[webkit-changes] [88474] trunk

Thu, 09 Jun 2011 12:53:05 -0700

Title: [88474] trunk
Revision
88474
Author
[email protected]
Date
2011-06-09 12:52:27 -0700 (Thu, 09 Jun 2011)

Log Message

2011-06-09  Julien Chaffraix  <[email protected]>

        Reviewed by Darin Adler.

        Test for WebCore::WebKitCSSKeyframesRuleInternal::nameAttrSetter() - crash
        https://bugs.webkit.org/show_bug.cgi?id=62384

        * fast/css/webkit-keyframes-crash-expected.txt: Added.
        * fast/css/webkit-keyframes-crash.html: Added.
2011-06-09  Julien Chaffraix  <[email protected]>

        Reviewed by Darin Adler.

        WebCore::WebKitCSSKeyframesRuleInternal::nameAttrSetter() - crash
        https://bugs.webkit.org/show_bug.cgi?id=62384

        Test: fast/css/webkit-keyframes-crash.html

        * css/WebKitCSSKeyframesRule.cpp:
        (WebCore::WebKitCSSKeyframesRule::setName): stylesheet() is never garanteed
        to return a non-null pointer. Thus null-check here like the rest of the code.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (88473 => 88474)


--- trunk/LayoutTests/ChangeLog	2011-06-09 19:44:37 UTC (rev 88473)
+++ trunk/LayoutTests/ChangeLog	2011-06-09 19:52:27 UTC (rev 88474)
@@ -1,3 +1,13 @@
+2011-06-09  Julien Chaffraix  <[email protected]>
+
+        Reviewed by Darin Adler.
+
+        Test for WebCore::WebKitCSSKeyframesRuleInternal::nameAttrSetter() - crash
+        https://bugs.webkit.org/show_bug.cgi?id=62384
+
+        * fast/css/webkit-keyframes-crash-expected.txt: Added.
+        * fast/css/webkit-keyframes-crash.html: Added.
+
 2011-06-09  Julien Chaffraix  <[email protected]>
 
         Reviewed by David Hyatt.

Added: trunk/LayoutTests/fast/css/webkit-keyframes-crash-expected.txt (0 => 88474)


--- trunk/LayoutTests/fast/css/webkit-keyframes-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/css/webkit-keyframes-crash-expected.txt	2011-06-09 19:52:27 UTC (rev 88474)
@@ -0,0 +1,5 @@
+Test for bug 62384: WebCore::WebKitCSSKeyframesRuleInternal::nameAttrSetter() - crash
+
+This test passed if it did not crash
+
+PASSED

Added: trunk/LayoutTests/fast/css/webkit-keyframes-crash.html (0 => 88474)


--- trunk/LayoutTests/fast/css/webkit-keyframes-crash.html	                        (rev 0)
+++ trunk/LayoutTests/fast/css/webkit-keyframes-crash.html	2011-06-09 19:52:27 UTC (rev 88474)
@@ -0,0 +1,24 @@
+<html>
+<body>
+    <p>Test for bug <a href="" WebCore::WebKitCSSKeyframesRuleInternal::nameAttrSetter() - crash</p>
+    <p>This test passed if it did not crash</p>
+    <p id="console">FAILED (test not run)</p>
+    <script>
+        if (window.layoutTestController)
+            layoutTestController.dumpAsText();
+
+        function main(){
+            var e = window.document.styleSheets[0].cssRules[0];
+            e.cssRules.item().parentStyleSheet.removeRule();
+            e.name = 'bar';
+            document.getElementById('console').innerHTML = "PASSED";
+        }
+        window._onload_ = main;
+    </script>
+    <style>
+        @-webkit-keyframes foo {
+            0% {foo: bar;}
+        }
+    </style>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (88473 => 88474)


--- trunk/Source/WebCore/ChangeLog	2011-06-09 19:44:37 UTC (rev 88473)
+++ trunk/Source/WebCore/ChangeLog	2011-06-09 19:52:27 UTC (rev 88474)
@@ -1,3 +1,16 @@
+2011-06-09  Julien Chaffraix  <[email protected]>
+
+        Reviewed by Darin Adler.
+
+        WebCore::WebKitCSSKeyframesRuleInternal::nameAttrSetter() - crash
+        https://bugs.webkit.org/show_bug.cgi?id=62384
+
+        Test: fast/css/webkit-keyframes-crash.html
+
+        * css/WebKitCSSKeyframesRule.cpp:
+        (WebCore::WebKitCSSKeyframesRule::setName): stylesheet() is never garanteed
+        to return a non-null pointer. Thus null-check here like the rest of the code.
+
 2011-06-09  Julien Chaffraix  <[email protected]>
 
         Reviewed by David Hyatt.

Modified: trunk/Source/WebCore/css/WebKitCSSKeyframesRule.cpp (88473 => 88474)


--- trunk/Source/WebCore/css/WebKitCSSKeyframesRule.cpp	2011-06-09 19:44:37 UTC (rev 88473)
+++ trunk/Source/WebCore/css/WebKitCSSKeyframesRule.cpp	2011-06-09 19:52:27 UTC (rev 88474)
@@ -66,7 +66,8 @@
     
     // Since the name is used in the keyframe map list in CSSStyleSelector, we need
     // to recompute the style sheet to get the updated name.
-    stylesheet()->styleSheetChanged();
+    if (stylesheet())
+        stylesheet()->styleSheetChanged();
 }
 
 unsigned WebKitCSSKeyframesRule::length() const

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to