Modified: branches/chromium/912/Source/WebCore/ChangeLog (97778 => 97779)
--- branches/chromium/912/Source/WebCore/ChangeLog 2011-10-18 18:18:36 UTC (rev 97778)
+++ branches/chromium/912/Source/WebCore/ChangeLog 2011-10-18 18:19:32 UTC (rev 97779)
@@ -1,3 +1,561 @@
+2011-10-17 Antti Koivisto <[email protected]>
+
+ r97638 caused 3 printing crashes
+ https://bugs.webkit.org/show_bug.cgi?id=70284
+
+ Reviewed by Kent Tamura.
+
+ Null check element.
+
+ * css/CSSStyleSelector.cpp:
+ (WebCore::CSSStyleSelector::applyDeclarations):
+
+2011-10-17 Sheriff Bot <[email protected]>
+
+ Unreviewed, rolling out r97669.
+ http://trac.webkit.org/changeset/97669
+ https://bugs.webkit.org/show_bug.cgi?id=70305
+
+ Broke accessibility tests on Windows (Requested by rniwa on
+ #webkit).
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * WebCore.gypi:
+ * WebCore.pro:
+ * WebCore.vcproj/WebCore.vcproj:
+ * WebCore.xcodeproj/project.pbxproj:
+ * accessibility/AXObjectCache.cpp:
+ (WebCore::AXObjectCache::getOrCreate):
+ * accessibility/AccessibilityMockObject.h:
+ * accessibility/AccessibilityObject.cpp:
+ (WebCore::AccessibilityObject::elementAccessibilityHitTest):
+ * accessibility/AccessibilityObject.h:
+ * accessibility/AccessibilityRenderObject.cpp:
+ (WebCore::AccessibilityRenderObject::boundingBoxRect):
+ (WebCore::AccessibilityRenderObject::clearChildren):
+ (WebCore::AccessibilityRenderObject::updateChildrenIfNecessary):
+ (WebCore::AccessibilityRenderObject::addChildren):
+ * accessibility/AccessibilityRenderObject.h:
+ * accessibility/AccessibilitySpinButton.cpp: Removed.
+ * accessibility/AccessibilitySpinButton.h: Removed.
+ * accessibility/mac/WebAccessibilityObjectWrapper.mm:
+ (-[WebAccessibilityObjectWrapper accessibilityActionNames]):
+ (-[WebAccessibilityObjectWrapper accessibilityAttributeNames]):
+ (-[WebAccessibilityObjectWrapper subrole]):
+ (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):
+ * html/shadow/TextControlInnerElements.cpp:
+ (WebCore::SpinButtonElement::repeatingTimerFired):
+ * html/shadow/TextControlInnerElements.h:
+
+2011-10-17 Kent Tamura <[email protected]>
+
+ Remove OptionGroupElement
+ https://bugs.webkit.org/show_bug.cgi?id=70220
+
+ Reviewed by Darin Adler.
+
+ No new tests, just a refactoring.
+
+ * CMakeLists.txt: Remove OptionGroupElement.cpp and/or OptionGroupElement.h.
+ * GNUMakefile.am.list: ditto.
+ * WebCore.gypi: ditto.
+ * WebCore.pro: ditto.
+ * WebCore.vcproj/WebCore.vcproj: ditto.
+ * WebCore.xcodeproj/project.pbxproj: ditto.
+ * dom/DOMAllInOne.cpp: ditto.
+ * dom/OptionElement.cpp:
+ (WebCore::OptionElement::collectOptionTextRespectingGroupLabel):
+ Use hasTagName(optgroupTag) and static_cast<> instead of toOptionGroupElement().
+ * dom/OptionGroupElement.cpp: Removed.
+ * dom/OptionGroupElement.h: Removed.
+ * html/HTMLOptGroupElement.cpp:
+ (WebCore::isHTMLOptGroupElement): Added.
+ * html/HTMLOptGroupElement.h:
+ - Don't inherit OptionGroupElement.
+ - Make groupLabelText() non-virtual.
