[webkit-changes] [117365] trunk

[timothy_horton]

Title: [117365] trunk

Revision

117365

Author

timothy_hor...@apple.com

Date

2012-05-16 17:07:16 -0700 (Wed, 16 May 2012)

Log Message

Crash if SVG gradient stop has display: none set
https://bugs.webkit.org/show_bug.cgi?id=86686
<rdar://problem/10751905>

Reviewed by Dean Jackson.

Source/WebCore:

Create a renderer for SVGStopElement regardless of the "display" property.
This matches the behavior of Opera and the SVG specification.

Test: svg/custom/gradient-stop-display-none-crash.svg

* svg/SVGStopElement.cpp:
(WebCore::SVGStopElement::rendererIsNeeded):
(WebCore):
* svg/SVGStopElement.h:
(SVGStopElement):

LayoutTests:

Add a test that ensures that we don't crash if "display: none" is set on an SVGStopElement.

* svg/custom/gradient-stop-display-none-crash-expected.txt: Added.
* svg/custom/gradient-stop-display-none-crash.svg: Added.

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/svg/SVGStopElement.cpp
• trunk/Source/WebCore/svg/SVGStopElement.h

Added Paths

• trunk/LayoutTests/svg/custom/gradient-stop-display-none-crash-expected.txt
• trunk/LayoutTests/svg/custom/gradient-stop-display-none-crash.svg

Diff

Modified: trunk/LayoutTests/ChangeLog (117364 => 117365)

--- trunk/LayoutTests/ChangeLog	2012-05-17 00:00:56 UTC (rev 117364)
+++ trunk/LayoutTests/ChangeLog	2012-05-17 00:07:16 UTC (rev 117365)
@@ -1,3 +1,16 @@
+2012-05-16  Tim Horton  <timothy_hor...@apple.com>
+
+        Crash if SVG gradient stop has display: none set
+        https://bugs.webkit.org/show_bug.cgi?id=86686
+        <rdar://problem/10751905>
+
+        Reviewed by Dean Jackson.
+
+        Add a test that ensures that we don't crash if "display: none" is set on an SVGStopElement.
+
+        * svg/custom/gradient-stop-display-none-crash-expected.txt: Added.
+        * svg/custom/gradient-stop-display-none-crash.svg: Added.
+
 2012-05-16  Philippe Normand  <pnorm...@igalia.com>
 
         Unreviewed, GTK rebaseline after r116069 and r117339.

Added: trunk/LayoutTests/svg/custom/gradient-stop-display-none-crash-expected.txt (0 => 117365)

--- trunk/LayoutTests/svg/custom/gradient-stop-display-none-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/svg/custom/gradient-stop-display-none-crash-expected.txt	2012-05-17 00:07:16 UTC (rev 117365)
@@ -0,0 +1 @@
+This test passes if there is no crash.

Added: trunk/LayoutTests/svg/custom/gradient-stop-display-none-crash.svg (0 => 117365)

--- trunk/LayoutTests/svg/custom/gradient-stop-display-none-crash.svg	                        (rev 0)
+++ trunk/LayoutTests/svg/custom/gradient-stop-display-none-crash.svg	2012-05-17 00:07:16 UTC (rev 117365)
@@ -0,0 +1,13 @@
+<svg xmlns="http://www.w3.org/2000/svg">
+    <script>
+        if (window.layoutTestController)
+            layoutTestController.dumpAsText();
+    </script>
+    <defs>
+        <linearGradient id="grad1" x1="0%" y1="0%" x2="100%" y2="0%">
+            <stop offset="0%" style="stop-color: rgb(0,255,0); display: none;"/>
+        </linearGradient>
+    </defs>
+    <rect x="0" y="0" width="100" height="100" fill="url(#grad1)"/>
+    <text x="120" y="20">This test passes if there is no crash.</text>
+</svg>

Modified: trunk/Source/WebCore/ChangeLog (117364 => 117365)

--- trunk/Source/WebCore/ChangeLog	2012-05-17 00:00:56 UTC (rev 117364)
+++ trunk/Source/WebCore/ChangeLog	2012-05-17 00:07:16 UTC (rev 117365)
@@ -1,3 +1,22 @@
+2012-05-16  Tim Horton  <timothy_hor...@apple.com>
+
+        Crash if SVG gradient stop has display: none set
+        https://bugs.webkit.org/show_bug.cgi?id=86686
+        <rdar://problem/10751905>
+
+        Reviewed by Dean Jackson.
+
+        Create a renderer for SVGStopElement regardless of the "display" property.
+        This matches the behavior of Opera and the SVG specification.
+
+        Test: svg/custom/gradient-stop-display-none-crash.svg
+
+        * svg/SVGStopElement.cpp:
+        (WebCore::SVGStopElement::rendererIsNeeded):
+        (WebCore):
+        * svg/SVGStopElement.h:
+        (SVGStopElement):
+
 2012-05-16  Dana Jansens  <dan...@chromium.org>
 
         [chromium] Clear the m_private pointer when destroying WebFilterOperations to avoid assert in WebPrivateOwnPtr

Modified: trunk/Source/WebCore/svg/SVGStopElement.cpp (117364 => 117365)

--- trunk/Source/WebCore/svg/SVGStopElement.cpp	2012-05-17 00:00:56 UTC (rev 117364)
+++ trunk/Source/WebCore/svg/SVGStopElement.cpp	2012-05-17 00:07:16 UTC (rev 117365)
@@ -106,6 +106,11 @@
     return new (arena) RenderSVGGradientStop(this);
 }
 
+bool SVGStopElement::rendererIsNeeded(const NodeRenderingContext&)
+{
+    return true;
+}
+
 Color SVGStopElement::stopColorIncludingOpacity() const
 {
     ASSERT(renderer());

Modified: trunk/Source/WebCore/svg/SVGStopElement.h (117364 => 117365)

--- trunk/Source/WebCore/svg/SVGStopElement.h	2012-05-17 00:00:56 UTC (rev 117364)
+++ trunk/Source/WebCore/svg/SVGStopElement.h	2012-05-17 00:07:16 UTC (rev 117365)
@@ -43,6 +43,7 @@
     virtual bool isGradientStop() const { return true; }
 
     virtual RenderObject* createRenderer(RenderArena*, RenderStyle*);
+    virtual bool rendererIsNeeded(const NodeRenderingContext&) OVERRIDE;
 
     BEGIN_DECLARE_ANIMATED_PROPERTIES(SVGStopElement)
         DECLARE_ANIMATED_NUMBER(Offset, offset)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes