Title: [113676] trunk/Source/WebCore
- Revision
- 113676
- Author
- [email protected]
- Date
- 2012-04-09 21:47:51 -0700 (Mon, 09 Apr 2012)
Log Message
Don't let CSSPropertyWebkitPerspective dereference primitiveValue without null check.
https://bugs.webkit.org/show_bug.cgi?id=83538
Reviewed by Daniel Bates.
No new tests / code cleanup only.
Coverity pointed out that we potentially dereference primitiveValue here without checking for null.
I've added an early out for that case to make sure it can't ever happen. I don't know if it's actually
possible to exercise that code path or not - probably the parser prevents it from being hit in practice.
* css/CSSStyleSelector.cpp:
(WebCore::CSSStyleSelector::collectMatchingRulesForList):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (113675 => 113676)
--- trunk/Source/WebCore/ChangeLog 2012-04-10 04:42:20 UTC (rev 113675)
+++ trunk/Source/WebCore/ChangeLog 2012-04-10 04:47:51 UTC (rev 113676)
@@ -1,3 +1,19 @@
+2012-04-09 Luke Macpherson <[email protected]>
+
+ Don't let CSSPropertyWebkitPerspective dereference primitiveValue without null check.
+ https://bugs.webkit.org/show_bug.cgi?id=83538
+
+ Reviewed by Daniel Bates.
+
+ No new tests / code cleanup only.
+
+ Coverity pointed out that we potentially dereference primitiveValue here without checking for null.
+ I've added an early out for that case to make sure it can't ever happen. I don't know if it's actually
+ possible to exercise that code path or not - probably the parser prevents it from being hit in practice.
+
+ * css/CSSStyleSelector.cpp:
+ (WebCore::CSSStyleSelector::collectMatchingRulesForList):
+
2012-04-09 Joseph Pecoraro <[email protected]>
<http://webkit.org/b/83539> Web Inspector: ASSERT attempting to unbind null contentDocument
Modified: trunk/Source/WebCore/css/CSSStyleSelector.cpp (113675 => 113676)
--- trunk/Source/WebCore/css/CSSStyleSelector.cpp 2012-04-10 04:42:20 UTC (rev 113675)
+++ trunk/Source/WebCore/css/CSSStyleSelector.cpp 2012-04-10 04:47:51 UTC (rev 113676)
@@ -3643,7 +3643,11 @@
}
case CSSPropertyWebkitPerspective: {
HANDLE_INHERIT_AND_INITIAL(perspective, Perspective)
- if (primitiveValue && primitiveValue->getIdent() == CSSValueNone) {
+
+ if (!primitiveValue)
+ return;
+
+ if (primitiveValue->getIdent() == CSSValueNone) {
m_style->setPerspective(0);
return;
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
