Bug 37751

Summary: Infinite recursion in WebCore::SVGPatternElement::buildPattern leads to stack exhaustion
Product: WebKit Reporter: Tobias Klein <tk.chromium>
Component: SVGAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: krit
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Testcase none

Tobias Klein
Reported 2010-04-17 02:32:48 PDT
Opening the attached SVG file causes infinite recursion in WebCore::SVGPatternElement::buildPattern, which leads to stack exhaustion. Code snippet: http://svn.webkit.org/repository/webkit/trunk/WebCore/svg/SVGPatternElement.cpp [..] void SVGPatternElement::buildPattern(const FloatRect& targetRect) const { [..] // Render subtree into ImageBuffer for (Node* n = attributes.patternContentElement()->firstChild(); n; n = n->nextSibling()) { if (!n->isSVGElement() || !static_cast<SVGElement*>(n)->isStyled() || !n->renderer()) continue; renderSubtreeToImage(patternImage.get(), n->renderer()); } [..]
Attachments
Testcase (346 bytes, application/xhtml+xml)
2010-04-17 02:33 PDT, Tobias Klein 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Tobias Klein
Comment 1 2010-04-17 02:33:59 PDT
Created attachment 53595 [details] Testcase
Dirk Schulze
Comment 2 2010-04-19 03:26:23 PDT
Thanks for the test case. *** This bug has been marked as a duplicate of bug 32171 ***
Note You need to log in before you can comment on or make changes to this bug.