+ * html/HTMLSelectElement.cpp:
+ (WebCore::HTMLSelectElement::recalcListItems):
+ Use Use hasTagName(optgroupTag) instead of isOptionGroupElement().
+ * rendering/RenderListBox.cpp:
+ (WebCore::RenderListBox::updateFromElement):
+ Use hasTagName(optgroupTag) and static_cast<> instead of toOptionGroupElement().
+ (WebCore::RenderListBox::paintItemForeground):
+ Use hasTagName(optgroupTag) instead of isOptionGroupElement().
+ * rendering/RenderMenuList.cpp:
+ (WebCore::RenderMenuList::itemText):
+ Use hasTagName(optgroupTag) and static_cast<> instead of toOptionGroupElement().
+ (WebCore::RenderMenuList::itemIsEnabled):
+ Use Use hasTagName(optgroupTag) instead of isOptionGroupElement().
+ (WebCore::RenderMenuList::itemIsLabel): ditto.
+
+2011-10-17 Huang Dongsung <[email protected]>
+
+ [TexMap][QT] TexMapGL renders a strange one-pixel border of BitmapTexture.
+ https://bugs.webkit.org/show_bug.cgi?id=70293
+
+ TextureMapperGL renders the strange border in
+ http://www.webkit.org/blog-files/leaves/index.html
+ Bug occurs because BitmapTexture is larger than the content due to rounding to
+ NPOT, and its pixel data is never initialized.
+
+ Reviewed by Noam Rosenthal.
+
+ * platform/graphics/opengl/TextureMapperGL.cpp:
+ (WebCore::texImage2DResourceSafe):
+ (WebCore::BitmapTextureGL::reset):
+
+2011-10-17 Jochen Eisinger <[email protected]>
+
+ Make NavigationAction wrap a ResourceRequest instead of a KURL.
+ https://bugs.webkit.org/show_bug.cgi?id=68803
+
+ With this, FrameLoaderClient::dispatchCreatePage knows about the
+ request that will be used for the initial navigaion of the to be
+ created page.
+
+ Reviewed by Nate Chapin.
+
+ Test: platform/chromium/fast/loader/create-view-target-blank.html
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::loadURL):
+ (WebCore::FrameLoader::load):
+ (WebCore::FrameLoader::loadWithDocumentLoader):
+ (WebCore::FrameLoader::reload):
+ (WebCore::FrameLoader::loadPostRequest):
+ (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
+ (WebCore::FrameLoader::loadDifferentDocumentItem):
+ (WebCore::createWindow):
+ * loader/NavigationAction.cpp:
+ (WebCore::NavigationAction::NavigationAction):
+ * loader/NavigationAction.h:
+ (WebCore::NavigationAction::isEmpty):
+ (WebCore::NavigationAction::url):
+ (WebCore::NavigationAction::resourceRequest):
+ * loader/PolicyChecker.cpp:
+ (WebCore::PolicyChecker::checkNavigationPolicy):
+ * page/ContextMenuController.cpp:
+ (WebCore::openNewWindow):
+ * WebCore.exp: updated
+
+2011-10-17 Tom Sepez <[email protected]>
+
+ XSSAuditor bypass with remote script ending in ? character
+ https://bugs.webkit.org/show_bug.cgi?id=70255
+
+ Reviewed by Daniel Bates.
+
+ Fix XSSAuditor bypass where unterminated src="" attribute could pick up
+ text from page causing failed XSS detection. Constrain match to domain
+ portions of src attribute only.
+
+ Test: http/tests/security/xssAuditor/script-tag-with-source-unterminated.html
+
+ * html/parser/XSSAuditor.cpp:
+ (WebCore::XSSAuditor::filterScriptToken):
+ (WebCore::XSSAuditor::filterObjectToken):
+ (WebCore::XSSAuditor::filterParamToken):
+ (WebCore::XSSAuditor::filterEmbedToken):
+ (WebCore::XSSAuditor::filterAppletToken):
+ (WebCore::XSSAuditor::filterIframeToken):
+ (WebCore::XSSAuditor::eraseAttributeIfInjected):
+ (WebCore::XSSAuditor::decodedSnippetForAttribute):
+ * html/parser/XSSAuditor.h:
+
+2011-10-17 Adam Klein <[email protected]>
+
+ Parse MutationObserverOptions directly into a bitfield
+ https://bugs.webkit.org/show_bug.cgi?id=70287
+
+ Reviewed by Ryosuke Niwa.
