Bug 25553

Summary: SVG path.getPresentationAttribute("") -> NULL ptr
Product: WebKit Reporter: Berend-Jan Wever <skylined>
Component: SVGAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: eric, skylined
Priority: P1 Keywords: GoogleBug
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows Vista   
URL: http://skypher.com/SkyLined/Repro/WebKit/Bug%2025553%20-%20SVG%20path.getPresentationAttribute(%22%22)%20NULL%20ptr/repro.html
Attachments:
Description Flags
Fix mappedAttributes() access without NULL check aroben: review+

Berend-Jan Wever
Reported 2009-05-04 13:40:48 PDT
Bug found in latest Chrome 1.x release without symbols, so I have no stack dump or anything. It repro's reliably in latest Chrome 2.x ToT. Repro <SCRIPT> path = window.document.createElementNS("http://www.w3.org/2000/svg", "path"); path.getPresentationAttribute(""); </SCRIPT>
Attachments
Fix mappedAttributes() access without NULL check (3.61 KB, patch)
2009-05-05 08:39 PDT, Eric Seidel (no email) 		aroben: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Berend-Jan Wever
Comment 1 2009-05-04 13:42:19 PDT
Added repro url.
Berend-Jan Wever
Comment 2 2009-05-04 13:48:09 PDT
Renaming to "SVG"
Eric Seidel (no email)
Comment 3 2009-05-05 08:39:10 PDT
Created attachment 30021 [details] Fix mappedAttributes() access without NULL check 6 files changed, 41 insertions(+), 0 deletions(-)
Adam Roben (:aroben)
Comment 4 2009-05-05 08:40:05 PDT
Comment on attachment 30021 [details] Fix mappedAttributes() access without NULL check r=me
Eric Seidel (no email)
Comment 5 2009-05-05 08:42:17 PDT
Thank you very much for the bug and excellent test case! Committing to http://svn.webkit.org/repository/webkit/trunk ... M LayoutTests/ChangeLog A LayoutTests/svg/custom/path-getPresentationAttribute-crash-expected.txt A LayoutTests/svg/custom/path-getPresentationAttribute-crash.html M WebCore/ChangeLog M WebCore/html/HTMLInputElement.cpp M WebCore/svg/SVGStyledElement.cpp Committed r43237
Note You need to log in before you can comment on or make changes to this bug.