Bug 22804

Summary:

Crash (null-deref) when using :before pseudoselector with content CSS rule in SVG

Product:

WebKit

Reporter:

Oliver Hunt <oliver>

Component:

SVG

Assignee:

Oliver Hunt <oliver>

Status:

RESOLVED FIXED

Severity:

Normal

Keywords:

HasReduction, InRadar

Priority:

Version:

528+ (Nightly build)

Hardware:

Mac

OS:

OS X 10.5

Attachments:

Description	Flags
Patch o' doom	adele: review+

Description Oliver Hunt 2008-12-10 22:58:09 PST

CSS generated content results in a RenderObject with no element, causing SVG text layout and painting to crash and burn

<rdar://problem/6302405>

Comment 1 Oliver Hunt 2008-12-10 22:58:59 PST

Created attachment 25941 [details]
Patch o' doom

Fixeration

Comment 2 Adele Peterson 2008-12-11 01:44:03 PST

Comment on attachment 25941 [details]
Patch o' doom

R=me.  I assume the CL entries for Info.plist and the Xcode proj don't belong...

Comment 3 Oliver Hunt 2008-12-11 01:51:58 PST

(In reply to comment #2)
> (From update of attachment 25941 [details] [review])
> R=me.  I assume the CL entries for Info.plist and the Xcode proj don't
> belong...
> 

Yup *sigh*

Also, have better text in the test now -- says something akin to "This test ensures that we don't display css content or crash when css generated content is used"

Comment 4 Oliver Hunt 2008-12-11 14:34:16 PST

Committing to http://svn.webkit.org/repository/webkit/trunk ...
	M	LayoutTests/ChangeLog
	A	LayoutTests/svg/css/crash-css-generated-content-expected.txt
	A	LayoutTests/svg/css/crash-css-generated-content.xhtml
	M	WebCore/ChangeLog
	M	WebCore/rendering/SVGRootInlineBox.cpp
Committed r39218