Title: [92025] trunk
- Revision
- 92025
- Author
- [email protected]
- Date
- 2011-07-29 15:48:49 -0700 (Fri, 29 Jul 2011)
Log Message
-webkit-marquee with anonymous node causes segmentation fault in Node::document
https://bugs.webkit.org/show_bug.cgi?id=64693
Reviewed by Simon Fraser.
Source/WebCore:
Test: fast/css/webkit-marquee-anonymous-node-crash.html
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::scrollTo):
Add null check as renderer()->node() is null for anonymous nodes.
LayoutTests:
* fast/css/webkit-marquee-anonymous-node-crash-expected.txt: Added.
* fast/css/webkit-marquee-anonymous-node-crash.html: Added.
Add test for using -webkit-marquee with an anonymous node.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (92024 => 92025)
--- trunk/LayoutTests/ChangeLog 2011-07-29 22:40:02 UTC (rev 92024)
+++ trunk/LayoutTests/ChangeLog 2011-07-29 22:48:49 UTC (rev 92025)
@@ -1,3 +1,14 @@
+2011-07-29 Emil A Eklund <[email protected]>
+
+ -webkit-marquee with anonymous node causes segmentation fault in Node::document
+ https://bugs.webkit.org/show_bug.cgi?id=64693
+
+ Reviewed by Simon Fraser.
+
+ * fast/css/webkit-marquee-anonymous-node-crash-expected.txt: Added.
+ * fast/css/webkit-marquee-anonymous-node-crash.html: Added.
+ Add test for using -webkit-marquee with an anonymous node.
+
2011-07-29 Mike Reed <[email protected]>
[skia] never draw with GDI, so that all text can be gpu-accelerated
Added: trunk/LayoutTests/fast/css/webkit-marquee-anonymous-node-crash-expected.txt (0 => 92025)
--- trunk/LayoutTests/fast/css/webkit-marquee-anonymous-node-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/css/webkit-marquee-anonymous-node-crash-expected.txt 2011-07-29 22:48:49 UTC (rev 92025)
@@ -0,0 +1 @@
+Should not crash
Added: trunk/LayoutTests/fast/css/webkit-marquee-anonymous-node-crash.html (0 => 92025)
--- trunk/LayoutTests/fast/css/webkit-marquee-anonymous-node-crash.html (rev 0)
+++ trunk/LayoutTests/fast/css/webkit-marquee-anonymous-node-crash.html 2011-07-29 22:48:49 UTC (rev 92025)
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<style>p:first-letter { overflow: -webkit-marquee; float: left; }</style>
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+</script>
+<body>
+ <p>Should not crash</p>
+</body>
Modified: trunk/Source/WebCore/ChangeLog (92024 => 92025)
--- trunk/Source/WebCore/ChangeLog 2011-07-29 22:40:02 UTC (rev 92024)
+++ trunk/Source/WebCore/ChangeLog 2011-07-29 22:48:49 UTC (rev 92025)
@@ -1,3 +1,16 @@
+2011-07-29 Emil A Eklund <[email protected]>
+
+ -webkit-marquee with anonymous node causes segmentation fault in Node::document
+ https://bugs.webkit.org/show_bug.cgi?id=64693
+
+ Reviewed by Simon Fraser.
+
+ Test: fast/css/webkit-marquee-anonymous-node-crash.html
+
+ * rendering/RenderLayer.cpp:
+ (WebCore::RenderLayer::scrollTo):
+ Add null check as renderer()->node() is null for anonymous nodes.
+
2011-07-29 Mike Reed <[email protected]>
[skia] never draw with GDI, so that all text can be gpu-accelerated
Modified: trunk/Source/WebCore/rendering/RenderLayer.cpp (92024 => 92025)
--- trunk/Source/WebCore/rendering/RenderLayer.cpp 2011-07-29 22:40:02 UTC (rev 92024)
+++ trunk/Source/WebCore/rendering/RenderLayer.cpp 2011-07-29 22:48:49 UTC (rev 92025)
@@ -1376,7 +1376,8 @@
renderer()->repaintUsingContainer(repaintContainer, rectForRepaint);
// Schedule the scroll DOM event.
- renderer()->node()->document()->eventQueue()->enqueueOrDispatchScrollEvent(renderer()->node(), EventQueue::ScrollEventElementTarget);
+ if (renderer()->node())
+ renderer()->node()->document()->eventQueue()->enqueueOrDispatchScrollEvent(renderer()->node(), EventQueue::ScrollEventElementTarget);
}
void RenderLayer::scrollRectToVisible(const IntRect& rect, const ScrollAlignment& alignX, const ScrollAlignment& alignY)
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
