Title: [91511] branches/safari-534.51-branch
- Revision
- 91511
- Author
- [email protected]
- Date
- 2011-07-21 14:54:03 -0700 (Thu, 21 Jul 2011)
Log Message
Merge r89595.
Modified Paths
Added Paths
Diff
Modified: branches/safari-534.51-branch/LayoutTests/ChangeLog (91510 => 91511)
--- branches/safari-534.51-branch/LayoutTests/ChangeLog 2011-07-21 21:53:12 UTC (rev 91510)
+++ branches/safari-534.51-branch/LayoutTests/ChangeLog 2011-07-21 21:54:03 UTC (rev 91511)
@@ -1,5 +1,19 @@
2011-07-21 Lucas Forschler <[email protected]>
+ Merged 89595.
+
+ 2011-06-23 Abhishek Arya <[email protected]>
+
+ Reviewed by Adam Barth.
+
+ Tests that we do not crash when doing a media query match.
+ https://bugs.webkit.org/show_bug.cgi?id=63264
+
+ * fast/css/media-query-evaluator-crash-expected.txt: Added.
+ * fast/css/media-query-evaluator-crash.html: Added.
+
+2011-07-21 Lucas Forschler <[email protected]>
+
Merged 89492.
2011-06-22 Annie Sullivan <[email protected]>
Copied: branches/safari-534.51-branch/LayoutTests/fast/css/media-query-evaluator-crash-expected.txt (from rev 89595, trunk/LayoutTests/fast/css/media-query-evaluator-crash-expected.txt) (0 => 91511)
--- branches/safari-534.51-branch/LayoutTests/fast/css/media-query-evaluator-crash-expected.txt (rev 0)
+++ branches/safari-534.51-branch/LayoutTests/fast/css/media-query-evaluator-crash-expected.txt 2011-07-21 21:54:03 UTC (rev 91511)
@@ -0,0 +1 @@
+Test passes if it does not crash.
Copied: branches/safari-534.51-branch/LayoutTests/fast/css/media-query-evaluator-crash.html (from rev 89595, trunk/LayoutTests/fast/css/media-query-evaluator-crash.html) (0 => 91511)
--- branches/safari-534.51-branch/LayoutTests/fast/css/media-query-evaluator-crash.html (rev 0)
+++ branches/safari-534.51-branch/LayoutTests/fast/css/media-query-evaluator-crash.html 2011-07-21 21:54:03 UTC (rev 91511)
@@ -0,0 +1,12 @@
+<html>
+Test passes if it does not crash.
+<iframe id="test"></iframe>
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+var iframe = document.getElementById("test");
+var obj = iframe.contentWindow.matchMedia("(min-width: 0em)");
+</script>
+</html>
+
Modified: branches/safari-534.51-branch/Source/WebCore/ChangeLog (91510 => 91511)
--- branches/safari-534.51-branch/Source/WebCore/ChangeLog 2011-07-21 21:53:12 UTC (rev 91510)
+++ branches/safari-534.51-branch/Source/WebCore/ChangeLog 2011-07-21 21:54:03 UTC (rev 91511)
@@ -1,5 +1,23 @@
2011-07-21 Lucas Forschler <[email protected]>
+ Merged 89595.
+
+ 2011-06-23 Abhishek Arya <[email protected]>
+
+ Reviewed by Adam Barth.
+
+ RefPtr m_style in MediaQueryEvaluator in case of callers like
+ MediaQueryMatcher::prepareEvaluator that do not retain its reference.
+ https://bugs.webkit.org/show_bug.cgi?id=63264
+
+ Test: fast/css/media-query-evaluator-crash.html
+
+ * css/MediaQueryEvaluator.cpp:
+ (WebCore::MediaQueryEvaluator::eval):
+ * css/MediaQueryEvaluator.h:
+
+2011-07-21 Lucas Forschler <[email protected]>
+
Merged 89492.
2011-06-22 Annie Sullivan <[email protected]>
Modified: branches/safari-534.51-branch/Source/WebCore/css/MediaQueryEvaluator.cpp (91510 => 91511)
--- branches/safari-534.51-branch/Source/WebCore/css/MediaQueryEvaluator.cpp 2011-07-21 21:53:12 UTC (rev 91510)
+++ branches/safari-534.51-branch/Source/WebCore/css/MediaQueryEvaluator.cpp 2011-07-21 21:54:03 UTC (rev 91511)
@@ -532,7 +532,7 @@
// used
EvalFunc func = gFunctionMap->get(expr->mediaFeature().impl());
if (func)
- return func(expr->value(), m_style, m_frame, NoPrefix);
+ return func(expr->value(), m_style.get(), m_frame, NoPrefix);
return false;
}
Modified: branches/safari-534.51-branch/Source/WebCore/css/MediaQueryEvaluator.h (91510 => 91511)
--- branches/safari-534.51-branch/Source/WebCore/css/MediaQueryEvaluator.h 2011-07-21 21:53:12 UTC (rev 91510)
+++ branches/safari-534.51-branch/Source/WebCore/css/MediaQueryEvaluator.h 2011-07-21 21:54:03 UTC (rev 91511)
@@ -83,7 +83,7 @@
private:
String m_mediaType;
Frame* m_frame; // not owned
- RenderStyle* m_style; // not owned
+ RefPtr<RenderStyle> m_style;
bool m_expResult;
};
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