+
+ Replaces the MutationObserverOptions class with a typedef,
+ used to pass a bitfield composed of enums defined in
+ WebKitMutationObserver.h.
+
+ No new tests because no behavior should change.
+
+ * GNUmakefile.list.am:
+ * WebCore.gypi:
+ * WebCore.pro:
+ * WebCore.xcodeproj/project.pbxproj:
+ * bindings/js/JSDictionary.h: Removed now-unused method.
+ * bindings/js/JSWebKitMutationObserverCustom.cpp:
+ (WebCore::JSWebKitMutationObserver::observe):
+ * bindings/v8/custom/V8WebKitMutationObserverCustom.cpp:
+ (WebCore::V8WebKitMutationObserver::observeCallback):
+ * dom/MutationObserverOptions.h: Removed.
+ * dom/Node.cpp:
+ (WebCore::Node::registerMutationObserver):
+ * dom/Node.h:
+ * dom/NodeRareData.h:
+ (WebCore::MutationObserverEntry::MutationObserverEntry):
+ (WebCore::MutationObserverEntry::matches):
+ * dom/WebKitMutationObserver.cpp:
+ (WebCore::WebKitMutationObserver::observe):
+ * dom/WebKitMutationObserver.h:
+
+2011-10-17 Luke Macpherson <[email protected]>
+
+ Add compile-time asserts for RenderStyle::(Non)InheritedFlags size.
+ https://bugs.webkit.org/show_bug.cgi?id=69803
+
+ Reviewed by Darin Adler.
+
+ No new tests.
+
+ Adds COMPILE_ASSERTs for the size of RenderStyle::InheritedFlags and
+ RenderStyle::NonInheritedFlags to ensure that they are not accidentally
+ grown in future changes.
+ Change types of unsigned bitfields to unsigned char to ensure that the
+ above assertions remain true when building on windows.
+
+ * rendering/style/RenderStyle.cpp:
+ (WebCore::RenderStyle):
+ Adds assertions to ensure struct sizes do not change.
+ * rendering/style/RenderStyle.h:
+ Changes unsigned to unsigned char as outlined above.
+
+2011-10-17 Ojan Vafai <[email protected]>
+
+ Unreviewed, rolling out r97662.
+ http://trac.webkit.org/changeset/97662
+ https://bugs.webkit.org/show_bug.cgi?id=68497
+
+ Was not the cause of the test failures.
+
+ * rendering/RenderBox.cpp:
+ (WebCore::RenderBox::sizesToIntrinsicLogicalWidth):
+
+2011-10-17 Ryosuke Niwa <[email protected]>
+
+ Rename deregister* to unregister*
+ https://bugs.webkit.org/show_bug.cgi?id=70272
+
+ Reviewed by Darin Adler.
+
+ Renamed deregisterHandler to unregisterHandler.
+
+ * inspector/front-end/ExtensionAPI.js:
+ (injectedExtensionAPI.ExtensionServerClient.prototype.unregisterHandler):
+ * inspector/front-end/ExtensionServer.js:
+ (WebInspector.ExtensionServer.prototype._onSetOpenResourceHandler):
+ * inspector/front-end/HandlerRegistry.js:
+ (get WebInspector.HandlerRegistry.prototype.unregisterHandler):
+
+2011-10-17 Huang Dongsung <[email protected]>
+
+ [TexMap][QT] The BGRA32PremultimpliedBuffer should not inherit the RefCounted class.
+ https://bugs.webkit.org/show_bug.cgi?id=70098
+
+ The BitmapTexture has a BGRA32PremultimpliedBuffer object using OwnPtr, not RefPtr.
