[webkit-changes] [87088] branches/chromium/742

[inferno]

Title: [87088] branches/chromium/742

Revision

87088

Author

infe...@chromium.org

Date

2011-05-23 11:52:14 -0700 (Mon, 23 May 2011)

Log Message

Merge 86725
BUG=81949
Review URL: http://codereview.chromium.org/7067001

Modified Paths

branches/chromium/742/Source/WebCore/html/HTMLObjectElement.cpp


Added Paths

branches/chromium/742/LayoutTests/http/tests/loading/nested_bad_objects-expected.txt
branches/chromium/742/LayoutTests/http/tests/loading/nested_bad_objects.php

Diff

Copied: branches/chromium/742/LayoutTests/http/tests/loading/nested_bad_objects-expected.txt (from rev 86725, trunk/LayoutTests/http/tests/loading/nested_bad_objects-expected.txt) (0 => 87088)

--- branches/chromium/742/LayoutTests/http/tests/loading/nested_bad_objects-expected.txt	                        (rev 0)
+++ branches/chromium/742/LayoutTests/http/tests/loading/nested_bad_objects-expected.txt	2011-05-23 18:52:14 UTC (rev 87088)
@@ -0,0 +1,6 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+  PASS - nested image objects with bad mimetype do not cause a crash.

Copied: branches/chromium/742/LayoutTests/http/tests/loading/nested_bad_objects.php (from rev 86725, trunk/LayoutTests/http/tests/loading/nested_bad_objects.php) (0 => 87088)

--- branches/chromium/742/LayoutTests/http/tests/loading/nested_bad_objects.php	                        (rev 0)
+++ branches/chromium/742/LayoutTests/http/tests/loading/nested_bad_objects.php	2011-05-23 18:52:14 UTC (rev 87088)
@@ -0,0 +1,16 @@
+<?
+if (isset($_GET['object'])) {
+    header("Content-Type: nothing/bad-type");
+    exit();
+}
+?>
+<html>
+    <script>
+    if (window.layoutTestController)
+        layoutTestController.dumpAsText();
+    </script>
+    <object type="image/jpeg" data=""
+        <object type="image/jpeg" data="" />
+    </object>
+    PASS - nested image objects with bad mimetype do not cause a crash.
+</html>

Modified: branches/chromium/742/Source/WebCore/html/HTMLObjectElement.cpp (87087 => 87088)

--- branches/chromium/742/Source/WebCore/html/HTMLObjectElement.cpp	2011-05-23 18:51:51 UTC (rev 87087)
+++ branches/chromium/742/Source/WebCore/html/HTMLObjectElement.cpp	2011-05-23 18:52:14 UTC (rev 87088)
@@ -378,8 +378,8 @@
     if (m_imageLoader && m_imageLoader->image() && m_imageLoader->image()->status() != CachedResource::LoadError) {
         m_serviceType = m_imageLoader->image()->response().mimeType();
         if (!isImageType()) {
-            // If we don't think we have an image type anymore, then ditch the image loader.
-            m_imageLoader.clear();        
+            // If we don't think we have an image type anymore, then clear the image from the loader.
+            m_imageLoader->setImage(0);        
             detach();
             attach();
             return;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes