[webkit-changes] [89443] branches/chromium/782

[jchaffraix]

Title: [89443] branches/chromium/782

Revision

89443

Author

jchaffr...@webkit.org

Date

2011-06-22 10:13:32 -0700 (Wed, 22 Jun 2011)

Log Message

Merge 88474 - 2011-06-09  Julien Chaffraix  <jchaffr...@webkit.org>

        Reviewed by Darin Adler.

        Test for WebCore::WebKitCSSKeyframesRuleInternal::nameAttrSetter() - crash
        https://bugs.webkit.org/show_bug.cgi?id=62384

        * fast/css/webkit-keyframes-crash-expected.txt: Added.
        * fast/css/webkit-keyframes-crash.html: Added.
2011-06-09  Julien Chaffraix  <jchaffr...@webkit.org>

        Reviewed by Darin Adler.

        WebCore::WebKitCSSKeyframesRuleInternal::nameAttrSetter() - crash
        https://bugs.webkit.org/show_bug.cgi?id=62384

        Test: fast/css/webkit-keyframes-crash.html

        * css/WebKitCSSKeyframesRule.cpp:
        (WebCore::WebKitCSSKeyframesRule::setName): stylesheet() is never garanteed
        to return a non-null pointer. Thus null-check here like the rest of the code.

TBR=jchaffr...@webkit.org
Review URL: http://codereview.chromium.org/7231013

Modified Paths

• branches/chromium/782/LayoutTests/ChangeLog
• branches/chromium/782/Source/WebCore/ChangeLog
• branches/chromium/782/Source/WebCore/css/WebKitCSSKeyframesRule.cpp

Added Paths

• branches/chromium/782/LayoutTests/fast/css/webkit-keyframes-crash-expected.txt
• branches/chromium/782/LayoutTests/fast/css/webkit-keyframes-crash.html

Diff

Modified: branches/chromium/782/LayoutTests/ChangeLog (89442 => 89443)

--- branches/chromium/782/LayoutTests/ChangeLog	2011-06-22 16:57:08 UTC (rev 89442)
+++ branches/chromium/782/LayoutTests/ChangeLog	2011-06-22 17:13:32 UTC (rev 89443)
@@ -13,6 +13,16 @@
         * platform/mac/svg/text/scaling-font-with-geometric-precision-expected.txt: Added.
         * svg/text/scaling-font-with-geometric-precision.html: Added.
 
+2011-06-09  Julien Chaffraix  <jchaffr...@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Test for WebCore::WebKitCSSKeyframesRuleInternal::nameAttrSetter() - crash
+        https://bugs.webkit.org/show_bug.cgi?id=62384
+
+        * fast/css/webkit-keyframes-crash-expected.txt: Added.
+        * fast/css/webkit-keyframes-crash.html: Added.
+
 2011-06-08  John Bauman  <jbau...@chromium.org>
 
         Reviewed by James Robinson.

Copied: branches/chromium/782/LayoutTests/fast/css/webkit-keyframes-crash-expected.txt (from rev 88474, trunk/LayoutTests/fast/css/webkit-keyframes-crash-expected.txt) (0 => 89443)

--- branches/chromium/782/LayoutTests/fast/css/webkit-keyframes-crash-expected.txt	                        (rev 0)
+++ branches/chromium/782/LayoutTests/fast/css/webkit-keyframes-crash-expected.txt	2011-06-22 17:13:32 UTC (rev 89443)
@@ -0,0 +1,5 @@
+Test for bug 62384: WebCore::WebKitCSSKeyframesRuleInternal::nameAttrSetter() - crash
+
+This test passed if it did not crash
+
+PASSED

Copied: branches/chromium/782/LayoutTests/fast/css/webkit-keyframes-crash.html (from rev 88474, trunk/LayoutTests/fast/css/webkit-keyframes-crash.html) (0 => 89443)

--- branches/chromium/782/LayoutTests/fast/css/webkit-keyframes-crash.html	                        (rev 0)
+++ branches/chromium/782/LayoutTests/fast/css/webkit-keyframes-crash.html	2011-06-22 17:13:32 UTC (rev 89443)
@@ -0,0 +1,24 @@
+<html>
+<body>
+    <p>Test for bug <a href="" WebCore::WebKitCSSKeyframesRuleInternal::nameAttrSetter() - crash</p>
+    <p>This test passed if it did not crash</p>
+    <p id="console">FAILED (test not run)</p>
+    <script>
+        if (window.layoutTestController)
+            layoutTestController.dumpAsText();
+
+        function main(){
+            var e = window.document.styleSheets[0].cssRules[0];
+            e.cssRules.item().parentStyleSheet.removeRule();
+            e.name = 'bar';
+            document.getElementById('console').innerHTML = "PASSED";
+        }
+        window._onload_ = main;
+    </script>
+    <style>
+        @-webkit-keyframes foo {
+            0% {foo: bar;}
+        }
+    </style>
+</body>
+</html>

Modified: branches/chromium/782/Source/WebCore/ChangeLog (89442 => 89443)

--- branches/chromium/782/Source/WebCore/ChangeLog	2011-06-22 16:57:08 UTC (rev 89442)
+++ branches/chromium/782/Source/WebCore/ChangeLog	2011-06-22 17:13:32 UTC (rev 89443)
@@ -14,6 +14,19 @@
         * rendering/svg/RenderSVGInlineText.cpp:
         (WebCore::RenderSVGInlineText::computeNewScaledFontForStyle):
 
+2011-06-09  Julien Chaffraix  <jchaffr...@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        WebCore::WebKitCSSKeyframesRuleInternal::nameAttrSetter() - crash
+        https://bugs.webkit.org/show_bug.cgi?id=62384
+
+        Test: fast/css/webkit-keyframes-crash.html
+
+        * css/WebKitCSSKeyframesRule.cpp:
+        (WebCore::WebKitCSSKeyframesRule::setName): stylesheet() is never garanteed
+        to return a non-null pointer. Thus null-check here like the rest of the code.
+
 2011-06-08  John Bauman  <jbau...@chromium.org>
 
         Reviewed by James Robinson.

Modified: branches/chromium/782/Source/WebCore/css/WebKitCSSKeyframesRule.cpp (89442 => 89443)

--- branches/chromium/782/Source/WebCore/css/WebKitCSSKeyframesRule.cpp	2011-06-22 16:57:08 UTC (rev 89442)
+++ branches/chromium/782/Source/WebCore/css/WebKitCSSKeyframesRule.cpp	2011-06-22 17:13:32 UTC (rev 89443)
@@ -66,7 +66,8 @@
     
     // Since the name is used in the keyframe map list in CSSStyleSelector, we need
     // to recompute the style sheet to get the updated name.
-    stylesheet()->styleSheetChanged();
+    if (stylesheet())
+        stylesheet()->styleSheetChanged();
 }
 
 unsigned WebKitCSSKeyframesRule::length() const

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes