This website requires JavaScript.
Explore
Help
Sign In
nephele
/
haikuwebkit
Watch
1
Star
0
Fork
You've already forked haikuwebkit
0
Code
Issues
Releases
Activity
haiku
haikuwebkit
/
LayoutTests
/
css3
/
filters
/
crash-filter-animation-inva...
4 lines
63 B
Plaintext
Raw
Permalink
Normal View
History
Unescape
Escape
Remove trailing spaces from expected.txt files (excluding WPT for now since that contains too many) https://bugs.webkit.org/show_bug.cgi?id=217016 Reviewed by Zalan Bujtas. Done with this command: find LayoutTests -name '*-expected.txt' | grep -v imported | xargs awk '/^CONSOLE MESSAGE:/ { next }; /^<\?xml/ { nextfile }; { print FILENAME; nextfile }' | xargs perl -i -pe 's/ +$//g' This affects many files, and it's not helpful to clog the change log with a list of them. Canonical link: https://commits.webkit.org/229803@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267644 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2020-09-27 02:15:19 +00:00
WebKit bug #127151. This test passes if it doesn't crash.
REGRESSION(r161967): Crash in WebCore::CachedSVGDocumentReference::load <https://webkit.org/b/127151> <rdar://problem/15840760> Source/WebCore: There were two issues introduced here; the first is a use-after-free of CachedSVGDocumentReference objects. The previous code kept a map from FilterOperation -> RefPtr<WebKitCSSSVGDocumentValue>, which retained the CachedSVGDocument. In r161967, this was changed to use a weak HashSet, which allows stale CachedSVGDocumentReferences in the pending document set if the owning FilterOperation is deleted. To fix this, we'll keep a vector of RefPtr<FilterOperation> with pending SVG documents. The second issue is a null deref in CachedSVGDocumentReference::load(); CachedResourceLoader::requestSVGDocument() can return 0 if (for example) an invalid URL is passed. r161967 removed a null check as part of the refactoring. Reviewed by Dirk Schulze. Tests: css3/filters/crash-filter-animation-invalid-url.html css3/filters/crash-invalid-url.html * css/StyleResolver.cpp: (WebCore::StyleResolver::State::clear): Use new member var name. (WebCore::StyleResolver::loadPendingSVGDocuments): For each FilterOperation with a pending SVG document, get or create a CachedSVGDocumentReference, and tell it to load. Changed to use new function names. (WebCore::StyleResolver::createFilterOperations): Append the FilterOperation to the list of FilterOperations with unloaded SVG documents. * css/StyleResolver.h: Changed from using PendingSVGDocumentSet, a weak set, to a Vector<RefPtr<ReferenceFilterOperation>>. (WebCore::StyleResolver::State::filtersWithPendingSVGDocuments): Return the vector. * loader/cache/CachedSVGDocumentReference.cpp: (WebCore::CachedSVGDocumentReference::~CachedSVGDocumentReference): Null check m_document rather than checking m_loadRequested. m_loadRequested may be true when m_document is 0. (WebCore::CachedSVGDocumentReference::load): Null check the result of CachedResourceLoader::requestSVGDocument(). * platform/graphics/filters/FilterOperation.cpp: (WebCore::ReferenceFilterOperation::getOrCreateCachedSVGDocumentReference): Create, if necessary, and return the CachedSVGDocumentReference. * platform/graphics/filters/FilterOperation.h: Replaced createCachedSVGDocumentReference() with getOrCreateCachedSVGDocumentReference(), which makes for slightly cleaner code. LayoutTests: Reviewed by Dirk Schulze. * css3/filters/crash-filter-animation-invalid-url-expected.txt: Added. * css3/filters/crash-filter-animation-invalid-url.html: Added. * css3/filters/crash-invalid-url-expected.txt: Added. * css3/filters/crash-invalid-url.html: Added. Canonical link: https://commits.webkit.org/145521@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@162643 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2014-01-23 22:24:03 +00:00
XXX
