Title: [123377] trunk
- Revision
- 123377
- Author
- [email protected]
- Date
- 2012-07-23 13:57:13 -0700 (Mon, 23 Jul 2012)
Log Message
Crash when setting empty class name on a new element
https://bugs.webkit.org/show_bug.cgi?id=92024
Reviewed by Andreas Kling.
Source/WebCore:
Add a check for null attributeData() when setting the className to an
empty string on a newly created element. New SVG elements have null
attributeData() on baseVal upon creation.
Test: svg/custom/empty-className-baseVal-crash.html
* dom/StyledElement.cpp:
(WebCore::StyledElement::classAttributeChanged): Add check for null attributeData()
LayoutTests:
Add a check for null attributeData() when setting the className to an
empty string on a newly created element.
* svg/custom/empty-className-baseVal-crash-expected.txt: Added.
* svg/custom/empty-className-baseVal-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (123376 => 123377)
--- trunk/LayoutTests/ChangeLog 2012-07-23 20:53:35 UTC (rev 123376)
+++ trunk/LayoutTests/ChangeLog 2012-07-23 20:57:13 UTC (rev 123377)
@@ -1,3 +1,16 @@
+2012-07-23 Stephen Chenney <[email protected]>
+
+ Crash when setting empty class name on a new element
+ https://bugs.webkit.org/show_bug.cgi?id=92024
+
+ Reviewed by Andreas Kling.
+
+ Add a check for null attributeData() when setting the className to an
+ empty string on a newly created element.
+
+ * svg/custom/empty-className-baseVal-crash-expected.txt: Added.
+ * svg/custom/empty-className-baseVal-crash.html: Added.
+
2012-07-23 Caio Marcelo de Oliveira Filho <[email protected]>
[Qt] tables/mozilla_expected_failures rebaseline after new test fonts
Added: trunk/LayoutTests/svg/custom/empty-className-baseVal-crash-expected.txt (0 => 123377)
--- trunk/LayoutTests/svg/custom/empty-className-baseVal-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/svg/custom/empty-className-baseVal-crash-expected.txt 2012-07-23 20:57:13 UTC (rev 123377)
@@ -0,0 +1 @@
+PASS if no crash.
Added: trunk/LayoutTests/svg/custom/empty-className-baseVal-crash.html (0 => 123377)
--- trunk/LayoutTests/svg/custom/empty-className-baseVal-crash.html (rev 0)
+++ trunk/LayoutTests/svg/custom/empty-className-baseVal-crash.html 2012-07-23 20:57:13 UTC (rev 123377)
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<script>
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+ document.createElementNS("http://www.w3.org/2000/svg", "svg").className.baseVal = "";
+</script>
+<body>
+ PASS if no crash.
+</body>
Modified: trunk/Source/WebCore/ChangeLog (123376 => 123377)
--- trunk/Source/WebCore/ChangeLog 2012-07-23 20:53:35 UTC (rev 123376)
+++ trunk/Source/WebCore/ChangeLog 2012-07-23 20:57:13 UTC (rev 123377)
@@ -1,3 +1,19 @@
+2012-07-23 Stephen Chenney <[email protected]>
+
+ Crash when setting empty class name on a new element
+ https://bugs.webkit.org/show_bug.cgi?id=92024
+
+ Reviewed by Andreas Kling.
+
+ Add a check for null attributeData() when setting the className to an
+ empty string on a newly created element. New SVG elements have null
+ attributeData() on baseVal upon creation.
+
+ Test: svg/custom/empty-className-baseVal-crash.html
+
+ * dom/StyledElement.cpp:
+ (WebCore::StyledElement::classAttributeChanged): Add check for null attributeData()
+
2012-07-23 Shawn Singh <[email protected]>
[chromium] Refactor CCLayerTreeHostCommon: clean up clipRect and drawableContentRect design
Modified: trunk/Source/WebCore/dom/StyledElement.cpp (123376 => 123377)
--- trunk/Source/WebCore/dom/StyledElement.cpp 2012-07-23 20:53:35 UTC (rev 123376)
+++ trunk/Source/WebCore/dom/StyledElement.cpp 2012-07-23 20:57:13 UTC (rev 123377)
@@ -172,7 +172,7 @@
ensureAttributeData()->setClass(newClassString, shouldFoldCase);
if (DOMTokenList* classList = optionalClassList())
static_cast<ClassList*>(classList)->reset(newClassString);
- } else
+ } else if (attributeData())
attributeData()->clearClass();
setNeedsStyleRecalc();
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
