92024 – Crash when setting empty class name on a new element

RESOLVED FIXED92024

Crash when setting empty class name on a new element

https://bugs.webkit.org/show_bug.cgi?id=92024

Summary Crash when setting empty class name on a new element

Stephen Chenney

Reported 2012-07-23 13:40:56 PDT

This test crashes: <!DOCTYPE html> <script> document.createElementNS("http://www.w3.org/2000/svg", "svg").className.baseVal = ""; </script> because in WebCore/dom/StyledElement.cpp:176 we call attributeData()->clearClass(); when the class name is empty without checking if attributeData exists. Attribute data will not exist on SVG nodes (at least) immediately upon creation. This is Chromium http://code.google.com/p/chromium/issues/detail?id=138552

Attachments
Patch (3.23 KB, patch) 2012-07-23 13:48 PDT, Stephen Chenney	kling: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Stephen Chenney

Comment 1 2012-07-23 13:48:43 PDT

Created attachment 153855 [details] Patch

Stephen Chenney

Comment 2 2012-07-23 13:57:42 PDT

Committed r123377: <http://trac.webkit.org/changeset/123377>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component DOM

Assignee

Stephen Chenney

Reported

2012-07-23 13:40 PDT

Modified

2012-07-23 13:57 PDT History

CC List

3 users Show

URL

Keywords

Depends on

Blocks