22804

Summary: Crash (null-deref) when using :before pseudoselector with content CSS rule in SVG
Product: WebKit Reporter: Oliver Hunt <oliver>
Component: SVGAssignee: Oliver Hunt <oliver>
Status: RESOLVED FIXED    
Severity: Normal Keywords: HasReduction, InRadar
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
Attachments:
Description Flags
Patch o' doom adele: review+

Oliver Hunt
Reported 2008-12-10 22:58:09 PST
CSS generated content results in a RenderObject with no element, causing SVG text layout and painting to crash and burn <rdar://problem/6302405>
Attachments
Patch o' doom (4.68 KB, patch)
2008-12-10 22:58 PST, Oliver Hunt 		adele: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Oliver Hunt
Comment 1 2008-12-10 22:58:59 PST
Created attachment 25941 [details] Patch o' doom Fixeration
Adele Peterson
Comment 2 2008-12-11 01:44:03 PST
Comment on attachment 25941 [details] Patch o' doom R=me. I assume the CL entries for Info.plist and the Xcode proj don't belong...
Oliver Hunt
Comment 3 2008-12-11 01:51:58 PST
(In reply to comment #2) > (From update of attachment 25941 [details] [review]) > R=me. I assume the CL entries for Info.plist and the Xcode proj don't > belong... > Yup *sigh* Also, have better text in the test now -- says something akin to "This test ensures that we don't display css content or crash when css generated content is used"
Oliver Hunt
Comment 4 2008-12-11 14:34:16 PST
Committing to http://svn.webkit.org/repository/webkit/trunk ... M LayoutTests/ChangeLog A LayoutTests/svg/css/crash-css-generated-content-expected.txt A LayoutTests/svg/css/crash-css-generated-content.xhtml M WebCore/ChangeLog M WebCore/rendering/SVGRootInlineBox.cpp Committed r39218
Note You need to log in before you can comment on or make changes to this bug.