Skip to site navigation (Press enter)

[webkit-changes] [122418] trunk

tkent Wed, 11 Jul 2012 22:17:29 -0700

Title: [122418] trunk

Revision: 122418
Author: [email protected]
Date: 2012-07-11 22:17:22 -0700 (Wed, 11 Jul 2012)

Log Message

Accessing width or height of a detached image input element causes crash
https://bugs.webkit.org/show_bug.cgi?id=90885


Reviewed by Kentaro Hara.

Source/WebCore:

Test: fast/forms/image/width-and-height-of-detached-input.html

* html/ImageInputType.cpp:
(WebCore::ImageInputType::height): Add null check for m_imageLoader.
(WebCore::ImageInputType::width): ditto.

LayoutTests:

* fast/forms/image/width-and-height-of-detached-input-expected.txt: Added.
* fast/forms/image/width-and-height-of-detached-input.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/html/ImageInputType.cpp

Added Paths

trunk/LayoutTests/fast/forms/image/
trunk/LayoutTests/fast/forms/image/width-and-height-of-detached-input-expected.txt
trunk/LayoutTests/fast/forms/image/width-and-height-of-detached-input.html

Diff

Modified: trunk/LayoutTests/ChangeLog (122417 => 122418)


--- trunk/LayoutTests/ChangeLog	2012-07-12 05:00:32 UTC (rev 122417)
+++ trunk/LayoutTests/ChangeLog	2012-07-12 05:17:22 UTC (rev 122418)
@@ -1,3 +1,13 @@
+2012-07-11  Kent Tamura  <[email protected]>
+
+        Accessing width or height of a detached image input element causes crash
+        https://bugs.webkit.org/show_bug.cgi?id=90885
+
+        Reviewed by Kentaro Hara.
+
+        * fast/forms/image/width-and-height-of-detached-input-expected.txt: Added.
+        * fast/forms/image/width-and-height-of-detached-input.html: Added.
+
 2012-07-11  Dan Bernstein  <[email protected]>
 
         Updated expected results for this test after r122408, which fixed it.

Added: trunk/LayoutTests/fast/forms/image/width-and-height-of-detached-input-expected.txt (0 => 122418)


--- trunk/LayoutTests/fast/forms/image/width-and-height-of-detached-input-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/forms/image/width-and-height-of-detached-input-expected.txt	2012-07-12 05:17:22 UTC (rev 122418)
@@ -0,0 +1,11 @@
+Width and height properties of a detached input element should return 0.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS input.width is 0
+PASS input.height is 0
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Property changes on: trunk/LayoutTests/fast/forms/image/width-and-height-of-detached-input-expected.txt
___________________________________________________________________

Added: svn:eol-style

Added: trunk/LayoutTests/fast/forms/image/width-and-height-of-detached-input.html (0 => 122418)


--- trunk/LayoutTests/fast/forms/image/width-and-height-of-detached-input.html	                        (rev 0)
+++ trunk/LayoutTests/fast/forms/image/width-and-height-of-detached-input.html	2012-07-12 05:17:22 UTC (rev 122418)
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<script src=""
+<script>
+description('Width and height properties of a detached input element should return 0.');
+var input = document.createElement('input');
+input.type = 'image';
+shouldBe('input.width', '0');
+shouldBe('input.height', '0');
+</script>
+<script src=""
+
Property changes on: trunk/LayoutTests/fast/forms/image/width-and-height-of-detached-input.html
___________________________________________________________________

Added: svn:eol-style

Modified: trunk/Source/WebCore/ChangeLog (122417 => 122418)


--- trunk/Source/WebCore/ChangeLog	2012-07-12 05:00:32 UTC (rev 122417)
+++ trunk/Source/WebCore/ChangeLog	2012-07-12 05:17:22 UTC (rev 122418)
@@ -1,5 +1,18 @@
 2012-07-11  Kent Tamura  <[email protected]>
 
+        Accessing width or height of a detached image input element causes crash
+        https://bugs.webkit.org/show_bug.cgi?id=90885
+
+        Reviewed by Kentaro Hara.
+
+        Test: fast/forms/image/width-and-height-of-detached-input.html
+
+        * html/ImageInputType.cpp:
+        (WebCore::ImageInputType::height): Add null check for m_imageLoader.
+        (WebCore::ImageInputType::width): ditto.
+
+2012-07-11  Kent Tamura  <[email protected]>
+
         Do not save state of stateless form controls
         https://bugs.webkit.org/show_bug.cgi?id=90964

Modified: trunk/Source/WebCore/html/ImageInputType.cpp (122417 => 122418)


--- trunk/Source/WebCore/html/ImageInputType.cpp	2012-07-12 05:00:32 UTC (rev 122417)
+++ trunk/Source/WebCore/html/ImageInputType.cpp	2012-07-12 05:17:22 UTC (rev 122418)
@@ -190,7 +190,7 @@
             return height;
 
         // If the image is available, use its height.
-        if (m_imageLoader->image())
+        if (m_imageLoader && m_imageLoader->image())
             return m_imageLoader->image()->imageSizeForRenderer(element->renderer(), 1).height();
     }
 
@@ -211,7 +211,7 @@
             return width;
 
         // If the image is available, use its width.
-        if (m_imageLoader->image())
+        if (m_imageLoader && m_imageLoader->image())
             return m_imageLoader->image()->imageSizeForRenderer(element->renderer(), 1).width();
     }

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes