Source/WebCore: Crash due to bad data in SVGDocumentExtensions m_pendingResources
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 10 Sep 2011 11:25:03 +0000 (11:25 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 10 Sep 2011 11:25:03 +0000 (11:25 +0000)
commitd5709fa169ee59231fab2f8c46c88985fe19e264
tree2dba9cad384529c7896dcca996a60e26fb997774
parent2892bbd5a8260b1d5edd5d99028c9d30dfff91ec
Source/WebCore: Crash due to bad data in SVGDocumentExtensions m_pendingResources
https://bugs.webkit.org/show_bug.cgi?id=67488

Patch by Ken Buchanan <kenrb@chromium.org> on 2011-09-10
Reviewed by Nikolas Zimmermann.

Resolving a crash condition caused by the deletion of
elements while pending resource entries for those elements are still
recorded.

* rendering/svg/RenderSVGResourceContainer.cpp:
(WebCore::RenderSVGResourceContainer::registerResource)
* svg/SVGDocumentExtensions.h:
(WebCore::SVGDocumentExtensions::isElementInPendingResources)
* svg/SVGDocumentExtensions.cpp:
(WebCore::SVGDocumentExtensions::addPendingResource)
(WebCore::SVGDocumentExtensions::isElementInPendingResources)
(WebCore::SVGDocumentExtensions::removeElementFromPendingResources)
* svg/SVGStyledElement.h:
(WebCore::SVGStyledElement::clearHasPendingResourcesIfPossible)
* svg/SVGStyledElement.cpp:
(WebCore::SVGStyledElement::buildPendingResourcesIfNeeded)
(WebCore::SVGStyledElement::clearHasPendingResourcesIfPossible)
* svg/SVGUseElement.cpp:
(WebCore::SVGUseElement::svgAttributeChanged)

LayoutTests: Crash due to bad data in SVGDocumentExtensions m_pendingResources.
https://bugs.webkit.org/show_bug.cgi?id=67488

Patch by Ken Buchanan <kenrb@chromium.org> on 2011-09-10
Reviewed by Nikolas Zimmermann.

Test added: validating that the crash referenced in the bug is not present.

* svg/dom/SVGStyledElement-pendingResource-crash.html: Added.
* svg/dom/SVGStyledElement-pendingResource-crash-expected.txt: Added.
* svg/dom/resources/SVGStyledElement-pendingResource-crash.svg: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@94905 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog [changed mode: 0644->0755]
LayoutTests/svg/dom/SVGStyledElement-pendingResource-crash-expected.txt [new file with mode: 0755]
LayoutTests/svg/dom/SVGStyledElement-pendingResource-crash.html [new file with mode: 0755]
LayoutTests/svg/dom/resources/SVGStyledElement-pendingResource-crash.svg [new file with mode: 0755]
Source/WebCore/ChangeLog [changed mode: 0644->0755]
Source/WebCore/rendering/svg/RenderSVGResourceContainer.cpp
Source/WebCore/svg/SVGDocumentExtensions.cpp [changed mode: 0644->0755]
Source/WebCore/svg/SVGDocumentExtensions.h [changed mode: 0644->0755]
Source/WebCore/svg/SVGStyledElement.cpp [changed mode: 0644->0755]
Source/WebCore/svg/SVGStyledElement.h [changed mode: 0644->0755]
Source/WebCore/svg/SVGUseElement.cpp