Changeset 37899 in webkit


Ignore:
Timestamp:
Oct 27, 2008 12:49:58 PM (16 years ago)
Author:
eric@webkit.org
Message:

Reviewed by Dave Hyatt.

Infinite recursion crash in WebCore::RenderSVGRoot::absoluteClippedOverflowRect on a <stop> element outside of a gradient block
https://bugs.webkit.org/show_bug.cgi?id=20400

Test: svg/custom/stop-crash.svg

  • WebCore.xcodeproj/project.pbxproj:
  • rendering/RenderSVGGradientStop.h: (WebCore::RenderSVGGradientStop::absoluteClippedOverflowRect):
Location:
trunk
Files:
2 added
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r37895 r37899  
     12008-10-21  Eric Seidel  <eric@webkit.org>
     2
     3        Reviewed by Dave Hyatt.
     4
     5        Infinite recursion crash in WebCore::RenderSVGRoot::absoluteClippedOverflowRect on a <stop> element outside of a gradient block
     6        https://bugs.webkit.org/show_bug.cgi?id=20400
     7
     8        * svg/custom/stop-crash-expected.txt: Added.
     9        * svg/custom/stop-crash.svg: Added.
     10
    1112008-10-26  Alexey Proskuryakov  <ap@webkit.org>
    212

  • trunk/WebCore/ChangeLog

    r37898 r37899  
     12008-10-21  Eric Seidel  <eric@webkit.org>
     2
     3        Reviewed by Dave Hyatt.
     4
     5        Infinite recursion crash in WebCore::RenderSVGRoot::absoluteClippedOverflowRect on a <stop> element outside of a gradient block
     6        https://bugs.webkit.org/show_bug.cgi?id=20400
     7
     8        Test: svg/custom/stop-crash.svg
     9
     10        * WebCore.xcodeproj/project.pbxproj:
     11        * rendering/RenderSVGGradientStop.h:
     12        (WebCore::RenderSVGGradientStop::absoluteClippedOverflowRect):
     13
    1142008-10-27  Anders Carlsson  <andersca@apple.com>
    215

  • trunk/WebCore/rendering/RenderSVGGradientStop.h

    r37464 r37899  
    3737        RenderSVGGradientStop(SVGStopElement*);
    3838        virtual ~RenderSVGGradientStop();
    39        
     39
    4040        virtual const char* renderName() const { return "RenderSVGGradientStop"; }
    41        
     41
    4242        virtual void layout();
     43
     44        // This override is needed to prevent crashing on <svg><stop /></svg>
     45        // RenderObject's default impl asks the parent Object and RenderSVGRoot
     46        // asks all child RenderObjects for overflow rects, thus infinite loop.
     47        // https://bugs.webkit.org/show_bug.cgi?id=20400
     48        virtual IntRect absoluteClippedOverflowRect() { return IntRect(); }
    4349   
    4450    protected:
Note: See TracChangeset for help on using the changeset viewer.