Skip to content
Permalink
Browse files
2010-12-24 Justin Schuh <jschuh@chromium.org>
        Reviewed by Darin Adler.

        SVGFontFaceElement::rebuildFontFace() should exit when not in document
        https://bugs.webkit.org/show_bug.cgi?id=51571

        * svg/custom/use-invalid-font-face-expected.txt: Added.
        * svg/custom/use-invalid-font-face.svg: Added.
2010-12-24  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Darin Adler.

        SVGFontFaceElement::rebuildFontFace() should exit when not in document
        https://bugs.webkit.org/show_bug.cgi?id=51571

        We were hitting a NULL deref crash. Since most of the callers checked
        inDocument() anyway, I moved it into the start of rebuildFontFace.

        Test: svg/custom/use-invalid-font-face.svg

        * svg/SVGFontFaceElement.cpp:
        (WebCore::SVGFontFaceElement::parseMappedAttribute):
        (WebCore::SVGFontFaceElement::rebuildFontFace):
        (WebCore::SVGFontFaceElement::childrenChanged):

Canonical link: https://commits.webkit.org/64961@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@74622 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
jschuh committed Dec 24, 2010
1 parent 0a6cfe5 commit dee3a4274bf51a32b78691f96a78d8db0e509eae
Showing 5 changed files with 45 additions and 5 deletions.
@@ -1,3 +1,13 @@
2010-12-24 Justin Schuh <jschuh@chromium.org>

Reviewed by Darin Adler.

SVGFontFaceElement::rebuildFontFace() should exit when not in document
https://bugs.webkit.org/show_bug.cgi?id=51571

* svg/custom/use-invalid-font-face-expected.txt: Added.
* svg/custom/use-invalid-font-face.svg: Added.

2010-12-23 Yuta Kitamura <yutak@chromium.org>

Unreviewed. Update GTK's Skipped file.
@@ -0,0 +1 @@
PASS: Invalid font face did not crash.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@@ -1,3 +1,20 @@
2010-12-24 Justin Schuh <jschuh@chromium.org>

Reviewed by Darin Adler.

SVGFontFaceElement::rebuildFontFace() should exit when not in document
https://bugs.webkit.org/show_bug.cgi?id=51571

We were hitting a NULL deref crash. Since most of the callers checked
inDocument() anyway, I moved it into the start of rebuildFontFace.

Test: svg/custom/use-invalid-font-face.svg

* svg/SVGFontFaceElement.cpp:
(WebCore::SVGFontFaceElement::parseMappedAttribute):
(WebCore::SVGFontFaceElement::rebuildFontFace):
(WebCore::SVGFontFaceElement::childrenChanged):

2010-12-24 Justin Schuh <jschuh@chromium.org>

Reviewed by Darin Adler.
@@ -114,8 +114,7 @@ void SVGFontFaceElement::parseMappedAttribute(Attribute* attr)
int propId = cssPropertyIdForSVGAttributeName(attr->name());
if (propId > 0) {
m_styleDeclaration->setProperty(propId, attr->value(), false);
if (inDocument())
rebuildFontFace();
rebuildFontFace();
return;
}

@@ -264,7 +263,8 @@ String SVGFontFaceElement::fontFamily() const

void SVGFontFaceElement::rebuildFontFace()
{
ASSERT(inDocument());
if (!inDocument())
return;

// we currently ignore all but the first src element, alternatively we could concat them
SVGFontFaceSrcElement* srcElement = 0;
@@ -328,8 +328,7 @@ void SVGFontFaceElement::removedFromDocument()
void SVGFontFaceElement::childrenChanged(bool changedByParser, Node* beforeChange, Node* afterChange, int childCountDelta)
{
SVGElement::childrenChanged(changedByParser, beforeChange, afterChange, childCountDelta);
if (inDocument())
rebuildFontFace();
rebuildFontFace();
}

void SVGFontFaceElement::removeFromMappedElementSheet()

0 comments on commit dee3a42

Please sign in to comment.