Bug 25553

Summary: SVG path.getPresentationAttribute("") -> NULL ptr
Product: WebKit Reporter: Berend-Jan Wever <skylined>
Component: SVGAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: eric, skylined
Priority: P1 Keywords: GoogleBug
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows Vista   
URL: http://skypher.com/SkyLined/Repro/WebKit/Bug%2025553%20-%20SVG%20path.getPresentationAttribute(%22%22)%20NULL%20ptr/repro.html
Attachments:
Description Flags
Fix mappedAttributes() access without NULL check aroben: review+

Description Berend-Jan Wever 2009-05-04 13:40:48 PDT 
Bug found in latest Chrome 1.x release without symbols, so I have no stack dump or anything. It repro's reliably in latest Chrome 2.x ToT.

Repro
<SCRIPT>
  path = window.document.createElementNS("http://www.w3.org/2000/svg", "path");
  path.getPresentationAttribute("");
</SCRIPT>
Comment 1 Berend-Jan Wever 2009-05-04 13:42:19 PDT 
Added repro url.
Comment 2 Berend-Jan Wever 2009-05-04 13:48:09 PDT 
Renaming to "SVG"
Comment 3 Eric Seidel (no email) 2009-05-05 08:39:10 PDT 
Created attachment 30021 [details]
Fix mappedAttributes() access without NULL check

 6 files changed, 41 insertions(+), 0 deletions(-)
Comment 4 Adam Roben (:aroben) 2009-05-05 08:40:05 PDT 
Comment on attachment 30021 [details]
Fix mappedAttributes() access without NULL check

r=me
Comment 5 Eric Seidel (no email) 2009-05-05 08:42:17 PDT 
Thank you very much for the bug and excellent test case!

Committing to http://svn.webkit.org/repository/webkit/trunk ...
	M	LayoutTests/ChangeLog
	A	LayoutTests/svg/custom/path-getPresentationAttribute-crash-expected.txt
	A	LayoutTests/svg/custom/path-getPresentationAttribute-crash.html
	M	WebCore/ChangeLog
	M	WebCore/html/HTMLInputElement.cpp
	M	WebCore/svg/SVGStyledElement.cpp
Committed r43237