Title: [122792] branches/chromium/1180/Source/WebCore/html/ImageInputType.cpp
- Revision
- 122792
- Author
- [email protected]
- Date
- 2012-07-16 18:33:19 -0700 (Mon, 16 Jul 2012)
Log Message
Merge 122418 -
Accessing width or height of a detached image input element causes crash
https://bugs.webkit.org/show_bug.cgi?id=90885
Reviewed by Kentaro Hara.
Source/WebCore:
Test: fast/forms/image/width-and-height-of-detached-input.html
* html/ImageInputType.cpp:
(WebCore::ImageInputType::height): Add null check for m_imageLoader.
(WebCore::ImageInputType::width): ditto.
LayoutTests:
* fast/forms/image/width-and-height-of-detached-input-expected.txt: Added.
* fast/forms/image/width-and-height-of-detached-input.html: Added.
[email protected]
Review URL: https://chromiumcodereview.appspot.com/10780024
Modified Paths
Diff
Modified: branches/chromium/1180/Source/WebCore/html/ImageInputType.cpp (122791 => 122792)
--- branches/chromium/1180/Source/WebCore/html/ImageInputType.cpp 2012-07-17 01:24:45 UTC (rev 122791)
+++ branches/chromium/1180/Source/WebCore/html/ImageInputType.cpp 2012-07-17 01:33:19 UTC (rev 122792)
@@ -190,7 +190,7 @@
return height;
// If the image is available, use its height.
- if (m_imageLoader->image())
+ if (m_imageLoader && m_imageLoader->image())
return m_imageLoader->image()->imageSizeForRenderer(element->renderer(), 1).height();
}
@@ -211,7 +211,7 @@
return width;
// If the image is available, use its width.
- if (m_imageLoader->image())
+ if (m_imageLoader && m_imageLoader->image())
return m_imageLoader->image()->imageSizeForRenderer(element->renderer(), 1).width();
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
