Skip to site navigation (Press enter)

[webkit-changes] [106251] trunk

commit-queue Mon, 30 Jan 2012 09:31:58 -0800

Title: [106251] trunk

Revision: 106251
Author: [email protected]
Date: 2012-01-30 09:31:52 -0800 (Mon, 30 Jan 2012)

Log Message

REGRESSION (r82580): Reproducible crash in CSSPrimitiveValue::computeLengthDouble
https://bugs.webkit.org/show_bug.cgi?id=61989


Patch by Parag Radke <[email protected]> on 2012-01-30
Reviewed by Simon Fraser.

Source/WebCore:

According to css3 specs when font-size is specified in 'rems' for an element implies the font-size
of the root element. In this case as HTML element has a property 'display:none' and hence renderer
is NULL causes this crash.

Test: fast/css/fontsize-unit-rems-crash.html

* css/CSSPrimitiveValue.cpp:
(WebCore::CSSPrimitiveValue::computeLengthDouble):
Added a null check for the root element's RenderStyle as it can be null in case of html has a property
hidden or display:none.

LayoutTests:

Added a test case to check rems unit (css3) with html property display:none.

* fast/css/fontsize-unit-rems-crash-expected.txt: Added.
* fast/css/fontsize-unit-rems-crash.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/css/CSSPrimitiveValue.cpp

Added Paths

trunk/LayoutTests/fast/css/fontsize-unit-rems-crash-expected.txt
trunk/LayoutTests/fast/css/fontsize-unit-rems-crash.html

Diff

Modified: trunk/LayoutTests/ChangeLog (106250 => 106251)


--- trunk/LayoutTests/ChangeLog	2012-01-30 17:27:33 UTC (rev 106250)
+++ trunk/LayoutTests/ChangeLog	2012-01-30 17:31:52 UTC (rev 106251)
@@ -1,3 +1,15 @@
+2012-01-30  Parag Radke  <[email protected]>
+
+        REGRESSION (r82580): Reproducible crash in CSSPrimitiveValue::computeLengthDouble
+        https://bugs.webkit.org/show_bug.cgi?id=61989
+
+        Reviewed by Simon Fraser.
+
+        Added a test case to check rems unit (css3) with html property display:none.
+
+        * fast/css/fontsize-unit-rems-crash-expected.txt: Added.
+        * fast/css/fontsize-unit-rems-crash.html: Added.
+
 2012-01-26  Jocelyn Turcotte  <[email protected]>
 
         [Qt] WKTR: Use a software rendering pipiline when running tests.

Added: trunk/LayoutTests/fast/css/fontsize-unit-rems-crash-expected.txt (0 => 106251)


--- trunk/LayoutTests/fast/css/fontsize-unit-rems-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/css/fontsize-unit-rems-crash-expected.txt	2012-01-30 17:31:52 UTC (rev 106251)
@@ -0,0 +1,2 @@
+layer at (0,0) size 800x600
+  RenderView at (0,0) size 800x600

Added: trunk/LayoutTests/fast/css/fontsize-unit-rems-crash.html (0 => 106251)


--- trunk/LayoutTests/fast/css/fontsize-unit-rems-crash.html	                        (rev 0)
+++ trunk/LayoutTests/fast/css/fontsize-unit-rems-crash.html	2012-01-30 17:31:52 UTC (rev 106251)
@@ -0,0 +1,2 @@
+<html style="display:none;"><title style="line-height: 1rem;">Test case for 61989</title>
+<p>This is test for Bug 61989 No crash means test PASS.</p></html>

Modified: trunk/Source/WebCore/ChangeLog (106250 => 106251)


--- trunk/Source/WebCore/ChangeLog	2012-01-30 17:27:33 UTC (rev 106250)
+++ trunk/Source/WebCore/ChangeLog	2012-01-30 17:31:52 UTC (rev 106251)
@@ -1,3 +1,21 @@
+2012-01-30  Parag Radke  <[email protected]>
+
+        REGRESSION (r82580): Reproducible crash in CSSPrimitiveValue::computeLengthDouble
+        https://bugs.webkit.org/show_bug.cgi?id=61989
+
+        Reviewed by Simon Fraser.
+
+        According to css3 specs when font-size is specified in 'rems' for an element implies the font-size
+        of the root element. In this case as HTML element has a property 'display:none' and hence renderer 
+        is NULL causes this crash.
+
+        Test: fast/css/fontsize-unit-rems-crash.html
+
+        * css/CSSPrimitiveValue.cpp:
+        (WebCore::CSSPrimitiveValue::computeLengthDouble):
+        Added a null check for the root element's RenderStyle as it can be null in case of html has a property
+        hidden or display:none.
+
 2012-01-26  Jocelyn Turcotte  <[email protected]>
 
         [Qt] WKTR: Use a software rendering pipiline when running tests.

Modified: trunk/Source/WebCore/css/CSSPrimitiveValue.cpp (106250 => 106251)


--- trunk/Source/WebCore/css/CSSPrimitiveValue.cpp	2012-01-30 17:27:33 UTC (rev 106250)
+++ trunk/Source/WebCore/css/CSSPrimitiveValue.cpp	2012-01-30 17:31:52 UTC (rev 106251)
@@ -416,7 +416,8 @@
             break;
         case CSS_REMS:
             applyZoomMultiplier = false;
-            factor = computingFontSize ? rootStyle->fontDescription().specifiedSize() : rootStyle->fontDescription().computedSize();
+            if (rootStyle)
+                factor = computingFontSize ? rootStyle->fontDescription().specifiedSize() : rootStyle->fontDescription().computedSize();
             break;
         case CSS_PX:
             break;

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes