Title: [122867] trunk/Source/WebCore
- Revision
- 122867
- Author
- [email protected]
- Date
- 2012-07-17 12:17:27 -0700 (Tue, 17 Jul 2012)
Log Message
Crash in SVGStopElement::stopColorIncludingOpacity
https://bugs.webkit.org/show_bug.cgi?id=90814
Reviewed by Dirk Schulze.
No new tests as there should be no change in functionality.
* svg/SVGStopElement.cpp:
(WebCore::SVGStopElement::stopColorIncludingOpacity): Added a check for null
renderer and style. It is hard to see how this is happening because
the code is only invoked if the parent gradient has a renderer, and it seems
the stop element should always have a renderer when the parent has a renderer.
Still, it obviously can happen and does so frequently enough to generate multiple
Chromium crash reports per day. The fix is marked with a FIXME, as we expect to
remove this code entirely soon.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (122866 => 122867)
--- trunk/Source/WebCore/ChangeLog 2012-07-17 19:01:58 UTC (rev 122866)
+++ trunk/Source/WebCore/ChangeLog 2012-07-17 19:17:27 UTC (rev 122867)
@@ -1,3 +1,21 @@
+2012-07-17 Stephen Chenney <[email protected]>
+
+ Crash in SVGStopElement::stopColorIncludingOpacity
+ https://bugs.webkit.org/show_bug.cgi?id=90814
+
+ Reviewed by Dirk Schulze.
+
+ No new tests as there should be no change in functionality.
+
+ * svg/SVGStopElement.cpp:
+ (WebCore::SVGStopElement::stopColorIncludingOpacity): Added a check for null
+ renderer and style. It is hard to see how this is happening because
+ the code is only invoked if the parent gradient has a renderer, and it seems
+ the stop element should always have a renderer when the parent has a renderer.
+ Still, it obviously can happen and does so frequently enough to generate multiple
+ Chromium crash reports per day. The fix is marked with a FIXME, as we expect to
+ remove this code entirely soon.
+
2012-07-17 Emil A Eklund <[email protected]>
Incorrect offset used for scrollWidth/Height calculation
Modified: trunk/Source/WebCore/svg/SVGStopElement.cpp (122866 => 122867)
--- trunk/Source/WebCore/svg/SVGStopElement.cpp 2012-07-17 19:01:58 UTC (rev 122866)
+++ trunk/Source/WebCore/svg/SVGStopElement.cpp 2012-07-17 19:17:27 UTC (rev 122867)
@@ -113,10 +113,14 @@
Color SVGStopElement::stopColorIncludingOpacity() const
{
- ASSERT(renderer());
- ASSERT(renderer()->style());
+ RenderStyle* style = renderer() ? renderer()->style() : 0;
+ // FIXME: This check for null style exists to address Bug WK 90814, a rare crash condition in
+ // which the renderer or style is null. This entire class is scheduled for removal (Bug WK 86941)
+ // and we will tolerate this null check until then.
+ if (!style || !style->svgStyle())
+ return Color(Color::transparent, true); // Transparent black.
- const SVGRenderStyle* svgStyle = renderer()->style()->svgStyle();
+ const SVGRenderStyle* svgStyle = style->svgStyle();
return colorWithOverrideAlpha(svgStyle->stopColor().rgb(), svgStyle->stopOpacity());
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
