Bug 47842
| Summary: | NULL deref in SVGUseElement updateContainerSize | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Justin Schuh <jschuh> |
| Component: | SVG | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED WORKSFORME | ||
| Severity: | Normal | CC: | ctruta, mdelaney7, zimmermann |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | PC | ||
| OS: | OS X 10.5 | ||
Justin Schuh
The following SVG triggers a deref of a NULL shadowTree in updateContainerSize:
<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<use id="use">
<symbol></symbol>
</use>
<use xlink:href="url(#use)" >
</use>
</svg>
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Cosmin Truta
Has this been fixed elsewhere? It's no longer crashing.
Tested with WebKit r72986.
Justin Schuh
Yeah, it looks like this got fixed in one of the recent use element patches over the last few months. If I had to guess I'd say it was probably: http://trac.webkit.org/changeset/69936