+ It causes following assertion fail, RefCountedBase::m_deletionHasBegun.
+ It is better that the BGRA32PremultimpliedBuffer does not inherit the RefCounted
+ because the BitmapTexture only has and uses a BGRA32PremultimpliedBuffer object.
+
+ Reviewed by Noam Rosenthal.
+
+ * platform/graphics/opengl/TextureMapperGL.h:
+
+2011-10-17 Vsevolod Vlasov <[email protected]>
+
+ Web Inspector: Search in resource crashes when there is no resource with given url.
+ https://bugs.webkit.org/show_bug.cgi?id=69767
+
+ Reviewed by Pavel Feldman.
+
+ Test: http/tests/inspector/search/search-in-non-existing-resource.html
+
+ * inspector/InspectorPageAgent.cpp:
+ (WebCore::InspectorPageAgent::searchInResource):
+
+2011-10-17 Mihnea Ovidenie <[email protected]>
+
+ [CSS Regions]Change content:-webkit-from-flow to -webkit-flow-from
+ https://bugs.webkit.org/show_bug.cgi?id=70104
+
+ Reviewed by David Hyatt.
+
+ 1. -webkit-flow-from is now a property instead of being an addition to content property.
+ 2. -webkit-flow-from takes an identifier instead of string.
+
+ * css/CSSComputedStyleDeclaration.cpp:
+ (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
+ * css/CSSParser.cpp:
+ (WebCore::CSSParser::parseValue):
+ (WebCore::CSSParser::parseContent):
+ (WebCore::CSSParser::parseRegionThread):
+ * css/CSSParser.h:
+ * css/CSSPrimitiveValue.cpp:
+ (WebCore::isValidCSSUnitTypeForDoubleConversion):
+ (WebCore::CSSPrimitiveValue::cleanup):
+ (WebCore::CSSPrimitiveValue::getStringValue):
+ (WebCore::CSSPrimitiveValue::cssText):
+ * css/CSSPrimitiveValue.h:
+ * css/CSSPropertyNames.in:
+ * css/CSSStyleSelector.cpp:
+ (WebCore::CSSStyleSelector::applyProperty):
+
+2011-10-17 Kentaro Hara <[email protected]>
+
+ MessageEvent.data can be stored as ScriptValue.
+ https://bugs.webkit.org/show_bug.cgi?id=68978
+
+ Reviewed by Hajime Morita.
+
+ Currently, the following test cases fail or crash:
+
+ - shouldBe("new MessageEvent('eventType', { data: test_object }).data", "test_object") -> FAIL
+ - new MessageEvent('eventType', { data: document }).data -> CRASH
+
+ This is because MessageEvent.data is implemented just as SerializedScriptValue
+ and it cannot keep ScriptValue passed by _javascript_. This patch makes the following changes:
+
+ - If MessageEvent is constructed with ScriptValue, it is stored as ScriptValue internally.
+ When MessageEvent.data is called, the ScriptValue is returned.
+ - If MessageEvent is constructed with SerializedScriptValue, it is stored as
+ SerializedScriptValue internally (since we cannot deserialize it into ScriptValue
+ at this point because of lack of ExecState). When MessageEvent.data is called,
+ the SerializedScriptValue is deserialized into the corresponding ScriptValue,
+ and the ScriptValue is returned.
+
+ This patch does not make a fix for ObjC bindings code, since we need to first fix
+ the bug 28774, as commented in dom/MessageEvent.h and dom/MessageEvent.cpp.
+
+ Test: fast/events/constructors/message-event-constructor.html
+
+ * bindings/js/JSMessageEventCustom.cpp:
+ (WebCore::JSMessageEvent::data): Custom getter for MessageEvent.data. Supported ScriptValue.
+ (WebCore::JSMessageEvent::initMessageEvent): Changed SerializedScriptValue to ScriptValue.
+ * bindings/v8/custom/V8MessageEventCustom.cpp:
+ (WebCore::V8MessageEvent::dataAccessorGetter): Custom getter for MessageEvent.data. Supported ScriptValue.
