Title: [106036] trunk
- Revision
- 106036
- Author
- [email protected]
- Date
- 2012-01-26 13:35:44 -0800 (Thu, 26 Jan 2012)
Log Message
Crash in SVGSVGElement::currentViewBoxRect.
https://bugs.webkit.org/show_bug.cgi?id=77121
Reviewed by Nikolas Zimmermann.
Source/WebCore:
Symbols shouldn't be rendered. Revert the ASSERT
from r105513 into a hard check.
Test: svg/custom/symbol-viewport-element-crash.svg
* svg/SVGLengthContext.cpp:
(WebCore::SVGLengthContext::determineViewport):
LayoutTests:
* svg/custom/symbol-viewport-element-crash-expected.txt: Added.
* svg/custom/symbol-viewport-element-crash.svg: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (106035 => 106036)
--- trunk/LayoutTests/ChangeLog 2012-01-26 21:26:06 UTC (rev 106035)
+++ trunk/LayoutTests/ChangeLog 2012-01-26 21:35:44 UTC (rev 106036)
@@ -1,3 +1,13 @@
+2012-01-26 Abhishek Arya <[email protected]>
+
+ Crash in SVGSVGElement::currentViewBoxRect.
+ https://bugs.webkit.org/show_bug.cgi?id=77121
+
+ Reviewed by Nikolas Zimmermann.
+
+ * svg/custom/symbol-viewport-element-crash-expected.txt: Added.
+ * svg/custom/symbol-viewport-element-crash.svg: Added.
+
2012-01-26 Eli Fidler <[email protected]>
[JSC] Inspector instrumentation for _javascript_ calls.
Added: trunk/LayoutTests/svg/custom/symbol-viewport-element-crash-expected.txt (0 => 106036)
--- trunk/LayoutTests/svg/custom/symbol-viewport-element-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/svg/custom/symbol-viewport-element-crash-expected.txt 2012-01-26 21:35:44 UTC (rev 106036)
@@ -0,0 +1 @@
+This test passes if it did not crash
Added: trunk/LayoutTests/svg/custom/symbol-viewport-element-crash.svg (0 => 106036)
--- trunk/LayoutTests/svg/custom/symbol-viewport-element-crash.svg (rev 0)
+++ trunk/LayoutTests/svg/custom/symbol-viewport-element-crash.svg 2012-01-26 21:35:44 UTC (rev 106036)
@@ -0,0 +1,14 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+ <use>
+ <symbol>
+ <rect>
+ <animate attributeName="width" to="0%"></animate>
+ </rect>
+ </symbol>
+ </use>
+ <script>
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+ </script>
+ <text x="10px" y="100px">This test passes if it did not crash</text>
+</svg>
\ No newline at end of file
Property changes on: trunk/LayoutTests/svg/custom/symbol-viewport-element-crash.svg
___________________________________________________________________
Added: svn:executable
Modified: trunk/Source/WebCore/ChangeLog (106035 => 106036)
--- trunk/Source/WebCore/ChangeLog 2012-01-26 21:26:06 UTC (rev 106035)
+++ trunk/Source/WebCore/ChangeLog 2012-01-26 21:35:44 UTC (rev 106036)
@@ -1,3 +1,18 @@
+2012-01-26 Abhishek Arya <[email protected]>
+
+ Crash in SVGSVGElement::currentViewBoxRect.
+ https://bugs.webkit.org/show_bug.cgi?id=77121
+
+ Reviewed by Nikolas Zimmermann.
+
+ Symbols shouldn't be rendered. Revert the ASSERT
+ from r105513 into a hard check.
+
+ Test: svg/custom/symbol-viewport-element-crash.svg
+
+ * svg/SVGLengthContext.cpp:
+ (WebCore::SVGLengthContext::determineViewport):
+
2012-01-26 Anders Carlsson <[email protected]>
Inline beginScrollGesture/endScrollGesture in handleWheelEvent
Modified: trunk/Source/WebCore/svg/SVGLengthContext.cpp (106035 => 106036)
--- trunk/Source/WebCore/svg/SVGLengthContext.cpp 2012-01-26 21:26:06 UTC (rev 106035)
+++ trunk/Source/WebCore/svg/SVGLengthContext.cpp 2012-01-26 21:35:44 UTC (rev 106036)
@@ -282,10 +282,9 @@
// Take size from nearest viewport element.
SVGElement* viewportElement = m_context->viewportElement();
- if (!viewportElement)
+ if (!viewportElement || !viewportElement->isSVG())
return false;
- ASSERT(viewportElement->isSVG());
const SVGSVGElement* svg = static_cast<const SVGSVGElement*>(viewportElement);
FloatSize viewportSize = svg->currentViewBoxRect().size();
if (viewportSize.isEmpty())
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
