ASSERTION FAILED: !m_code || m_code == defaultExceptionCode
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 9 May 2014 10:58:14 +0000 (10:58 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 9 May 2014 10:58:14 +0000 (10:58 +0000)
in WebCore::constructQualifiedName
https://bugs.webkit.org/show_bug.cgi?id=132343

'Remove bad assertion in SVGSMILElement's constructQualifiedName() by passing
IGNORE_EXCEPTION instead ASSERT_NO_EXCEPTION to Document::parseQualifiedName().
The constructQualifiedName() function handles parseQualifiedName() failures
propertly by returning early so there is no reason to assert on parsing
failures.'

Blink merge: http://src.chromium.org/viewvc/blink?view=revision&revision=173564
Based on the patch made by Christophe Dumez <ch.dumez@samsung.com>.

Patch by Martin Hodovan <mhodovan@inf.u-szeged.hu> on 2014-05-09
Reviewed by Dirk Schulze.

Source/WebCore:
Test: svg/custom/bad-attributeName-crash.html

* svg/animation/SVGSMILElement.cpp:
(WebCore::constructQualifiedName):

LayoutTests:
* svg/custom/bad-attributeName-crash-expected.txt: Added.
* svg/custom/bad-attributeName-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@168524 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/svg/custom/bad-attributeName-crash-expected.txt [new file with mode: 0644]
LayoutTests/svg/custom/bad-attributeName-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/svg/animation/SVGSMILElement.cpp

index 94ee3e7..ae768fb 100644 (file)
@@ -1,3 +1,23 @@
+2014-05-09  Martin Hodovan  <mhodovan@inf.u-szeged.hu>
+
+        ASSERTION FAILED: !m_code || m_code == defaultExceptionCode
+        in WebCore::constructQualifiedName
+        https://bugs.webkit.org/show_bug.cgi?id=132343
+
+        'Remove bad assertion in SVGSMILElement's constructQualifiedName() by passing
+        IGNORE_EXCEPTION instead ASSERT_NO_EXCEPTION to Document::parseQualifiedName().
+        The constructQualifiedName() function handles parseQualifiedName() failures
+        propertly by returning early so there is no reason to assert on parsing
+        failures.'
+
+        Blink merge: http://src.chromium.org/viewvc/blink?view=revision&revision=173564
+        Based on the patch made by Christophe Dumez <ch.dumez@samsung.com>.
+
+        Reviewed by Dirk Schulze.
+
+        * svg/custom/bad-attributeName-crash-expected.txt: Added.
+        * svg/custom/bad-attributeName-crash.html: Added.
+
 2014-05-08  Alexey Proskuryakov  <ap@apple.com>
 
         REGRESSION (r168518): Multiple tests for workers in blobs assert
diff --git a/LayoutTests/svg/custom/bad-attributeName-crash-expected.txt b/LayoutTests/svg/custom/bad-attributeName-crash-expected.txt
new file mode 100644 (file)
index 0000000..a9cb73b
--- /dev/null
@@ -0,0 +1,9 @@
+Tests that we do not crash on a bad attribute name.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/svg/custom/bad-attributeName-crash.html b/LayoutTests/svg/custom/bad-attributeName-crash.html
new file mode 100644 (file)
index 0000000..2f04333
--- /dev/null
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+    <body>
+        <script src="../../resources/js-test.js"></script>
+
+        <script>
+            description("Tests that we do not crash on a bad attribute name.");
+        </script>
+
+        <svg>
+            <set attributeName="`&#58"></set>
+        </svg>
+    </body>
+</html>
\ No newline at end of file
index aa349d9..b07d57c 100644 (file)
@@ -1,3 +1,25 @@
+2014-05-09  Martin Hodovan  <mhodovan@inf.u-szeged.hu>
+
+        ASSERTION FAILED: !m_code || m_code == defaultExceptionCode
+        in WebCore::constructQualifiedName
+        https://bugs.webkit.org/show_bug.cgi?id=132343
+
+        'Remove bad assertion in SVGSMILElement's constructQualifiedName() by passing
+        IGNORE_EXCEPTION instead ASSERT_NO_EXCEPTION to Document::parseQualifiedName().
+        The constructQualifiedName() function handles parseQualifiedName() failures
+        propertly by returning early so there is no reason to assert on parsing
+        failures.'
+
+        Blink merge: http://src.chromium.org/viewvc/blink?view=revision&revision=173564
+        Based on the patch made by Christophe Dumez <ch.dumez@samsung.com>.
+
+        Reviewed by Dirk Schulze.
+
+        Test: svg/custom/bad-attributeName-crash.html
+
+        * svg/animation/SVGSMILElement.cpp:
+        (WebCore::constructQualifiedName):
+
 2014-05-08  Brent Fulgham  <bfulgham@apple.com>
 
         Multiple (stacked) cues when shuttling through video while playing closed captions
index 2a446e6..66a1b9e 100644 (file)
@@ -197,7 +197,7 @@ static inline QualifiedName constructQualifiedName(const SVGElement* svgElement,
     
     String prefix;
     String localName;
-    if (!Document::parseQualifiedName(attributeName, prefix, localName, ASSERT_NO_EXCEPTION))
+    if (!Document::parseQualifiedName(attributeName, prefix, localName, IGNORE_EXCEPTION))
         return anyQName();
     
     String namespaceURI = svgElement->lookupNamespaceURI(prefix);