Title: [117289] trunk
- Revision
- 117289
- Author
- [email protected]
- Date
- 2012-05-16 07:47:05 -0700 (Wed, 16 May 2012)
Log Message
SVGSVGElement checkIntersection and checkEnclosure Mem corruption
https://bugs.webkit.org/show_bug.cgi?id=67923
Patch by Rob Buis <[email protected]> on 2012-05-16
Reviewed by Nikolas Zimmermann.
Source/WebCore:
Only call checkIntersection/checkEnclosure when we have a valid renderer.
Test: svg/custom/intersection-list-null.svg
* svg/SVGSVGElement.cpp:
(WebCore::SVGSVGElement::checkIntersection):
(WebCore::SVGSVGElement::checkEnclosure):
LayoutTests:
Add test to check that checkIntersection/checkEnclosure do not
crash when null is used for the element parameter.
* svg/custom/intersection-list-null-expected.txt: Added.
* svg/custom/intersection-list-null.svg: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (117288 => 117289)
--- trunk/LayoutTests/ChangeLog 2012-05-16 14:23:43 UTC (rev 117288)
+++ trunk/LayoutTests/ChangeLog 2012-05-16 14:47:05 UTC (rev 117289)
@@ -1,3 +1,16 @@
+2012-05-16 Rob Buis <[email protected]>
+
+ SVGSVGElement checkIntersection and checkEnclosure Mem corruption
+ https://bugs.webkit.org/show_bug.cgi?id=67923
+
+ Reviewed by Nikolas Zimmermann.
+
+ Add test to check that checkIntersection/checkEnclosure do not
+ crash when null is used for the element parameter.
+
+ * svg/custom/intersection-list-null-expected.txt: Added.
+ * svg/custom/intersection-list-null.svg: Added.
+
2012-05-16 Simon Hausmann <[email protected]>
Unskip fast/animation/request-animation-frame-during-modal.html that was
Added: trunk/LayoutTests/svg/custom/intersection-list-null-expected.txt (0 => 117289)
--- trunk/LayoutTests/svg/custom/intersection-list-null-expected.txt (rev 0)
+++ trunk/LayoutTests/svg/custom/intersection-list-null-expected.txt 2012-05-16 14:47:05 UTC (rev 117289)
@@ -0,0 +1 @@
+PASS
Added: trunk/LayoutTests/svg/custom/intersection-list-null.svg (0 => 117289)
--- trunk/LayoutTests/svg/custom/intersection-list-null.svg (rev 0)
+++ trunk/LayoutTests/svg/custom/intersection-list-null.svg 2012-05-16 14:47:05 UTC (rev 117289)
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg id="root" xmlns="http://www.w3.org/2000/svg" _onload_="runTest()">
+ <script>
+ function runTest() {
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+ var root = document.documentElement;
+ root.checkIntersection(null, root.createSVGRect());
+ root.checkEnclosure(null, root.createSVGRect());
+ }
+ </script>
+ <!-- This test passes if it does not crash. -->
+ <text>PASS</text>
+</svg>
Modified: trunk/Source/WebCore/ChangeLog (117288 => 117289)
--- trunk/Source/WebCore/ChangeLog 2012-05-16 14:23:43 UTC (rev 117288)
+++ trunk/Source/WebCore/ChangeLog 2012-05-16 14:47:05 UTC (rev 117289)
@@ -1,3 +1,18 @@
+2012-05-16 Rob Buis <[email protected]>
+
+ SVGSVGElement checkIntersection and checkEnclosure Mem corruption
+ https://bugs.webkit.org/show_bug.cgi?id=67923
+
+ Reviewed by Nikolas Zimmermann.
+
+ Only call checkIntersection/checkEnclosure when we have a valid renderer.
+
+ Test: svg/custom/intersection-list-null.svg
+
+ * svg/SVGSVGElement.cpp:
+ (WebCore::SVGSVGElement::checkIntersection):
+ (WebCore::SVGSVGElement::checkEnclosure):
+
2012-05-16 Simon Hausmann <[email protected]>
Unreviewed, rolling out r110699.
Modified: trunk/Source/WebCore/svg/SVGSVGElement.cpp (117288 => 117289)
--- trunk/Source/WebCore/svg/SVGSVGElement.cpp 2012-05-16 14:23:43 UTC (rev 117288)
+++ trunk/Source/WebCore/svg/SVGSVGElement.cpp 2012-05-16 14:47:05 UTC (rev 117289)
@@ -371,11 +371,15 @@
bool SVGSVGElement::checkIntersection(SVGElement* element, const FloatRect& rect) const
{
+ if (!element)
+ return false;
return RenderSVGModelObject::checkIntersection(element->renderer(), rect);
}
bool SVGSVGElement::checkEnclosure(SVGElement* element, const FloatRect& rect) const
{
+ if (!element)
+ return false;
return RenderSVGModelObject::checkEnclosure(element->renderer(), rect);
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
