Changeset 53589 in webkit


Ignore:
Timestamp:
Jan 20, 2010 6:10:20 PM (14 years ago)
Author:
Nikolas Zimmermann
Message:

2010-01-20 Nikolas Zimmermann <nzimmermann@rim.com>

Reviewed by Oliver Hunt.

Crash on dispatching SVG mouse events
https://bugs.webkit.org/show_bug.cgi?id=33841

Return early SVGUseElement::instanceForShadowTreeElement if m_targetElementInstance is zero.
This only happens if the SVGUseElement has just been removed from the document and EventHandler
tries to dispatch a mouseout event to the corresponding SVGElementInstance. This is not testable
using DRT unfortunately, so we have to add another manual testcase for that.

Tests: manual-tests/use-crash-on-mouse-hover.svg

  • manual-tests/svg-crash-hovering-use.svg: Added.
  • svg/SVGUseElement.cpp: (WebCore::SVGUseElement::instanceForShadowTreeElement): Add ASSERT(!inDocument()) when returning 0 here if m_targetElementInstance is 0.
Location:
trunk/WebCore
Files:
1 added
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/WebCore/ChangeLog

    r53588 r53589  
     12010-01-20  Nikolas Zimmermann  <nzimmermann@rim.com>
     2
     3        Reviewed by Oliver Hunt.
     4
     5        Crash on dispatching SVG mouse events
     6        https://bugs.webkit.org/show_bug.cgi?id=33841
     7
     8        Return early SVGUseElement::instanceForShadowTreeElement if m_targetElementInstance is zero.
     9        This only happens if the SVGUseElement has just been removed from the document and EventHandler
     10        tries to dispatch a mouseout event to the corresponding SVGElementInstance. This is not testable
     11        using DRT unfortunately, so we have to add another manual testcase for that.
     12
     13        Tests: manual-tests/use-crash-on-mouse-hover.svg
     14
     15        * manual-tests/svg-crash-hovering-use.svg: Added.
     16        * svg/SVGUseElement.cpp:
     17        (WebCore::SVGUseElement::instanceForShadowTreeElement): Add ASSERT(!inDocument()) when returning 0 here if m_targetElementInstance is 0.
     18
    1192010-01-20  Ilya Tikhonovsky  <loislo@chromium.org>
    220

  • trunk/WebCore/svg/SVGUseElement.cpp

    r53564 r53589  
    858858SVGElementInstance* SVGUseElement::instanceForShadowTreeElement(Node* element) const
    859859{
     860    if (!m_targetElementInstance) {
     861        ASSERT(!inDocument());
     862        return 0;
     863    }
     864
    860865    return instanceForShadowTreeElement(element, m_targetElementInstance.get());
    861866}
Note: See TracChangeset for help on using the changeset viewer.