Skip to site navigation (Press enter)

[webkit-changes] [86725] trunk

cdn Tue, 17 May 2011 17:53:30 -0700

Title: [86725] trunk

Revision: 86725
Author: [email protected]
Date: 2011-05-17 17:53:22 -0700 (Tue, 17 May 2011)

Log Message

2011-05-17  Cris Neckar  <[email protected]>

        Reviewed by Adam Barth.


        Clear the image from ImageLoader rather than clearing the ImageLoader in HTMLObjectElement::renderFallbackContent.
        https://bugs.webkit.org/show_bug.cgi?id=61005

        Test: http/tests/loading/nested_bad_objects.php

        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::renderFallbackContent):
2011-05-17  Cris Neckar  <[email protected]>

        Reviewed by Adam Barth.

        Tests for crash when two nested image objects with invalid data are loaded.
        https://bugs.webkit.org/show_bug.cgi?id=61005

        * http/tests/loading/nested_bad_objects-expected.txt: Added.
        * http/tests/loading/nested_bad_objects.php: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/html/HTMLObjectElement.cpp

Added Paths

trunk/LayoutTests/http/tests/loading/nested_bad_objects-expected.txt
trunk/LayoutTests/http/tests/loading/nested_bad_objects.php

Diff

Modified: trunk/LayoutTests/ChangeLog (86724 => 86725)


--- trunk/LayoutTests/ChangeLog	2011-05-18 00:29:36 UTC (rev 86724)
+++ trunk/LayoutTests/ChangeLog	2011-05-18 00:53:22 UTC (rev 86725)
@@ -1,3 +1,13 @@
+2011-05-17  Cris Neckar  <[email protected]>
+
+        Reviewed by Adam Barth.
+
+        Tests for crash when two nested image objects with invalid data are loaded.
+        https://bugs.webkit.org/show_bug.cgi?id=61005
+
+        * http/tests/loading/nested_bad_objects-expected.txt: Added.
+        * http/tests/loading/nested_bad_objects.php: Added.
+
 2011-05-17  Adam Barth  <[email protected]>
 
         Rubber-stamped by Simon Fraser.

Added: trunk/LayoutTests/http/tests/loading/nested_bad_objects-expected.txt (0 => 86725)


--- trunk/LayoutTests/http/tests/loading/nested_bad_objects-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/loading/nested_bad_objects-expected.txt	2011-05-18 00:53:22 UTC (rev 86725)
@@ -0,0 +1,6 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+  PASS - nested image objects with bad mimetype do not cause a crash.

Added: trunk/LayoutTests/http/tests/loading/nested_bad_objects.php (0 => 86725)


--- trunk/LayoutTests/http/tests/loading/nested_bad_objects.php	                        (rev 0)
+++ trunk/LayoutTests/http/tests/loading/nested_bad_objects.php	2011-05-18 00:53:22 UTC (rev 86725)
@@ -0,0 +1,16 @@
+<?
+if (isset($_GET['object'])) {
+    header("Content-Type: nothing/bad-type");
+    exit();
+}
+?>
+<html>
+    <script>
+    if (window.layoutTestController)
+        layoutTestController.dumpAsText();
+    </script>
+    <object type="image/jpeg" data=""
+        <object type="image/jpeg" data="" />
+    </object>
+    PASS - nested image objects with bad mimetype do not cause a crash.
+</html>

Modified: trunk/Source/WebCore/ChangeLog (86724 => 86725)


--- trunk/Source/WebCore/ChangeLog	2011-05-18 00:29:36 UTC (rev 86724)
+++ trunk/Source/WebCore/ChangeLog	2011-05-18 00:53:22 UTC (rev 86725)
@@ -1,3 +1,15 @@
+2011-05-17  Cris Neckar  <[email protected]>
+
+        Reviewed by Adam Barth.
+
+        Clear the image from ImageLoader rather than clearing the ImageLoader in HTMLObjectElement::renderFallbackContent.
+        https://bugs.webkit.org/show_bug.cgi?id=61005
+
+        Test: http/tests/loading/nested_bad_objects.php
+
+        * html/HTMLObjectElement.cpp:
+        (WebCore::HTMLObjectElement::renderFallbackContent):
+
 2011-05-17  Chris Rogers  <[email protected]>
 
         Reviewed by Kenneth Russell.

Modified: trunk/Source/WebCore/html/HTMLObjectElement.cpp (86724 => 86725)


--- trunk/Source/WebCore/html/HTMLObjectElement.cpp	2011-05-18 00:29:36 UTC (rev 86724)
+++ trunk/Source/WebCore/html/HTMLObjectElement.cpp	2011-05-18 00:53:22 UTC (rev 86725)
@@ -377,8 +377,8 @@
     if (m_imageLoader && m_imageLoader->image() && m_imageLoader->image()->status() != CachedResource::LoadError) {
         m_serviceType = m_imageLoader->image()->response().mimeType();
         if (!isImageType()) {
-            // If we don't think we have an image type anymore, then ditch the image loader.
-            m_imageLoader.clear();        
+            // If we don't think we have an image type anymore, then clear the image from the loader.
+            m_imageLoader->setImage(0);        
             detach();
             attach();
             return;

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes