Diff
Modified: trunk/LayoutTests/ChangeLog (109143 => 109144)
--- trunk/LayoutTests/ChangeLog 2012-02-28 21:16:02 UTC (rev 109143)
+++ trunk/LayoutTests/ChangeLog 2012-02-28 21:43:37 UTC (rev 109144)
@@ -1,3 +1,18 @@
+2012-02-28 Jungshik Shin <[email protected]>
+
+ Add a fallback path to LineBreakIteratorPoolICU when the locale
+ name from a web page is invalid and ICU fails to get a line break
+ iterator instance. Also add a null check to
+ TextBreakIteratorICU::acquireLineBreakIterator.
+
+ https://bugs.webkit.org/show_bug.cgi?id=67640
+
+ Reviewed by Dan Bernstein.
+
+ * fast/text/invalid-locale-expected.txt: Added.
+ * fast/text/invalid-locale.html: Added.
+ * fast/text/resources/invalid-locale.html: Added.
+
2012-02-28 Abhishek Arya <[email protected]>
Crash due to accessing removed continuation in multi-column layout.
Added: trunk/LayoutTests/fast/text/invalid-locale-expected.txt (0 => 109144)
--- trunk/LayoutTests/fast/text/invalid-locale-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/text/invalid-locale-expected.txt 2012-02-28 21:43:37 UTC (rev 109144)
@@ -0,0 +1 @@
+Did not crash - SUCCESS. See bug 67640.
Added: trunk/LayoutTests/fast/text/invalid-locale.html (0 => 109144)
--- trunk/LayoutTests/fast/text/invalid-locale.html (rev 0)
+++ trunk/LayoutTests/fast/text/invalid-locale.html 2012-02-28 21:43:37 UTC (rev 109144)
@@ -0,0 +1,19 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function loaded() {
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+</script>
+</head>
+<body>
+<iframe src="" _onload_="loaded()">
+</iframe>Did not crash - SUCCESS. See <a href="" 67640</a>.
+</body>
+</html>
Added: trunk/LayoutTests/fast/text/resources/invalid-locale.html (0 => 109144)
--- trunk/LayoutTests/fast/text/resources/invalid-locale.html (rev 0)
+++ trunk/LayoutTests/fast/text/resources/invalid-locale.html 2012-02-28 21:43:37 UTC (rev 109144)
@@ -0,0 +1,13 @@
+<html>
+ <head>
+<style>
+ * {
+ -webkit-locale: 'xx-_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
+ -webkit-text-security: disc;
+ }
+</style>
+</head>
+<body>
+xx
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (109143 => 109144)
--- trunk/Source/WebCore/ChangeLog 2012-02-28 21:16:02 UTC (rev 109143)
+++ trunk/Source/WebCore/ChangeLog 2012-02-28 21:43:37 UTC (rev 109144)
@@ -1,3 +1,21 @@
+2012-02-28 Jungshik Shin <[email protected]>
+
+ Add a fallback path to LineBreakIteratorPoolICU when the locale
+ name from a web page is invalid and ICU fails to get a line break
+ iterator instance. Also add a null check to
+ TextBreakIteratorICU::acquireLineBreakIterator.
+
+ Reviewed by Dan Bernstein.
+
+ https://bugs.webkit.org/show_bug.cgi?id=67640
+
+ Test: fast/text/invalid-locale.html
+
+ * platform/text/LineBreakIteratorPoolICU.h:
+ (WebCore::LineBreakIteratorPool::take):
+ * platform/text/TextBreakIteratorICU.cpp:
+ (WebCore::acquireLineBreakIterator):
+
2012-02-28 Abhishek Arya <[email protected]>
Crash due to accessing removed continuation in multi-column layout.
Modified: trunk/Source/WebCore/platform/text/LineBreakIteratorPoolICU.h (109143 => 109144)
--- trunk/Source/WebCore/platform/text/LineBreakIteratorPoolICU.h 2012-02-28 21:16:02 UTC (rev 109143)
+++ trunk/Source/WebCore/platform/text/LineBreakIteratorPoolICU.h 2012-02-28 21:43:37 UTC (rev 109144)
@@ -61,7 +61,15 @@
if (!iterator) {
UErrorCode openStatus = U_ZERO_ERROR;
- iterator = ubrk_open(UBRK_LINE, locale.isEmpty() ? currentTextBreakLocaleID() : locale.string().utf8().data(), 0, 0, &openStatus);
+ bool localeIsEmpty = locale.isEmpty();
+ iterator = ubrk_open(UBRK_LINE, localeIsEmpty ? currentTextBreakLocaleID() : locale.string().utf8().data(), 0, 0, &openStatus);
+ // locale comes from a web page and it can be invalid, leading ICU
+ // to fail, in which case we fall back to the default locale.
+ if (!localeIsEmpty && U_FAILURE(openStatus)) {
+ openStatus = U_ZERO_ERROR;
+ iterator = ubrk_open(UBRK_LINE, currentTextBreakLocaleID(), 0, 0, &openStatus);
+ }
+
if (U_FAILURE(openStatus)) {
LOG_ERROR("ubrk_open failed with status %d", openStatus);
return 0;
Modified: trunk/Source/WebCore/platform/text/TextBreakIteratorICU.cpp (109143 => 109144)
--- trunk/Source/WebCore/platform/text/TextBreakIteratorICU.cpp 2012-02-28 21:16:02 UTC (rev 109143)
+++ trunk/Source/WebCore/platform/text/TextBreakIteratorICU.cpp 2012-02-28 21:43:37 UTC (rev 109144)
@@ -71,6 +71,8 @@
TextBreakIterator* acquireLineBreakIterator(const UChar* string, int length, const AtomicString& locale)
{
UBreakIterator* iterator = LineBreakIteratorPool::sharedPool().take(locale);
+ if (!iterator)
+ return 0;
UErrorCode setTextStatus = U_ZERO_ERROR;
ubrk_setText(iterator, string, length, &setTextStatus);