+ (WebCore::V8MessageEvent::portsAccessorGetter): Removed extra spaces.
+ (WebCore::V8MessageEvent::initMessageEventCallback): Changed SerializedScriptValue to ScriptValue.
+ * dom/MessageEvent.cpp:
+ (WebCore::MessageEvent::MessageEvent): Supported ScriptValue.
+ (WebCore::MessageEvent::initMessageEvent): Supported ScriptValue.
+ (WebCore::MessageEvent::isMessageEvent): Removed extra spaces.
+ * dom/MessageEvent.h: Added DataType::DataTypeScriptValue.
+ (WebCore::MessageEvent::create): Supported ScriptValue.
+ (WebCore::MessageEvent::dataAsScriptValue): Getter for data. Insert ASSERT() to guarantee that this accessor is not called for unintended type of data.
+ (WebCore::MessageEvent::dataAsSerializedScriptValue): Ditto.
+ (WebCore::MessageEvent::dataAsString): Ditto.
+ (WebCore::MessageEvent::dataAsBlob): Ditto.
+ (WebCore::MessageEvent::dataAsArrayBuffer): Ditto.
+ * dom/MessageEvent.idl: Changed SerializedScriptValue to DOMObject (i.e. ScriptValue). This patch does not touch an ObjC part.
+
+2011-10-17 Shinya Kawanaka <[email protected]>
+
+ Unified spell-checking and legacy spell checking should be easy to switch
+ https://bugs.webkit.org/show_bug.cgi?id=69242
+
+ Reviewed by Hajime Morita.
+
+ WebCore has two different code paths for spell-checking:
+ 1) checkTextOfParagraph() for Snow Leopard or later
+ 2) checkSpellingOfString() for checkGrammarOfString() for other platforms.
+
+ This patch introduces a flag to change code paths dynamically.
+ This patch also includes build fix for QT, GTK, and Windows platforms.
+
+ No new tests because this patch does not change a behavior.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * WebCore.pro:
+ * WebCore.vcproj/WebCore.vcproj:
+ * accessibility/AccessibilityObject.cpp:
+ (WebCore::AccessibilityObject::hasMisspelling):
+ Changed static if-USE(UNIFIED_TEXT_CHECKING) statement to dynamic
+ condition branch to achieve easy code path change.
+ * accessibility/mac/WebAccessibilityObjectWrapper.mm: ditto.
+ (AXAttributeStringSetSpelling):
+ * editing/EditingAllInOne.cpp:
+ * editing/Editor.cpp:
+ (WebCore::Editor::advanceToNextMisspelling): ditto.
+ (WebCore::Editor::guessesForMisspelledOrUngrammaticalSelection): ditto.
+ (WebCore::Editor::markMisspellingsAfterTypingToWord): ditto.
+ (WebCore::Editor::markAllMisspellingsAndBadGrammarInRanges): ditto.
+ (WebCore::Editor::changeBackToReplacedString): ditto.
+ (WebCore::Editor::markMisspellingsAndBadGrammar): ditto.
+ (WebCore::Editor::unifiedTextCheckerEnabled):
+ Utility method to check using unified text checking or not.
+ * editing/Editor.h:
+ * editing/TextCheckingHelper.cpp:
+ (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
+ Same as WebCore::AccessibilityObject::hasMisspelling.
+ (WebCore::TextCheckingHelper::guessesForMisspelledOrUngrammaticalRange): ditto.
+ (WebCore::TextCheckingHelper::unifiedTextCheckerEnabled):
+ Utility method to check using unified text checking or not.
+ (WebCore::unifiedTextCheckerEnabled): ditto.
+ * editing/TextCheckingHelper.h:
+ * page/Settings.cpp:
+ (WebCore::Settings::Settings):
+ Includes a flag to change the code path.
+ * page/Settings.h:
+ (WebCore::Settings::setUnifiedTextCheckerEnabled):
+ Sets a flag to change the code path.
+ (WebCore::Settings::unifiedTextCheckerEnabled):
+ A flag to change the code path.
