Changeset 227697 in webkit
- Timestamp:
- Jan 26, 2018 2:36:39 PM (6 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
svg/SVGPathElement.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r227696 r227697 1 2018-01-26 Simon Fraser <simon.fraser@apple.com> 2 3 REGRESSiON (r226492): Crash under Element::absoluteEventBounds() on a SVGPathElement which has not been laid out yet 4 https://bugs.webkit.org/show_bug.cgi?id=182185 5 rdar://problem/36836262 6 7 Reviewed by Zalan Bujtas. 8 9 Document::absoluteRegionForEventTargets() can fire when layout is dirty, and SVGPathElement's path() can be null if it 10 hasn't been laid out yet. So protect against a null path in getBBox(). 11 12 Not easily testable because internals.nonFastScrollableRects() forces layout, and the crash depends on the timing of 13 absoluteRegionForEventTargets(). 14 15 * svg/SVGPathElement.cpp: 16 (WebCore::SVGPathElement::getBBox): 17 1 18 2018-01-26 Chris Dumez <cdumez@apple.com> 2 19 -
trunk/Source/WebCore/svg/SVGPathElement.cpp
r224213 r227697 421 421 422 422 // FIXME: Eventually we should support getBBox for detached elements. 423 if (!renderer) 424 return FloatRect(); 423 // FIXME: If the path is null it means we're calling getBBox() before laying out this element, 424 // which is an error. 425 if (!renderer || !renderer->hasPath()) 426 return { }; 425 427 426 428 return renderer->path().boundingRect();
Note: See TracChangeset
for help on using the changeset viewer.
