[webkit-changes] [86748] trunk

Wed, 18 May 2011 03:45:22 -0700

Title: [86748] trunk
Revision
86748
Author
[email protected]
Date
2011-05-18 03:45:07 -0700 (Wed, 18 May 2011)

Log Message

2011-05-18  Abhishek Arya  <[email protected]>

        Reviewed by Dirk Schulze.

        Tests that we do not crash when trying to access a removed
        smil element in animated elements list.
        https://bugs.webkit.org/show_bug.cgi?id=60980

        * svg/animations/smil-element-not-removed-crash-expected.txt: Added.
        * svg/animations/smil-element-not-removed-crash.html: Added.
2011-05-18  Abhishek Arya  <[email protected]>

        Reviewed by Dirk Schulze.

        When SMIL element is getting removed, make sure to remove it
        from target's animation elements list.
        https://bugs.webkit.org/show_bug.cgi?id=60980

        Test: svg/animations/smil-element-not-removed-crash.html

        * svg/animation/SVGSMILElement.cpp:
        (WebCore::SVGSMILElement::~SVGSMILElement):

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (86747 => 86748)


--- trunk/LayoutTests/ChangeLog	2011-05-18 09:48:35 UTC (rev 86747)
+++ trunk/LayoutTests/ChangeLog	2011-05-18 10:45:07 UTC (rev 86748)
@@ -1,3 +1,14 @@
+2011-05-18  Abhishek Arya  <[email protected]>
+
+        Reviewed by Dirk Schulze.
+
+        Tests that we do not crash when trying to access a removed
+        smil element in animated elements list.
+        https://bugs.webkit.org/show_bug.cgi?id=60980
+
+        * svg/animations/smil-element-not-removed-crash-expected.txt: Added.
+        * svg/animations/smil-element-not-removed-crash.html: Added.
+
 2011-05-18  Kent Tamura  <[email protected]>
 
         Reviewed by Hajime Morita.

Added: trunk/LayoutTests/svg/animations/smil-element-not-removed-crash-expected.txt (0 => 86748)


--- trunk/LayoutTests/svg/animations/smil-element-not-removed-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/svg/animations/smil-element-not-removed-crash-expected.txt	2011-05-18 10:45:07 UTC (rev 86748)
@@ -0,0 +1 @@
+PASS

Added: trunk/LayoutTests/svg/animations/smil-element-not-removed-crash.html (0 => 86748)


--- trunk/LayoutTests/svg/animations/smil-element-not-removed-crash.html	                        (rev 0)
+++ trunk/LayoutTests/svg/animations/smil-element-not-removed-crash.html	2011-05-18 10:45:07 UTC (rev 86748)
@@ -0,0 +1,35 @@
+<html>
+    <body>
+        <svg>
+            <animAttributeAttrs>
+                <feImage id="test"></feImage>
+            </animAttributeAttrs>
+            <set id="set1" xlink:href=""
+        </svg>
+        <script>
+            if (window.layoutTestController) {
+                layoutTestController.dumpAsText();
+                layoutTestController.waitUntilDone();
+                gc = function() { window.GCController.collect() };
+            } else if (!window.gc)
+                gc = function(){};
+
+            window._onload_ = function() {
+                if (location.hash != "#2") {
+                    if (location.hash)
+                        location.hash = "#" + (parseInt(location.hash.slice(1)) + 1).toString();
+                    else
+                        location.hash = "#1";
+                    
+                    gc();
+                    setTimeout(function(){location.reload()}, 0);
+                } else {
+                    document.body.innerHTML = "PASS";
+                    if (window.layoutTestController)
+                        layoutTestController.notifyDone();
+                }
+            }
+        </script>
+    </body>
+</html>
+

Modified: trunk/Source/WebCore/ChangeLog (86747 => 86748)


--- trunk/Source/WebCore/ChangeLog	2011-05-18 09:48:35 UTC (rev 86747)
+++ trunk/Source/WebCore/ChangeLog	2011-05-18 10:45:07 UTC (rev 86748)
@@ -1,3 +1,16 @@
+2011-05-18  Abhishek Arya  <[email protected]>
+
+        Reviewed by Dirk Schulze.
+
+        When SMIL element is getting removed, make sure to remove it
+        from target's animation elements list.
+        https://bugs.webkit.org/show_bug.cgi?id=60980
+
+        Test: svg/animations/smil-element-not-removed-crash.html
+
+        * svg/animation/SVGSMILElement.cpp:
+        (WebCore::SVGSMILElement::~SVGSMILElement):
+
 2011-05-18  Pavel Feldman  <[email protected]>
 
         Reviewed by Yury Semikhatsky.

Modified: trunk/Source/WebCore/svg/animation/SVGSMILElement.cpp (86747 => 86748)


--- trunk/Source/WebCore/svg/animation/SVGSMILElement.cpp	2011-05-18 09:48:35 UTC (rev 86747)
+++ trunk/Source/WebCore/svg/animation/SVGSMILElement.cpp	2011-05-18 10:45:07 UTC (rev 86748)
@@ -141,6 +141,8 @@
     disconnectConditions();
     if (m_timeContainer)
         m_timeContainer->unschedule(this);
+    if (m_targetElement)
+        document()->accessSVGExtensions()->removeAnimationElementFromTarget(this, m_targetElement);
 }
 
 static inline QualifiedName constructQualifiedName(const SVGElement* svgElement, const String& attributeName)

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to