+
+2011-10-17 Julien Chaffraix <[email protected]>
+
+ Unreviewed build fix after 97691.
+
+ * html/HTMLTableCellElement.h:
+ (WebCore::toHTMLTableCellElement): Avoid declaring the same function twice.
+
+2011-10-12 Ojan Vafai <[email protected]>
+
+ Unreviewed, rolling out r97661.
+ http://trac.webkit.org/changeset/97661
+
+ Confirmed this patch was not the cause of the test failures.
+
+ display:inline-block elements don't correctly handle orthogonal writing-modes
+ https://bugs.webkit.org/show_bug.cgi?id=69957
+
+ Reading min/maxPreferredLogicalWidth from a child uses the child's writing-mode.
+ Instead, we need to grab the result based on the parent's writing-mode.
+ In the case of orthogonal writing-modes, we need the child's logical height.
+
+ Tests: fast/writing-mode/borders-expected.html
+ fast/writing-mode/borders.html
+
+ * rendering/RenderBlock.cpp:
+ (WebCore::RenderBlock::computeBlockPreferredLogicalWidths):
+
+2011-10-17 James Robinson <[email protected]>
+
+ Unreviewed, rolling out r97690.
+ http://trac.webkit.org/changeset/97690
+ https://bugs.webkit.org/show_bug.cgi?id=70161
+
+ Hits assertion in CCLayerTreeHostTests
+
+ * WebCore.gypi:
+ * platform/graphics/chromium/cc/CCMainThread.h:
+ * platform/graphics/chromium/cc/CCMainThreadTask.h:
+ (WebCore::createMainThreadTask):
+ * platform/graphics/chromium/cc/CCScopedMainThreadProxy.h: Removed.
+ * platform/graphics/chromium/cc/CCThreadProxy.cpp:
+ (WebCore::CCThreadProxySchedulerClient::scheduleBeginFrameAndCommit):
+ (WebCore::CCThreadProxy::CCThreadProxy):
+ (WebCore::CCThreadProxy::stop):
+ * platform/graphics/chromium/cc/CCThreadProxy.h:
+
+2011-10-17 Julien Chaffraix <[email protected]>
+
+ Remove colSpan / rowSpan caching from RenderTableCell
+ https://bugs.webkit.org/show_bug.cgi?id=69569
+
+ Reviewed by Darin Adler.
+
+ Memory optimization, no change in behavior expected.
+
+ This change removes m_colSpan & m_rowSpan from RenderTableCell (inspired by
+ kling's memory shaving effort).
+
+ This makes us save 8 bytes per RenderTableCell on my machine (x86-64). No slowdown
+ on PageCycler Alexa-US.
+
+ This change refactored the way we handle updates from the DOM side to simplify
+ the code using the following: colspan / rowspan updates always go through
+ parseMappedAttribute where we already check for the renderer type. Thus removed the
+ generic updateFromElement and replaced it with colSpanOrRowSpanChanged. This removes
+ a virtual dispatch.
+
+ As there is no way to know if an attribute has changed in the parseMappedAttribute code,
+ we now unconditionally call colSpanOrRowSpanChanged. Looking at Chromium's page data,
+ colSpan and rowSpan are never changed outside the HTML markup thus such a change should
+ have a limited impact.
+
+ * html/HTMLTableCellElement.cpp:
+ (WebCore::HTMLTableCellElement::parseMappedAttribute): Updated after updateFromElement
+ removal.
+
+ * html/HTMLTableCellElement.h:
+ (WebCore::toHTMLTableCellElement): Added the usual conversion functions.
+
+ * rendering/RenderTableCell.cpp:
+ (WebCore::RenderTableCell::RenderTableCell): Added a boolean to know if we have
+ the right type of associated DOM node to avoid the cost of checking that every
+ time.
+
+ (WebCore::RenderTableCell::colSpan):
+ (WebCore::RenderTableCell::rowSpan):
+ Forwarded the calls to our object if we have the right type (normal case).
+
+ (WebCore::RenderTableCell::colSpanOrRowSpanChanged): Handles the
+ updateFromElement calls but in a more streamlined way.
