RESOLVED FIXED 27693
Crash with DOM manipulation of <use> elements 
https://bugs.webkit.org/show_bug.cgi?id=27693
Summary Crash with DOM manipulation of <use> elements
Dan Knapp
Reported 2009-07-26 12:16:20 PDT
Created attachment 33514 [details] Causes a crash I have produced the attached file, which reproduces the crash for me here. The issue appears to be triggered when a <use> element is added via DOM that references an ID that doesn't exist.
Attachments
Causes a crash (482 bytes, image/svg+xml)
2009-07-26 12:16 PDT, Dan Knapp 		no flags
Details
patch that fixes crash caused by using a symbol that doesn't exist (3.43 KB, patch)
2009-09-27 00:30 PDT, Charles Wei 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
George Staikos
Comment 1 2009-07-26 14:25:20 PDT
Unable to reproduce @46406
Charles Wei
Comment 2 2009-09-27 00:30:08 PDT
Created attachment 40189 [details] patch that fixes crash caused by using a symbol that doesn't exist When a symbol that was referenced by a <use> does not exist, the SVGUseElement doesn't bother to build the instance tree and shadow tree in SVGUseElement::buildPendingResource(). Thus in : static bool shadowTreeContainsChangedNodes(SVGElementInstance* target) we should first check if target exists, if target is NULL, we just return false.
Nikolas Zimmermann
Comment 3 2009-09-28 06:19:20 PDT
Comment on attachment 40189 [details] patch that fixes crash caused by using a symbol that doesn't exist Looks good. r=me.
WebKit Commit Bot
Comment 4 2009-09-28 06:35:47 PDT
Comment on attachment 40189 [details] patch that fixes crash caused by using a symbol that doesn't exist Clearing flags on attachment: 40189 Committed r48810: <http://trac.webkit.org/changeset/48810>
WebKit Commit Bot
Comment 5 2009-09-28 06:35:51 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.