Bug 66019

Summary: Crash when clicking an SVG <a> link to the local document
Product: WebKit Reporter: Tim Horton <thorton>
Component: SVGAssignee: Tim Horton <thorton>
Status: RESOLVED FIXED    
Severity: Normal CC: rwlbuis, webkit.review.bot, zimmermann
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Repro.
none
Patch sullivan: review+

Tim Horton
Reported 2011-08-10 16:17:55 PDT
Steps to Reproduce: 1. Open the attached file in a WebKit browser. Expected Results: Some text on the screen ("PASS if no crash"). Actual Results: Renderer crashes. Notes: It seems that r89745 added some code to SVGAElement::defaultEventHandler which depends on getElementById returning a valid element, which is certainly not guaranteed. I have a (very simple) patch to fix (and a test).
Attachments
Repro. (866 bytes, application/xhtml+xml)
2011-08-10 16:18 PDT, Tim Horton 		no flags
Details
Patch (4.75 KB, patch)
2011-08-10 16:40 PDT, Tim Horton 		sullivan: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Tim Horton
Comment 1 2011-08-10 16:18:42 PDT
Created attachment 103551 [details] Repro.
Tim Horton
Comment 2 2011-08-10 16:31:38 PDT
<rdar://problem/9933311>
Tim Horton
Comment 3 2011-08-10 16:40:28 PDT
Created attachment 103556 [details] Patch
Rob Buis
Comment 4 2011-08-10 16:47:57 PDT
Comment on attachment 103556 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=103556&action=review R+, provided EWS shows up nothing. > LayoutTests/svg/custom/click-internal-anchor-with-use-crash.xhtml:23 > + <a id="link" xlink:href="#"> You could try making the invalid reference more clear (for example #non_existant or something).
WebKit Review Bot
Comment 5 2011-08-10 18:02:15 PDT
Comment on attachment 103556 [details] Patch Clearing flags on attachment: 103556 Committed r92809: <http://trac.webkit.org/changeset/92809>
WebKit Review Bot
Comment 6 2011-08-10 18:02:19 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.