Bug 92024

Summary: Crash when setting empty class name on a new element
Product: WebKit Reporter: Stephen Chenney <schenney>
Component: DOMAssignee: Stephen Chenney <schenney>
Status: RESOLVED FIXED    
Severity: Normal CC: inferno, kling, rniwa
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch kling: review+

Stephen Chenney
Reported 2012-07-23 13:40:56 PDT
This test crashes: <!DOCTYPE html> <script> document.createElementNS("http://www.w3.org/2000/svg", "svg").className.baseVal = ""; </script> because in WebCore/dom/StyledElement.cpp:176 we call attributeData()->clearClass(); when the class name is empty without checking if attributeData exists. Attribute data will not exist on SVG nodes (at least) immediately upon creation. This is Chromium http://code.google.com/p/chromium/issues/detail?id=138552
Attachments
Patch (3.23 KB, patch)
2012-07-23 13:48 PDT, Stephen Chenney 		kling: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Stephen Chenney
Comment 1 2012-07-23 13:48:43 PDT
Created attachment 153855 [details] Patch
Stephen Chenney
Comment 2 2012-07-23 13:57:42 PDT
Committed r123377: <http://trac.webkit.org/changeset/123377>
Note You need to log in before you can comment on or make changes to this bug.