Title: [86874] branches/safari-534.36-branch
- Revision
- 86874
- Author
- [email protected]
- Date
- 2011-05-19 12:44:39 -0700 (Thu, 19 May 2011)
Log Message
Merge r86725.
Modified Paths
Added Paths
Diff
Modified: branches/safari-534.36-branch/LayoutTests/ChangeLog (86873 => 86874)
--- branches/safari-534.36-branch/LayoutTests/ChangeLog 2011-05-19 19:26:56 UTC (rev 86873)
+++ branches/safari-534.36-branch/LayoutTests/ChangeLog 2011-05-19 19:44:39 UTC (rev 86874)
@@ -1,3 +1,17 @@
+2011-05-19 Lucas Forschler <[email protected]>
+
+ Merge r86725.
+
+ 2011-05-17 Cris Neckar <[email protected]>
+
+ Reviewed by Adam Barth.
+
+ Tests for crash when two nested image objects with invalid data are loaded.
+ https://bugs.webkit.org/show_bug.cgi?id=61005
+
+ * http/tests/loading/nested_bad_objects-expected.txt: Added.
+ * http/tests/loading/nested_bad_objects.php: Added.
+
2011-05-17 Ryosuke Niwa <[email protected]>
Reviewed by Enrica Casucci.
Copied: branches/safari-534.36-branch/LayoutTests/http/tests/loading/nested_bad_objects-expected.txt (from rev 86725, trunk/LayoutTests/http/tests/loading/nested_bad_objects-expected.txt) (0 => 86874)
--- branches/safari-534.36-branch/LayoutTests/http/tests/loading/nested_bad_objects-expected.txt (rev 0)
+++ branches/safari-534.36-branch/LayoutTests/http/tests/loading/nested_bad_objects-expected.txt 2011-05-19 19:44:39 UTC (rev 86874)
@@ -0,0 +1,6 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+ PASS - nested image objects with bad mimetype do not cause a crash.
Copied: branches/safari-534.36-branch/LayoutTests/http/tests/loading/nested_bad_objects.php (from rev 86725, trunk/LayoutTests/http/tests/loading/nested_bad_objects.php) (0 => 86874)
--- branches/safari-534.36-branch/LayoutTests/http/tests/loading/nested_bad_objects.php (rev 0)
+++ branches/safari-534.36-branch/LayoutTests/http/tests/loading/nested_bad_objects.php 2011-05-19 19:44:39 UTC (rev 86874)
@@ -0,0 +1,16 @@
+<?
+if (isset($_GET['object'])) {
+ header("Content-Type: nothing/bad-type");
+ exit();
+}
+?>
+<html>
+ <script>
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+ </script>
+ <object type="image/jpeg" data=""
+ <object type="image/jpeg" data="" />
+ </object>
+ PASS - nested image objects with bad mimetype do not cause a crash.
+</html>
Modified: branches/safari-534.36-branch/Source/WebCore/ChangeLog (86873 => 86874)
--- branches/safari-534.36-branch/Source/WebCore/ChangeLog 2011-05-19 19:26:56 UTC (rev 86873)
+++ branches/safari-534.36-branch/Source/WebCore/ChangeLog 2011-05-19 19:44:39 UTC (rev 86874)
@@ -1,3 +1,15 @@
+2011-05-17 Cris Neckar <[email protected]>
+
+ Reviewed by Adam Barth.
+
+ Clear the image from ImageLoader rather than clearing the ImageLoader in HTMLObjectElement::renderFallbackContent.
+ https://bugs.webkit.org/show_bug.cgi?id=61005
+
+ Test: http/tests/loading/nested_bad_objects.php
+
+ * html/HTMLObjectElement.cpp:
+ (WebCore::HTMLObjectElement::renderFallbackContent):
+
2011-05-17 Chris Rogers <[email protected]>
Reviewed by Kenneth Russell.
Modified: branches/safari-534.36-branch/Source/WebCore/html/HTMLObjectElement.cpp (86873 => 86874)
--- branches/safari-534.36-branch/Source/WebCore/html/HTMLObjectElement.cpp 2011-05-19 19:26:56 UTC (rev 86873)
+++ branches/safari-534.36-branch/Source/WebCore/html/HTMLObjectElement.cpp 2011-05-19 19:44:39 UTC (rev 86874)
@@ -377,8 +377,8 @@
if (m_imageLoader && m_imageLoader->image() && m_imageLoader->image()->status() != CachedResource::LoadError) {
m_serviceType = m_imageLoader->image()->response().mimeType();
if (!isImageType()) {
- // If we don't think we have an image type anymore, then ditch the image loader.
- m_imageLoader.clear();
+ // If we don't think we have an image type anymore, then clear the image from the loader.
+ m_imageLoader->setImage(0);
detach();
attach();
return;
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
