Diff
Modified: releases/WebKitGTK/webkit-2.34/LayoutTests/ChangeLog (289179 => 289180)
--- releases/WebKitGTK/webkit-2.34/LayoutTests/ChangeLog 2022-02-06 20:46:17 UTC (rev 289179)
+++ releases/WebKitGTK/webkit-2.34/LayoutTests/ChangeLog 2022-02-06 20:59:11 UTC (rev 289180)
@@ -1,3 +1,14 @@
+2022-01-21 Antti Koivisto <[email protected]>
+
+ WPT version of css/css-cascade/parsing/layer-import-parsing.html crashes with nullptr
+ https://bugs.webkit.org/show_bug.cgi?id=235434
+ rdar://87832940
+
+ Reviewed by Alan Bujtas.
+
+ * fast/css/insert-import-rule-crash-expected.txt: Added.
+ * fast/css/insert-import-rule-crash.html: Added.
+
2022-01-19 Rob Buis <[email protected]>
Null check player in taintsOrigin
Added: releases/WebKitGTK/webkit-2.34/LayoutTests/fast/css/insert-import-rule-crash-expected.txt (0 => 289180)
--- releases/WebKitGTK/webkit-2.34/LayoutTests/fast/css/insert-import-rule-crash-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.34/LayoutTests/fast/css/insert-import-rule-crash-expected.txt 2022-02-06 20:59:11 UTC (rev 289180)
@@ -0,0 +1 @@
+This test passes if it doesn't crash.
Added: releases/WebKitGTK/webkit-2.34/LayoutTests/fast/css/insert-import-rule-crash.html (0 => 289180)
--- releases/WebKitGTK/webkit-2.34/LayoutTests/fast/css/insert-import-rule-crash.html (rev 0)
+++ releases/WebKitGTK/webkit-2.34/LayoutTests/fast/css/insert-import-rule-crash.html 2022-02-06 20:59:11 UTC (rev 289180)
@@ -0,0 +1,13 @@
+This test passes if it doesn't crash.
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+
+const style = document.createElement("style");
+document.head.append(style);
+
+style.sheet.insertRule('@import url(data:,foo)');
+style.sheet.cssRules[0];
+style.sheet.deleteRule(0);
+style.sheet.insertRule('@import url(data:,bar)');
+</script>
Modified: releases/WebKitGTK/webkit-2.34/LayoutTests/imported/w3c/ChangeLog (289179 => 289180)
--- releases/WebKitGTK/webkit-2.34/LayoutTests/imported/w3c/ChangeLog 2022-02-06 20:46:17 UTC (rev 289179)
+++ releases/WebKitGTK/webkit-2.34/LayoutTests/imported/w3c/ChangeLog 2022-02-06 20:59:11 UTC (rev 289180)
@@ -1,3 +1,15 @@
+2022-01-21 Antti Koivisto <[email protected]>
+
+ WPT version of css/css-cascade/parsing/layer-import-parsing.html crashes with nullptr
+ https://bugs.webkit.org/show_bug.cgi?id=235434
+ rdar://87832940
+
+ Reviewed by Alan Bujtas.
+
+ * web-platform-tests/css/css-cascade/parsing/layer-import-parsing.html:
+
+ Update to WPT version.
+
2021-11-20 Carlos Garcia Campos <[email protected]>
Report the initiating url instead of the redirected one
Added: releases/WebKitGTK/webkit-2.34/LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/parsing/layer-import-parsing.html (0 => 289180)
--- releases/WebKitGTK/webkit-2.34/LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/parsing/layer-import-parsing.html (rev 0)
+++ releases/WebKitGTK/webkit-2.34/LayoutTests/imported/w3c/web-platform-tests/css/css-cascade/parsing/layer-import-parsing.html 2022-02-06 20:59:11 UTC (rev 289180)
@@ -0,0 +1,79 @@
+<!doctype html>
+<meta charset="utf-8">
+<title>@import rule with layer parsing / serialization</title>
+<link rel="author" href=""
+<link rel="help" href=""
+<script src=""
+<script src=""
+<script>
+ function setupSheet(rule) {
+ const style = document.createElement("style");
+ document.head.append(style);
+ const {sheet} = style;
+ const {cssRules} = sheet;
+
+ assert_equals(cssRules.length, 0, "Sheet should have no rules");
+ sheet.insertRule(rule);
+ assert_equals(cssRules.length, 1, "Sheet should have 1 rule");
+
+ return {sheet, cssRules};
+ }
+
+ function test_valid_layer_import(rule, serialized) {
+ if (serialized === undefined)
+ serialized = rule;
+
+ test(function() {
+ const {sheet, cssRules} = setupSheet(rule);
+
+ const serialization = cssRules[0].cssText;
+ assert_equals(serialization, serialized, 'serialization should be canonical');
+
+ const media = cssRules[0].media;
+ assert_equals(media.length, 0, 'layer() should be valid');
+
+ sheet.deleteRule(0);
+ assert_equals(cssRules.length, 0, 'Sheet should have no rule');
+ sheet.insertRule(serialization);
+ assert_equals(cssRules.length, 1, 'Sheet should have 1 rule');
