[webkit-changes] [124833] trunk

Mon, 06 Aug 2012 18:57:14 -0700

Title: [124833] trunk
Revision
124833
Author
[email protected]
Date
2012-08-06 18:57:28 -0700 (Mon, 06 Aug 2012)

Log Message

Handle variables in CSSParser::parseValidPrimitive(), preventing null return value.
https://bugs.webkit.org/show_bug.cgi?id=93235

Reviewed by Tony Chang.

Source/WebCore:

By returning null here (and failing to handle the variable) the current code would cause null pointer dereferences in StyleResolver at several points.
Instead we create a primitive value for the variable reference and return it.

Test: fast/css/variables/invalid-font-reference.html

* css/CSSParser.cpp:
(WebCore::CSSParser::parseValidPrimitive):

LayoutTests:

Exercises the code path where variables are parsed in CSSParser::parseValidPrimitive().

* fast/css/variables/invalid-font-reference-expected.txt: Added.
* fast/css/variables/invalid-font-reference.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (124832 => 124833)


--- trunk/LayoutTests/ChangeLog	2012-08-07 01:46:25 UTC (rev 124832)
+++ trunk/LayoutTests/ChangeLog	2012-08-07 01:57:28 UTC (rev 124833)
@@ -1,3 +1,15 @@
+2012-08-06  Luke Macpherson   <[email protected]>
+
+        Handle variables in CSSParser::parseValidPrimitive(), preventing null return value.
+        https://bugs.webkit.org/show_bug.cgi?id=93235
+
+        Reviewed by Tony Chang.
+
+        Exercises the code path where variables are parsed in CSSParser::parseValidPrimitive().
+
+        * fast/css/variables/invalid-font-reference-expected.txt: Added.
+        * fast/css/variables/invalid-font-reference.html: Added.
+
 2012-08-06  Roger Fong  <[email protected]>
 
         LayoutTest: fast/forms/validation-message-user-modify.html fails.

Added: trunk/LayoutTests/fast/css/variables/invalid-font-reference-expected.txt (0 => 124833)


--- trunk/LayoutTests/fast/css/variables/invalid-font-reference-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/css/variables/invalid-font-reference-expected.txt	2012-08-07 01:57:28 UTC (rev 124833)
@@ -0,0 +1 @@
+This test is successful if it does not crash.

Added: trunk/LayoutTests/fast/css/variables/invalid-font-reference.html (0 => 124833)


--- trunk/LayoutTests/fast/css/variables/invalid-font-reference.html	                        (rev 0)
+++ trunk/LayoutTests/fast/css/variables/invalid-font-reference.html	2012-08-07 01:57:28 UTC (rev 124833)
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    internals.settings.setCSSVariablesEnabled(true);
+}
+</script>
+<style>
+body {
+  font: -webkit-var(var6) hangul mongolian;
+}
+</style>
+This test is successful if it does not crash.
+</html>

Modified: trunk/Source/WebCore/ChangeLog (124832 => 124833)


--- trunk/Source/WebCore/ChangeLog	2012-08-07 01:46:25 UTC (rev 124832)
+++ trunk/Source/WebCore/ChangeLog	2012-08-07 01:57:28 UTC (rev 124833)
@@ -1,3 +1,18 @@
+2012-08-06  Luke Macpherson   <[email protected]>
+
+        Handle variables in CSSParser::parseValidPrimitive(), preventing null return value.
+        https://bugs.webkit.org/show_bug.cgi?id=93235
+
+        Reviewed by Tony Chang.
+
+        By returning null here (and failing to handle the variable) the current code would cause null pointer dereferences in StyleResolver at several points.
+        Instead we create a primitive value for the variable reference and return it.
+
+        Test: fast/css/variables/invalid-font-reference.html
+
+        * css/CSSParser.cpp:
+        (WebCore::CSSParser::parseValidPrimitive):
+
 2012-08-06  David Reveman  <[email protected]>
 
         [Chromium] Rename CCTextureUpdater to CCTextureUpdateQueue.

Modified: trunk/Source/WebCore/css/CSSParser.cpp (124832 => 124833)


--- trunk/Source/WebCore/css/CSSParser.cpp	2012-08-07 01:46:25 UTC (rev 124832)
+++ trunk/Source/WebCore/css/CSSParser.cpp	2012-08-07 01:57:28 UTC (rev 124833)
@@ -1639,6 +1639,10 @@
     if (value->unit >= CSSPrimitiveValue::CSS_DPPX && value->unit <= CSSPrimitiveValue::CSS_DPCM)
         return createPrimitiveNumericValue(value);
 #endif
+#if ENABLE(CSS_VARIABLES)
+    if (value->unit == CSSPrimitiveValue::CSS_VARIABLE_NAME)
+        return CSSPrimitiveValue::create(value->string, CSSPrimitiveValue::CSS_VARIABLE_NAME);
+#endif
     if (value->unit >= CSSParserValue::Q_EMS)
         return CSSPrimitiveValue::createAllowingMarginQuirk(value->fValue, CSSPrimitiveValue::CSS_EMS);
     if (isCalculation(value))

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to