Skip to site navigation (Press enter)

[webkit-changes] [92809] trunk

timothy_horton Wed, 10 Aug 2011 18:02:10 -0700

Title: [92809] trunk

Revision: 92809
Author: [email protected]
Date: 2011-08-10 18:02:00 -0700 (Wed, 10 Aug 2011)

Log Message

Crash when clicking an SVG <a> link to the local document
https://bugs.webkit.org/show_bug.cgi?id=66019
<rdar://problem/9933311>


Reviewed by Rob Buis.

Source/WebCore:

Check if the target element of an internal link is valid before
making use of it.

Test: svg/custom/click-internal-anchor-with-use-crash.xhtml

* svg/SVGAElement.cpp:
(WebCore::SVGAElement::defaultEventHandler):

LayoutTests:

Add a test which programmatically clicks a link referring to "#",
and should crash between r89745 and this commit.

* svg/custom/click-internal-anchor-with-use-crash-expected.txt: Added.
* svg/custom/click-internal-anchor-with-use-crash.xhtml: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/svg/SVGAElement.cpp

Added Paths

trunk/LayoutTests/svg/custom/click-internal-anchor-with-use-crash-expected.txt
trunk/LayoutTests/svg/custom/click-internal-anchor-with-use-crash.xhtml

Diff

Modified: trunk/LayoutTests/ChangeLog (92808 => 92809)


--- trunk/LayoutTests/ChangeLog	2011-08-11 00:54:42 UTC (rev 92808)
+++ trunk/LayoutTests/ChangeLog	2011-08-11 01:02:00 UTC (rev 92809)
@@ -1,3 +1,17 @@
+2011-08-10  Tim Horton  <[email protected]>
+
+        Crash when clicking an SVG <a> link to the local document
+        https://bugs.webkit.org/show_bug.cgi?id=66019
+        <rdar://problem/9933311>
+
+        Reviewed by Rob Buis.
+
+        Add a test which programmatically clicks a link referring to "#",
+        and should crash between r89745 and this commit.
+
+        * svg/custom/click-internal-anchor-with-use-crash-expected.txt: Added.
+        * svg/custom/click-internal-anchor-with-use-crash.xhtml: Added.
+
 2011-08-10  Mark Hahnenberg  <[email protected]>
 
         JSC should always throw when function arg list is too long

Added: trunk/LayoutTests/svg/custom/click-internal-anchor-with-use-crash-expected.txt (0 => 92809)


--- trunk/LayoutTests/svg/custom/click-internal-anchor-with-use-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/svg/custom/click-internal-anchor-with-use-crash-expected.txt	2011-08-11 01:02:00 UTC (rev 92809)
@@ -0,0 +1,2 @@
+PASS if no crash
+

Added: trunk/LayoutTests/svg/custom/click-internal-anchor-with-use-crash.xhtml (0 => 92809)


--- trunk/LayoutTests/svg/custom/click-internal-anchor-with-use-crash.xhtml	                        (rev 0)
+++ trunk/LayoutTests/svg/custom/click-internal-anchor-with-use-crash.xhtml	2011-08-11 01:02:00 UTC (rev 92809)
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<html>
+    <svg xmlns="http://www.w3.org/2000/svg" _onload_="onLoad()" xmlns:xlink="http://www.w3.org/1999/xlink">
+        <script type="text/_javascript_">
+        function onLoad()
+        {
+            clickLink(document.getElementById("link"));
+            
+            if (window.layoutTestController)
+                layoutTestController.dumpAsText();
+        }
+
+        function clickLink(link)
+        {
+            var event = document.createEvent("MouseEvents");
+            event.initMouseEvent("click", true, true, window,
+                0, 0, 0, 0, 0,
+                false, false, false, false,
+                0, null);
+            link.dispatchEvent(event);
+        }
+        </script>
+        <a id="link" xlink:href=""
+            <text x="50" y="50">PASS if no crash</text>
+        </a>
+    </svg>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (92808 => 92809)


--- trunk/Source/WebCore/ChangeLog	2011-08-11 00:54:42 UTC (rev 92808)
+++ trunk/Source/WebCore/ChangeLog	2011-08-11 01:02:00 UTC (rev 92809)
@@ -1,3 +1,19 @@
+2011-08-10  Tim Horton  <[email protected]>
+
+        Crash when clicking an SVG <a> link to the local document
+        https://bugs.webkit.org/show_bug.cgi?id=66019
+        <rdar://problem/9933311>
+
+        Reviewed by Rob Buis.
+
+        Check if the target element of an internal link is valid before
+        making use of it.
+
+        Test: svg/custom/click-internal-anchor-with-use-crash.xhtml
+
+        * svg/SVGAElement.cpp:
+        (WebCore::SVGAElement::defaultEventHandler):
+
 2011-08-10  No'am Rosenthal  <[email protected]>
 
         [Qt] Enable WebGL by default for QtWebKit

Modified: trunk/Source/WebCore/svg/SVGAElement.cpp (92808 => 92809)


--- trunk/Source/WebCore/svg/SVGAElement.cpp	2011-08-11 00:54:42 UTC (rev 92808)
+++ trunk/Source/WebCore/svg/SVGAElement.cpp	2011-08-11 01:02:00 UTC (rev 92809)
@@ -170,7 +170,7 @@
                     return;
                 }
                 // Only allow navigation to internal <view> anchors.
-                if (!targetElement->hasTagName(SVGNames::viewTag))
+                if (targetElement && !targetElement->hasTagName(SVGNames::viewTag))
                     return;
             }
 #endif

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes