Source/WebCore: Crash due to bad data in SVGDocumentExtensions m_pendingResources
authorcommit-queue <commit-queue@webkit.org>
Sat, 10 Sep 2011 11:25:03 +0000 (11:25 +0000)
committerAdemar de Souza Reis Jr <ademar.reis@openbossa.org>
Mon, 12 Sep 2011 15:03:11 +0000 (12:03 -0300)
commitfd242857e5f72c0e071953fc4fce26ac8f80c2a8
tree20f1763b995d11ac0a1388a91d6d3ac3f3279ce2
parente5f10801b095ec40a74be0b671556112668d6ee2
Source/WebCore: Crash due to bad data in SVGDocumentExtensions m_pendingResources
https://bugs.webkit.org/show_bug.cgi?id=67488

Patch by Ken Buchanan <kenrb@chromium.org> on 2011-09-10
Reviewed by Nikolas Zimmermann.

Resolving a crash condition caused by the deletion of
elements while pending resource entries for those elements are still
recorded.

* rendering/svg/RenderSVGResourceContainer.cpp:
(WebCore::RenderSVGResourceContainer::registerResource)
* svg/SVGDocumentExtensions.h:
(WebCore::SVGDocumentExtensions::isElementInPendingResources)
* svg/SVGDocumentExtensions.cpp:
(WebCore::SVGDocumentExtensions::addPendingResource)
(WebCore::SVGDocumentExtensions::isElementInPendingResources)
(WebCore::SVGDocumentExtensions::removeElementFromPendingResources)
* svg/SVGStyledElement.h:
(WebCore::SVGStyledElement::clearHasPendingResourcesIfPossible)
* svg/SVGStyledElement.cpp:
(WebCore::SVGStyledElement::buildPendingResourcesIfNeeded)
(WebCore::SVGStyledElement::clearHasPendingResourcesIfPossible)
* svg/SVGUseElement.cpp:
(WebCore::SVGUseElement::svgAttributeChanged)

LayoutTests: Crash due to bad data in SVGDocumentExtensions m_pendingResources.
https://bugs.webkit.org/show_bug.cgi?id=67488

Patch by Ken Buchanan <kenrb@chromium.org> on 2011-09-10
Reviewed by Nikolas Zimmermann.

Test added: validating that the crash referenced in the bug is not present.

* svg/dom/SVGStyledElement-pendingResource-crash.html: Added.
* svg/dom/SVGStyledElement-pendingResource-crash-expected.txt: Added.
* svg/dom/resources/SVGStyledElement-pendingResource-crash.svg: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94905 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog [changed mode: 0644->0755]
LayoutTests/svg/dom/SVGStyledElement-pendingResource-crash-expected.txt [new file with mode: 0755]
LayoutTests/svg/dom/SVGStyledElement-pendingResource-crash.html [new file with mode: 0755]
LayoutTests/svg/dom/resources/SVGStyledElement-pendingResource-crash.svg [new file with mode: 0755]
Source/WebCore/ChangeLog [changed mode: 0644->0755]
Source/WebCore/rendering/svg/RenderSVGResourceContainer.cpp
Source/WebCore/svg/SVGDocumentExtensions.cpp [changed mode: 0644->0755]
Source/WebCore/svg/SVGDocumentExtensions.h [changed mode: 0644->0755]
Source/WebCore/svg/SVGStyledElement.cpp [changed mode: 0644->0755]
Source/WebCore/svg/SVGStyledElement.h [changed mode: 0644->0755]
Source/WebCore/svg/SVGUseElement.cpp