Google Git
Sign in
webkit / WebKit / b0bfeb7001f7dcbc99827d08abd1247c5bca7a86
commitb0bfeb7001f7dcbc99827d08abd1247c5bca7a86[log] [tgz]
authorzimmermann@webkit.org <zimmermann@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu Jan 21 02:10:20 2010 +0000
committerzimmermann@webkit.org <zimmermann@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu Jan 21 02:10:20 2010 +0000
tree2a6cb8dbc6ef314e591ba31267a3970692dfbeb0
parent91437b098c9f70b0c4330a51f7160db53047e873 [diff]
2010-01-20  Nikolas Zimmermann  <nzimmermann@rim.com>

        Reviewed by Oliver Hunt.

        Crash on dispatching SVG mouse events
        https://bugs.webkit.org/show_bug.cgi?id=33841

        Return early SVGUseElement::instanceForShadowTreeElement if m_targetElementInstance is zero.
        This only happens if the SVGUseElement has just been removed from the document and EventHandler
        tries to dispatch a mouseout event to the corresponding SVGElementInstance. This is not testable
        using DRT unfortunately, so we have to add another manual testcase for that.

        Tests: manual-tests/use-crash-on-mouse-hover.svg

        * manual-tests/svg-crash-hovering-use.svg: Added.
        * svg/SVGUseElement.cpp:
        (WebCore::SVGUseElement::instanceForShadowTreeElement): Add ASSERT(!inDocument()) when returning 0 here if m_targetElementInstance is 0.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53589 268f45cc-cd09-0410-ab3c-d52691b4dbfc
3 files changed
tree: 2a6cb8dbc6ef314e591ba31267a3970692dfbeb0
  1. autotools/
  2. BugsSite/
  3. JavaScriptCore/
  4. JavaScriptGlue/
  5. LayoutTests/
  6. PageLoadTests/
  7. PlanetWebKit/
  8. SunSpider/
  9. WebCore/
  10. WebKit/
  11. WebKitExamplePlugins/
  12. WebKitLibraries/
  13. WebKitSite/
  14. WebKitTools/
  15. .gitignore
  16. Android.mk
  17. autogen.sh
  18. ChangeLog
  19. configure.ac
  20. DerivedSources.pro
  21. GNUmakefile.am
  22. Makefile
  23. Makefile.shared
  24. WebKit.pri
  25. WebKit.pro