Title: [123188] trunk
- Revision
- 123188
- Author
- [email protected]
- Date
- 2012-07-20 00:46:00 -0700 (Fri, 20 Jul 2012)
Log Message
Fix crash in WebCore::HTMLInputElement::dataList
https://bugs.webkit.org/show_bug.cgi?id=91818
Reviewed by Kent Tamura.
Source/WebCore:
Fix crash that occurs when setting slider appearance on a regular node.
Test: fast/forms/range/slider-appearance-crash.html
* rendering/RenderTheme.cpp:
(WebCore::RenderTheme::paintSliderTicks): Check if node is an input element.
LayoutTests:
* fast/forms/range/slider-appearance-crash-expected.txt: Added.
* fast/forms/range/slider-appearance-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (123187 => 123188)
--- trunk/LayoutTests/ChangeLog 2012-07-20 07:42:57 UTC (rev 123187)
+++ trunk/LayoutTests/ChangeLog 2012-07-20 07:46:00 UTC (rev 123188)
@@ -1,3 +1,13 @@
+2012-07-20 Keishi Hattori <[email protected]>
+
+ Fix crash in WebCore::HTMLInputElement::dataList
+ https://bugs.webkit.org/show_bug.cgi?id=91818
+
+ Reviewed by Kent Tamura.
+
+ * fast/forms/range/slider-appearance-crash-expected.txt: Added.
+ * fast/forms/range/slider-appearance-crash.html: Added.
+
2012-07-20 Yoshifumi Inoue <[email protected]>
Unreviewed. Set svn:mime-type to image/png for PNG files without svn:mime-type.
Added: trunk/LayoutTests/fast/forms/range/slider-appearance-crash-expected.txt (0 => 123188)
--- trunk/LayoutTests/fast/forms/range/slider-appearance-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/forms/range/slider-appearance-crash-expected.txt 2012-07-20 07:46:00 UTC (rev 123188)
@@ -0,0 +1,3 @@
+Checks that slider appearance on regular node doesn't crash.
+
+
Added: trunk/LayoutTests/fast/forms/range/slider-appearance-crash.html (0 => 123188)
--- trunk/LayoutTests/fast/forms/range/slider-appearance-crash.html (rev 0)
+++ trunk/LayoutTests/fast/forms/range/slider-appearance-crash.html 2012-07-20 07:46:00 UTC (rev 123188)
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+<p>Checks that slider appearance on regular node doesn't crash.</p>
+<style>
+iframe {
+ -webkit-appearance: slider-horizontal;
+}
+</style>
+<iframe>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (123187 => 123188)
--- trunk/Source/WebCore/ChangeLog 2012-07-20 07:42:57 UTC (rev 123187)
+++ trunk/Source/WebCore/ChangeLog 2012-07-20 07:46:00 UTC (rev 123188)
@@ -1,3 +1,17 @@
+2012-07-20 Keishi Hattori <[email protected]>
+
+ Fix crash in WebCore::HTMLInputElement::dataList
+ https://bugs.webkit.org/show_bug.cgi?id=91818
+
+ Reviewed by Kent Tamura.
+
+ Fix crash that occurs when setting slider appearance on a regular node.
+
+ Test: fast/forms/range/slider-appearance-crash.html
+
+ * rendering/RenderTheme.cpp:
+ (WebCore::RenderTheme::paintSliderTicks): Check if node is an input element.
+
2012-07-20 Kent Tamura <[email protected]>
[Chromium] Fix an assertion failure in TextFieldDecorationElement::hostInput()
Modified: trunk/Source/WebCore/rendering/RenderTheme.cpp (123187 => 123188)
--- trunk/Source/WebCore/rendering/RenderTheme.cpp 2012-07-20 07:42:57 UTC (rev 123187)
+++ trunk/Source/WebCore/rendering/RenderTheme.cpp 2012-07-20 07:46:00 UTC (rev 123188)
@@ -963,7 +963,11 @@
#if ENABLE(DATALIST)
void RenderTheme::paintSliderTicks(RenderObject* o, const PaintInfo& paintInfo, const IntRect& rect)
{
- HTMLInputElement* input = static_cast<HTMLInputElement*>(o->node()->shadowAncestorNode());
+ Node* node = o->node();
+ if (!node)
+ return;
+
+ HTMLInputElement* input = node->toInputElement();
if (!input)
return;
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
