Title: [128431] trunk/Source/WebCore
- Revision
- 128431
- Author
- [email protected]
- Date
- 2012-09-13 02:11:04 -0700 (Thu, 13 Sep 2012)
Log Message
[EFL] REGRESSION (r128274): fast/overflow/overflow-height-float-not-removed-crash.html
https://bugs.webkit.org/show_bug.cgi?id=96619
Patch by Mikhail Pozdnyakov <[email protected]> on 2012-09-13
Reviewed by Kenneth Rohde Christiansen.
ThemePartCacheEntry::create() can return '0' if creation fails, this was not checked
while Theme Part cache populating. A NULL pointer was dereferenced then causing crash.
Test: fast/overflow/overflow-height-float-not-removed-crash.html.
* platform/efl/RenderThemeEfl.cpp:
(WebCore::RenderThemeEfl::getThemePartFromCache):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (128430 => 128431)
--- trunk/Source/WebCore/ChangeLog 2012-09-13 08:54:29 UTC (rev 128430)
+++ trunk/Source/WebCore/ChangeLog 2012-09-13 09:11:04 UTC (rev 128431)
@@ -1,3 +1,18 @@
+2012-09-13 Mikhail Pozdnyakov <[email protected]>
+
+ [EFL] REGRESSION (r128274): fast/overflow/overflow-height-float-not-removed-crash.html
+ https://bugs.webkit.org/show_bug.cgi?id=96619
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ ThemePartCacheEntry::create() can return '0' if creation fails, this was not checked
+ while Theme Part cache populating. A NULL pointer was dereferenced then causing crash.
+
+ Test: fast/overflow/overflow-height-float-not-removed-crash.html.
+
+ * platform/efl/RenderThemeEfl.cpp:
+ (WebCore::RenderThemeEfl::getThemePartFromCache):
+
2012-09-13 Filip Pizlo <[email protected]>
[Qt][Win] REGRESSION(r128400): It broke the build
Modified: trunk/Source/WebCore/platform/efl/RenderThemeEfl.cpp (128430 => 128431)
--- trunk/Source/WebCore/platform/efl/RenderThemeEfl.cpp 2012-09-13 08:54:29 UTC (rev 128430)
+++ trunk/Source/WebCore/platform/efl/RenderThemeEfl.cpp 2012-09-13 09:11:04 UTC (rev 128431)
@@ -278,6 +278,7 @@
end = m_partCache.end();
for (size_t i = 0; it != end; i++, it++) {
ThemePartCacheEntry* entry = *it;
+ ASSERT(entry);
if (entry->size == size) {
if (entry->type == type)
return entry;
@@ -287,7 +288,8 @@
if (m_partCache.size() < RENDER_THEME_EFL_PART_CACHE_MAX) {
ThemePartCacheEntry* entry = ThemePartCacheEntry::create(themePath(), type, size);
- m_partCache.prepend(entry);
+ if (entry) // Can be '0', if creation fails. Do not store it in this case.
+ m_partCache.prepend(entry);
return entry;
}
@@ -296,6 +298,7 @@
if (lastWithRequestedSize != notFound && lastWithRequestedSize != 1) {
ThemePartCacheEntry* entry = m_partCache.at(lastWithRequestedSize);
+ ASSERT(entry);
entry->reuse(themePath(), type);
m_partCache.remove(lastWithRequestedSize);
m_partCache.prepend(entry);
@@ -303,6 +306,7 @@
}
ThemePartCacheEntry* entry = m_partCache.last();
+ ASSERT(entry);
entry->reuse(themePath(), type, size);
m_partCache.removeLast();
m_partCache.prepend(entry);
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
