Title: [92937] branches/safari-534.51-branch
- Revision
- 92937
- Author
- [email protected]
- Date
- 2011-08-11 23:06:20 -0700 (Thu, 11 Aug 2011)
Log Message
Merge r91908.
Modified Paths
Added Paths
Diff
Modified: branches/safari-534.51-branch/LayoutTests/ChangeLog (92936 => 92937)
--- branches/safari-534.51-branch/LayoutTests/ChangeLog 2011-08-12 06:04:19 UTC (rev 92936)
+++ branches/safari-534.51-branch/LayoutTests/ChangeLog 2011-08-12 06:06:20 UTC (rev 92937)
@@ -1,5 +1,21 @@
2011-08-11 Lucas Forschler <[email protected]>
+ Merged 91908
+
+ 2011-07-27 Ryosuke Niwa <[email protected]>
+
+ Calling window.find immediately after mutating the document crashes WebKit.
+ https://bugs.webkit.org/show_bug.cgi?id=65296
+
+ Reviewed by Darin Adler.
+
+ Added a test to ensure WebKit doesn't crash when searching for string after mutating the document.
+
+ * editing/text-iterator/find-after-mutation-expected.txt: Added.
+ * editing/text-iterator/find-after-mutation.html: Added.
+
+2011-08-11 Lucas Forschler <[email protected]>
+
Merged 91781
2011-07-26 David Hyatt <[email protected]>
Copied: branches/safari-534.51-branch/LayoutTests/editing/text-iterator/find-after-mutation-expected.txt (from rev 91908, trunk/LayoutTests/editing/text-iterator/find-after-mutation-expected.txt) (0 => 92937)
--- branches/safari-534.51-branch/LayoutTests/editing/text-iterator/find-after-mutation-expected.txt (rev 0)
+++ branches/safari-534.51-branch/LayoutTests/editing/text-iterator/find-after-mutation-expected.txt 2011-08-12 06:06:20 UTC (rev 92937)
@@ -0,0 +1 @@
+PASS - WebKit did not crash
Copied: branches/safari-534.51-branch/LayoutTests/editing/text-iterator/find-after-mutation.html (from rev 91908, trunk/LayoutTests/editing/text-iterator/find-after-mutation.html) (0 => 92937)
--- branches/safari-534.51-branch/LayoutTests/editing/text-iterator/find-after-mutation.html (rev 0)
+++ branches/safari-534.51-branch/LayoutTests/editing/text-iterator/find-after-mutation.html 2011-08-12 06:06:20 UTC (rev 92937)
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+
+function runTest() {
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+ document.body.offsetHeight;
+ document.body.innerHTML = " ";
+ window.find('a');
+
+ document.body.innerHTML = 'PASS - WebKit did not crash';
+}
+</script>
+</head>
+<body _onload_="runTest()">
+a
+</body>
+</html>
Modified: branches/safari-534.51-branch/Source/WebCore/ChangeLog (92936 => 92937)
--- branches/safari-534.51-branch/Source/WebCore/ChangeLog 2011-08-12 06:04:19 UTC (rev 92936)
+++ branches/safari-534.51-branch/Source/WebCore/ChangeLog 2011-08-12 06:06:20 UTC (rev 92937)
@@ -1,5 +1,23 @@
2011-08-11 Lucas Forschler <[email protected]>
+ Merged 91908
+
+ 2011-07-27 Ryosuke Niwa <[email protected]>
+
+ Calling window.find immediately after mutating the document crashes WebKit.
+ https://bugs.webkit.org/show_bug.cgi?id=65296
+
+ Reviewed by Darin Adler.
+
+ Don't forget to layout first.
+
+ Test: editing/text-iterator/find-after-mutation.html
+
+ * editing/TextIterator.cpp:
+ (WebCore::findPlainText):
+
+2011-08-11 Lucas Forschler <[email protected]>
+
Merged 91781
2011-07-26 David Hyatt <[email protected]>
Modified: branches/safari-534.51-branch/Source/WebCore/editing/TextIterator.cpp (92936 => 92937)
--- branches/safari-534.51-branch/Source/WebCore/editing/TextIterator.cpp 2011-08-12 06:04:19 UTC (rev 92936)
+++ branches/safari-534.51-branch/Source/WebCore/editing/TextIterator.cpp 2011-08-12 06:06:20 UTC (rev 92937)
@@ -2569,6 +2569,9 @@
PassRefPtr<Range> findPlainText(const Range* range, const String& target, FindOptions options)
{
+ // CharacterIterator requires renderers to be up-to-date
+ range->ownerDocument()->updateLayout();
+
// First, find the text.
size_t matchStart;
size_t matchLength;
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