+
+ * rendering/RenderTableCell.h:
+
+2011-10-17 James Robinson <[email protected]>
+
+ [chromium] Fix shutdown race when posting main thread task to CCThreadProxy and enable tests
+ https://bugs.webkit.org/show_bug.cgi?id=70161
+
+ Reviewed by David Levin.
+
+ Adds a weak pointer mechanism to cancel main thread tasks posted to CCThreadProxy instances from the compositor
+ thread. Previously there was a race condition where main thread tasks could run even after the CCThreadProxy was
+ destroyed.
+
+ This race does not exist in the other direction because when tearing down a CCThreadProxy we first post a quit
+ task to the compositor thread and then suspend execution of the main thread until all compositor tasks for the
+ CCThreadProxy have been drained.
+
+ Covered by the now-enabled CCLayerTreeHostTest* unit tests.
+
+ * WebCore.gypi:
+ * platform/graphics/chromium/cc/CCScopedMainThreadProxy.h: Added.
+ (WebCore::CCScopedMainThreadProxy::create):
+ (WebCore::CCScopedMainThreadProxy::postTask):
+ (WebCore::CCScopedMainThreadProxy::shutdown):
+ (WebCore::CCScopedMainThreadProxy::CCScopedMainThreadProxy):
+ (WebCore::CCScopedMainThreadProxy::runTaskIfNotShutdown):
+ * platform/graphics/chromium/cc/CCThreadProxy.cpp:
+ (WebCore::CCThreadProxy::CCThreadProxy):
+ (WebCore::CCThreadProxy::~CCThreadProxy):
+ (WebCore::CCThreadProxy::createBeginFrameAndCommitTaskOnCCThread):
+ * platform/graphics/chromium/cc/CCThreadProxy.h:
+
+2011-10-17 Sheriff Bot <[email protected]>
+
+ Unreviewed, rolling out r97641.
+ http://trac.webkit.org/changeset/97641
+ https://bugs.webkit.org/show_bug.cgi?id=70288
+
+ "This change may have broken mouse/hit-test coordinate tests."
+ (Requested by jeffm7 on #webkit).
+
+ * platform/Widget.cpp:
+ (WebCore::Widget::convertFromContainingWindow):
+ (WebCore::Widget::convertToContainingWindow):
+
+2011-10-17 Andreas Kling <[email protected]>
+
+ CSSParser: Remove unused variable 'propertyComponents'
+ https://bugs.webkit.org/show_bug.cgi?id=70230
+
+ Reviewed by Darin Adler.
+
+ (WebCore::CSSParser::markPropertyEnd):
+
+2011-10-17 Shawn Singh <[email protected]>
+
+ [chromium] Update comments about transform hierarchy in CCLayerTreeHostCommon
+ https://bugs.webkit.org/show_bug.cgi?id=69765
+
+ Reviewed by James Robinson.
+
+ Only comments changed, no tests needed.
+
+ * platform/graphics/chromium/cc/CCLayerTreeHostCommon.cpp:
+ (WebCore::calculateDrawTransformsAndVisibilityInternal):
+
2011-10-17 Dan Bernstein <[email protected]>
Remove unnecessary calls to columnRectAt()
Modified: branches/chromium/912/Source/WebCore/css/CSSStyleSelector.cpp (97778 => 97779)
--- branches/chromium/912/Source/WebCore/css/CSSStyleSelector.cpp 2011-10-18 18:18:36 UTC (rev 97778)
+++ branches/chromium/912/Source/WebCore/css/CSSStyleSelector.cpp 2011-10-18 18:19:32 UTC (rev 97779)
@@ -2174,7 +2174,7 @@
if (startIndex == -1)
return;
- if (m_element->isLink()) {
+ if (m_element && m_element->isLink()) {
for (int i = startIndex; i <= endIndex; ++i) {
CSSMutableStyleDeclaration* styleDeclaration = m_matchedDecls[i].styleDeclaration;
unsigned linkMatchType = m_matchedDecls[i].linkMatchType;