+
+ assert_equals(cssRules[0].cssText, serialization, 'serialization should round-trip');
+ }, rule + ' should be a valid layered import rule');
+ }
+
+ function test_invalid_layer_import(rule) {
+ test(function() {
+ const {sheet, cssRules} = setupSheet(rule);
+
+ const media = cssRules[0].media;
+ assert_not_equals(media.length, 0,
+ 'invalid layer declaration should be parsed as <general-enclosed> media query');
+
+ sheet.deleteRule(0);
+ assert_equals(cssRules.length, 0, 'Sheet should have no rule');
+ }, rule + ' should still be a valid import rule with an invalid layer declaration');
+ }
+
+ test_valid_layer_import('@import url("nonexist.css") layer;');
+ test_valid_layer_import('@import url("nonexist.css") layer(A);');
+ test_valid_layer_import('@import url("nonexist.css") layer(A.B);');
+
+ test_valid_layer_import('@import url(nonexist.css) layer;',
+ '@import url("nonexist.css") layer;');
+ test_valid_layer_import('@import url(nonexist.css) layer(A);',
+ '@import url("nonexist.css") layer(A);');
+ test_valid_layer_import('@import url(nonexist.css) layer(A.B);',
+ '@import url("nonexist.css") layer(A.B);');
+
+ test_valid_layer_import('@import "nonexist.css" layer;',
+ '@import url("nonexist.css") layer;');
+ test_valid_layer_import('@import "nonexist.css" layer(A);',
+ '@import url("nonexist.css") layer(A);');
+ test_valid_layer_import('@import "nonexist.css" layer(A.B);',
+ '@import url("nonexist.css") layer(A.B);');
+
+ test_invalid_layer_import('@import url("nonexist.css") layer();');
+ test_invalid_layer_import('@import url("nonexist.css") layer(A B);');
+ test_invalid_layer_import('@import url("nonexist.css") layer(A . B);');
+ test_invalid_layer_import('@import url("nonexist.css") layer(A, B, C);');
+</script>
Modified: releases/WebKitGTK/webkit-2.34/Source/WebCore/ChangeLog (289179 => 289180)
--- releases/WebKitGTK/webkit-2.34/Source/WebCore/ChangeLog 2022-02-06 20:46:17 UTC (rev 289179)
+++ releases/WebKitGTK/webkit-2.34/Source/WebCore/ChangeLog 2022-02-06 20:59:11 UTC (rev 289180)
@@ -1,3 +1,23 @@
+2022-01-21 Antti Koivisto <[email protected]>
+
+ WPT version of css/css-cascade/parsing/layer-import-parsing.html crashes with nullptr
+ https://bugs.webkit.org/show_bug.cgi?id=235434
+ rdar://87832940
+
+ Reviewed by Alan Bujtas.
+
+ Test: fast/css/insert-import-rule-crash.html
+
+ * css/StyleRuleImport.cpp:
+ (WebCore::StyleRuleImport::setCSSStyleSheet):
+
+ Null check the parent stylesheet. It can be null if the rule has been removed.
+
+ * dom/InlineStyleSheetOwner.cpp:
+ (WebCore::InlineStyleSheetOwner::startLoadingDynamicSheet):
+
+ Also fix a debug assert in addPendingSheet, this can get called multiple times.
+
2022-01-19 Rob Buis <[email protected]>
Null check player in taintsOrigin
Modified: releases/WebKitGTK/webkit-2.34/Source/WebCore/css/StyleRuleImport.cpp (289179 => 289180)
--- releases/WebKitGTK/webkit-2.34/Source/WebCore/css/StyleRuleImport.cpp 2022-02-06 20:46:17 UTC (rev 289179)
+++ releases/WebKitGTK/webkit-2.34/Source/WebCore/css/StyleRuleImport.cpp 2022-02-06 20:59:11 UTC (rev 289180)
@@ -71,7 +71,7 @@
Document* document = m_parentStyleSheet ? m_parentStyleSheet->singleOwnerDocument() : nullptr;
m_styleSheet = StyleSheetContents::create(this, href, context);
- if (m_parentStyleSheet->isContentOpaque() || !cachedStyleSheet->isCORSSameOrigin())
+ if ((m_parentStyleSheet && m_parentStyleSheet->isContentOpaque()) || !cachedStyleSheet->isCORSSameOrigin())
m_styleSheet->setAsOpaque();
m_styleSheet->parseAuthorStyleSheet(cachedStyleSheet, document ? &document->securityOrigin() : nullptr);
Modified: releases/WebKitGTK/webkit-2.34/Source/WebCore/dom/InlineStyleSheetOwner.cpp (289179 => 289180)
--- releases/WebKitGTK/webkit-2.34/Source/WebCore/dom/InlineStyleSheetOwner.cpp 2022-02-06 20:46:17 UTC (rev 289179)
+++ releases/WebKitGTK/webkit-2.34/Source/WebCore/dom/InlineStyleSheetOwner.cpp 2022-02-06 20:59:11 UTC (rev 289180)
@@ -241,7 +241,7 @@
void InlineStyleSheetOwner::startLoadingDynamicSheet(Element& element)
{
- if (m_styleScope)
+ if (m_styleScope && !m_styleScope->hasPendingSheet(element))
m_styleScope->addPendingSheet(element);
}
