Title: [123822] trunk
- Revision
- 123822
- Author
- [email protected]
- Date
- 2012-07-26 17:48:15 -0700 (Thu, 26 Jul 2012)
Log Message
[Chromium] Regression: Global-buffer-overflow in WebCore::mediaControlElementType
https://bugs.webkit.org/show_bug.cgi?id=91333
Patch by Silvia Pfeiffer <[email protected]> on 2012-07-26
Reviewed by Eric Seidel.
Source/WebCore:
MediaControlChromiumEnclosureElement now is a subclass of MediaControlElement, which
fixes the broken cast detected in the bug.
The displayType() of MediaControlChromiumEnclosureElement is set to 'MediaControlsPanel',
since the Panel element is sufficiently close in functionality to the Enclosure element.
By reusing this type, we do not need to introduce a Chromium-specific constant into
the generally used MediaControlElementType.
Test: accessibility/media-controls.html
* html/shadow/MediaControlRootElementChromium.cpp:
(WebCore::MediaControlChromiumEnclosureElement::MediaControlChromiumEnclosureElement):
Subclass MediaControlChromiumEnclosureElement from MediaControlElement.
(WebCore::MediaControlChromiumEnclosureElement::displayType):
Give the enclosure the MediaPanels type.
* html/shadow/MediaControlRootElementChromium.h:
Add the MediaControlElement.h header file.
(MediaControlChromiumEnclosureElement):
Subclass MediaControlChromiumEnclosureElement from MediaControlElement.
LayoutTests:
This new test assures that the creation of a audio element with controls does not
break when accessibility is turned on.
* accessibility/media-controls-expected.txt: Added.
* accessibility/media-controls.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (123821 => 123822)
--- trunk/LayoutTests/ChangeLog 2012-07-27 00:41:55 UTC (rev 123821)
+++ trunk/LayoutTests/ChangeLog 2012-07-27 00:48:15 UTC (rev 123822)
@@ -1,3 +1,16 @@
+2012-07-26 Silvia Pfeiffer <[email protected]>
+
+ [Chromium] Regression: Global-buffer-overflow in WebCore::mediaControlElementType
+ https://bugs.webkit.org/show_bug.cgi?id=91333
+
+ Reviewed by Eric Seidel.
+
+ This new test assures that the creation of a audio element with controls does not
+ break when accessibility is turned on.
+
+ * accessibility/media-controls-expected.txt: Added.
+ * accessibility/media-controls.html: Added.
+
2012-07-26 Max Vujovic <[email protected]>
Added binding and updated chromium tests.
Added: trunk/LayoutTests/accessibility/media-controls-expected.txt (0 => 123822)
--- trunk/LayoutTests/accessibility/media-controls-expected.txt (rev 0)
+++ trunk/LayoutTests/accessibility/media-controls-expected.txt 2012-07-27 00:48:15 UTC (rev 123822)
@@ -0,0 +1,9 @@
+This tests that the script creation of an audio element with controls works when accessibility is enabled and does not crash.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/accessibility/media-controls.html (0 => 123822)
--- trunk/LayoutTests/accessibility/media-controls.html (rev 0)
+++ trunk/LayoutTests/accessibility/media-controls.html 2012-07-27 00:48:15 UTC (rev 123822)
@@ -0,0 +1,19 @@
+<!DOCTYPE HTML>
+<html>
+ <body>
+ <script src=""
+ <script>
+ description("This tests that the script creation of an audio element with controls works when accessibility is enabled and does not crash.");
+
+ if (window.testRunner && window.accessibilityController) {
+ function createAudio() {
+ var audio = document.createElement('audio');
+ audio.setAttribute('controls', 'controls');
+ document.documentElement.appendChild(audio);
+ }
+ window._onload_ = createAudio;
+ }
+ </script>
+ <script src=""
+ </body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (123821 => 123822)
--- trunk/Source/WebCore/ChangeLog 2012-07-27 00:41:55 UTC (rev 123821)
+++ trunk/Source/WebCore/ChangeLog 2012-07-27 00:48:15 UTC (rev 123822)
@@ -1,3 +1,29 @@
+2012-07-26 Silvia Pfeiffer <[email protected]>
+
+ [Chromium] Regression: Global-buffer-overflow in WebCore::mediaControlElementType
+ https://bugs.webkit.org/show_bug.cgi?id=91333
+
+ Reviewed by Eric Seidel.
