RESOLVED FIXED25105
isOutermostSVG() crashes with null deref 
https://bugs.webkit.org/show_bug.cgi?id=25105
Summary isOutermostSVG() crashes with null deref
Simon Fraser (smfr)
Reported 2009-04-08 17:45:08 PDT
The testcase shows a bug in isOutermostSVG(), which cause a crash.
Attachments
Testcase (815 bytes, application/xhtml+xml)
2009-04-08 17:45 PDT, Simon Fraser (smfr) 		no flags
Details
First stab @ fix (3.12 KB, patch)
2009-04-09 15:48 PDT, Eric Seidel (no email) 		simon.fraser: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Simon Fraser (smfr)
Comment 1 2009-04-08 17:45:30 PDT
Created attachment 29351 [details] Testcase
Simon Fraser (smfr)
Comment 2 2009-04-08 17:55:02 PDT
Maybe fix: diff --git a/WebCore/svg/SVGSVGElement.cpp b/WebCore/svg/SVGSVGElement.cpp index e66a16e..fe09148 100644 --- a/WebCore/svg/SVGSVGElement.cpp +++ b/WebCore/svg/SVGSVGElement.cpp @@ -477,6 +477,10 @@ bool SVGSVGElement::hasRelativeValues() const bool SVGSVGElement::isOutermostSVG() const { + // Element may not be in the document. + if (!parentNode()) + return false; + // This is true whenever this is the outermost SVG, even if there are HTML elements outside it return !parentNode()->isSVGElement(); }
Eric Seidel (no email)
Comment 3 2009-04-09 01:50:37 PDT
Your fix looks good.
Eric Seidel (no email)
Comment 4 2009-04-09 03:46:50 PDT
Fixing. Will post shortly.
Eric Seidel (no email)
Comment 5 2009-04-09 03:55:26 PDT
I think we should return true instead of false. Will post patch later today.
Eric Seidel (no email)
Comment 6 2009-04-09 15:48:54 PDT
Created attachment 29378 [details] First stab @ fix LayoutTests/ChangeLog | 10 ++++++++++ .../detached-outermost-svg-crash-expected.txt | 1 + .../svg/custom/detached-outermost-svg-crash.html | 13 +++++++++++++ WebCore/ChangeLog | 10 ++++++++++ WebCore/svg/SVGSVGElement.cpp | 4 ++++ 5 files changed, 38 insertions(+), 0 deletions(-)
Eric Seidel (no email)
Comment 7 2009-04-09 16:03:22 PDT
Committing to http://svn.webkit.org/repository/webkit/trunk ... M LayoutTests/ChangeLog A LayoutTests/svg/custom/detached-outermost-svg-crash-expected.txt A LayoutTests/svg/custom/detached-outermost-svg-crash.html M WebCore/ChangeLog M WebCore/svg/SVGSVGElement.cpp Committed r42374
Note You need to log in before you can comment on or make changes to this bug.