Bug 47842

Summary: NULL deref in SVGUseElement updateContainerSize
Product: WebKit Reporter: Justin Schuh <jschuh>
Component: SVGAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WORKSFORME    
Severity: Normal CC: ctruta, mdelaney7, zimmermann
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   

Description Justin Schuh 2010-10-18 12:09:46 PDT 
The following SVG triggers a deref of a NULL shadowTree in updateContainerSize:

<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
    <use id="use">
        <symbol></symbol>
    </use>
    <use xlink:href="url(#use)" >
    </use>
</svg>
Comment 1 Cosmin Truta 2010-12-01 12:23:04 PST 
Has this been fixed elsewhere? It's no longer crashing.
Tested with WebKit r72986.
Comment 2 Justin Schuh 2010-12-03 10:15:27 PST 
Yeah, it looks like this got fixed in one of the recent use element patches over the last few months. If I had to guess I'd say it was probably: http://trac.webkit.org/changeset/69936