+
+ MediaControlChromiumEnclosureElement now is a subclass of MediaControlElement, which
+ fixes the broken cast detected in the bug.
+ The displayType() of MediaControlChromiumEnclosureElement is set to 'MediaControlsPanel',
+ since the Panel element is sufficiently close in functionality to the Enclosure element.
+ By reusing this type, we do not need to introduce a Chromium-specific constant into
+ the generally used MediaControlElementType.
+
+ Test: accessibility/media-controls.html
+
+ * html/shadow/MediaControlRootElementChromium.cpp:
+ (WebCore::MediaControlChromiumEnclosureElement::MediaControlChromiumEnclosureElement):
+ Subclass MediaControlChromiumEnclosureElement from MediaControlElement.
+ (WebCore::MediaControlChromiumEnclosureElement::displayType):
+ Give the enclosure the MediaPanels type.
+ * html/shadow/MediaControlRootElementChromium.h:
+ Add the MediaControlElement.h header file.
+ (MediaControlChromiumEnclosureElement):
+ Subclass MediaControlChromiumEnclosureElement from MediaControlElement.
+
2012-07-26 Arnaud Renevier <[email protected]>
[GTK] avoid unneeded object creation when calling Vector::append
Modified: trunk/Source/WebCore/html/shadow/MediaControlRootElementChromium.cpp (123821 => 123822)
--- trunk/Source/WebCore/html/shadow/MediaControlRootElementChromium.cpp 2012-07-27 00:41:55 UTC (rev 123821)
+++ trunk/Source/WebCore/html/shadow/MediaControlRootElementChromium.cpp 2012-07-27 00:48:15 UTC (rev 123822)
@@ -49,8 +49,7 @@
static const double timeWithoutMouseMovementBeforeHidingControls = 2;
MediaControlChromiumEnclosureElement::MediaControlChromiumEnclosureElement(Document* document)
- : HTMLDivElement(HTMLNames::divTag, document->document())
- , m_mediaController(0)
+ : MediaControlElement(document)
{
}
@@ -59,6 +58,13 @@
return adoptRef(new MediaControlChromiumEnclosureElement(document));
}
+MediaControlElementType MediaControlChromiumEnclosureElement::displayType() const
+{
+ // Mapping onto same MediaControlElementType as panel element, since it has similar properties.
+ return MediaControlsPanel;
+}
+
+
const AtomicString& MediaControlChromiumEnclosureElement::shadowPseudoId() const
{
DEFINE_STATIC_LOCAL(AtomicString, id, ("-webkit-media-controls-enclosure"));
Modified: trunk/Source/WebCore/html/shadow/MediaControlRootElementChromium.h (123821 => 123822)
--- trunk/Source/WebCore/html/shadow/MediaControlRootElementChromium.h 2012-07-27 00:41:55 UTC (rev 123821)
+++ trunk/Source/WebCore/html/shadow/MediaControlRootElementChromium.h 2012-07-27 00:48:15 UTC (rev 123822)
@@ -29,6 +29,7 @@
#if ENABLE(VIDEO)
+#include "MediaControlElements.h"
#include "MediaControls.h"
#include <wtf/RefPtr.h>
@@ -61,22 +62,15 @@
class MediaControlTextTrackDisplayElement;
#endif
-class MediaControlChromiumEnclosureElement : public HTMLDivElement {
+class MediaControlChromiumEnclosureElement : public MediaControlElement {
public:
static PassRefPtr<MediaControlChromiumEnclosureElement> create(Document*);
- virtual const AtomicString& shadowPseudoId() const;
-
- void setMediaController(MediaControllerInterface* controller) { m_mediaController = controller; }
- MediaControllerInterface* mediaController() const { return m_mediaController; }
-
-protected:
- MediaControlChromiumEnclosureElement(Document*);
-
private:
- virtual bool isMediaControlElement() const { return true; }
+ explicit MediaControlChromiumEnclosureElement(Document*);
- MediaControllerInterface* m_mediaController;
+ virtual MediaControlElementType displayType() const;
+ virtual const AtomicString& shadowPseudoId() const;
};
class MediaControlRootElementChromium : public MediaControls {
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
