Bug 30313 - NULL ptr in SVGPathSegList::getPathSegAtLength()
Summary: NULL ptr in SVGPathSegList::getPathSegAtLength()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: SVG (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Windows Vista
: P1 Normal
Assignee: Nobody
URL: http://skypher.com/SkyLined/Repro/Web...
Keywords: GoogleBug, HasReduction, InRadar
Depends on:
Blocks:
 
Reported: 2009-10-12 14:20 PDT by Berend-Jan Wever
Modified: 2009-12-03 11:34 PST (History)
4 users (show)

See Also:


Attachments
Patch (11.45 KB, patch)
2009-12-03 01:03 PST, Oliver Hunt
mjs: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Berend-Jan Wever 2009-10-12 14:20:25 PDT
Repro:
<SCRIPT>
  SVGPathElement = document.createElementNS("http://www.w3.org/2000/svg", "path");
  SVGPathElement.pathSegList.initialize();
  SVGPathElement.getPathSegAtLength(2699076708.473027);
</SCRIPT>

In the below code, "getItem(i, ec).get();" returns NULL, which is not handled properly, so "segment->pathSegType()" gets called and a NULL ptr read exception is thrown.

unsigned SVGPathSegList::getPathSegAtLength(double)
{
    // FIXME : to be useful this will need to support non-normalized SVGPathSegLists
    ExceptionCode ec = 0;
    int len = numberOfItems();
    // FIXME: Eventually this will likely move to a "path applier"-like model, until then PathTraversalState is less useful as we could just use locals
    PathTraversalState traversalState(PathTraversalState::TraversalSegmentAtLength);
    for (int i = 0; i < len; ++i) {
        SVGPathSeg* segment = getItem(i, ec).get();
        float segmentLength = 0;
        switch (segment->pathSegType()) {
<snip>
Comment 1 Mark Rowe (bdash) 2009-10-12 18:51:46 PDT
<rdar://problem/7297519>
Comment 2 Oliver Hunt 2009-12-03 01:03:27 PST
Created attachment 44213 [details]
Patch
Comment 3 WebKit Review Bot 2009-12-03 01:08:15 PST
style-queue ran check-webkit-style on attachment 44213 [details] without any errors.
Comment 4 Maciej Stachowiak 2009-12-03 01:15:34 PST
Comment on attachment 44213 [details]
Patch

r=me
Comment 5 Oliver Hunt 2009-12-03 01:22:56 PST
Committed r51627
Comment 6 Adam Roben (:aroben) 2009-12-03 07:36:04 PST
This caused bug 32117.
Comment 7 Alexey Proskuryakov 2009-12-03 11:34:33 PST
Looks like this should be marked as resolved. Please reopen and explain if it shouldn't.