Changeset 43237 in webkit


Ignore:
Timestamp:
May 5, 2009 8:41:41 AM (15 years ago)
Author:
eric@webkit.org
Message:

Reviewed by Adam Roben.

Fix mappedAttributes() access without NULL check
https://bugs.webkit.org/show_bug.cgi?id=25553

SVGStyledElement::getPresentationAttribute was using mappedAttributes()
without checking for NULL.

HTMLInputElement::setInputType also doesn't NULL check, but I was not
able to get it to crash with a test case so I just added an ASSERT.

  • html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::setInputType):
  • svg/SVGStyledElement.cpp: (WebCore::SVGStyledElement::getPresentationAttribute):
Location:
trunk
Files:
2 added
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r43234 r43237  
     12009-05-05  Eric Seidel  <eric@webkit.org>
     2
     3        Reviewed by Adam Roben.
     4
     5        Fix mappedAttributes() access without NULL check
     6        https://bugs.webkit.org/show_bug.cgi?id=25553
     7
     8        * svg/custom/path-getPresentationAttribute-crash-expected.txt: Added.
     9        * svg/custom/path-getPresentationAttribute-crash.html: Added.
     10
    1112009-05-04  Eric Seidel  <eric@webkit.org>
    212

  • trunk/WebCore/ChangeLog

    r43233 r43237  
     12009-05-05  Eric Seidel  <eric@webkit.org>
     2
     3        Reviewed by Adam Roben.
     4
     5        Fix mappedAttributes() access without NULL check
     6        https://bugs.webkit.org/show_bug.cgi?id=25553
     7
     8        SVGStyledElement::getPresentationAttribute was using mappedAttributes()
     9        without checking for NULL.
     10
     11        HTMLInputElement::setInputType also doesn't NULL check, but I was not
     12        able to get it to crash with a test case so I just added an ASSERT.
     13
     14        * html/HTMLInputElement.cpp:
     15        (WebCore::HTMLInputElement::setInputType):
     16        * svg/SVGStyledElement.cpp:
     17        (WebCore::SVGStyledElement::getPresentationAttribute):
     18
    1192009-05-05  Holger Hans Peter Freyther  <zecke@selfish.org>
    220

  • trunk/WebCore/html/HTMLInputElement.cpp

    r43187 r43237  
    276276            if (didRespectHeightAndWidth != willRespectHeightAndWidth) {
    277277                NamedMappedAttrMap* map = mappedAttributes();
     278                ASSERT(map);
    278279                if (Attribute* height = map->getAttributeItem(heightAttr))
    279280                    attributeChanged(height, false);

  • trunk/WebCore/svg/SVGStyledElement.cpp

    r43187 r43237  
    243243PassRefPtr<CSSValue> SVGStyledElement::getPresentationAttribute(const String& name)
    244244{
     245    if (!mappedAttributes())
     246        return 0;
     247
    245248    Attribute* attr = mappedAttributes()->getAttributeItem(QualifiedName(nullAtom, name, nullAtom));
    246249    if (!attr || !attr->isMappedAttribute() || !attr->style())
Note: See TracChangeset for help on using the changeset viewer.