summaryrefslogtreecommitdiffstats
path: root/src/3rdparty/webkit/WebCore/svg/SVGElement.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/3rdparty/webkit/WebCore/svg/SVGElement.cpp')
-rw-r--r--src/3rdparty/webkit/WebCore/svg/SVGElement.cpp9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/3rdparty/webkit/WebCore/svg/SVGElement.cpp b/src/3rdparty/webkit/WebCore/svg/SVGElement.cpp
index 41bbba4e48..974bf2a70b 100644
--- a/src/3rdparty/webkit/WebCore/svg/SVGElement.cpp
+++ b/src/3rdparty/webkit/WebCore/svg/SVGElement.cpp
@@ -304,6 +304,15 @@ void SVGElement::attributeChanged(Attribute* attr, bool preserveDecls)
return;
StyledElement::attributeChanged(attr, preserveDecls);
+
+ // When an animated SVG property changes through SVG DOM, svgAttributeChanged() is called, not attributeChanged().
+ // Next time someone tries to access the XML attributes, the synchronization code starts. During that synchronization
+ // SVGAnimatedPropertySynchronizer may call NamedNodeMap::removeAttribute(), which in turn calls attributeChanged().
+ // At this point we're not allowed to call svgAttributeChanged() again - it may lead to extra work being done, or crashes
+ // see bug https://bugs.webkit.org/show_bug.cgi?id=40994.
+ if (m_synchronizingSVGAttributes)
+ return;
+
svgAttributeChanged(attr->name());
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 00:53:31 +0000