Title: [138451] trunk
- Revision
- 138451
- Author
- [email protected]
- Date
- 2012-12-24 22:16:43 -0800 (Mon, 24 Dec 2012)
Log Message
::first-letter { overflow: -webkit-paged-y } causes crash
https://bugs.webkit.org/show_bug.cgi?id=105393
Reviewed by Beth Dakin.
Source/WebCore:
Should check whether e is available or not before invoking
e->hasTagName in adjustRenderStyle in StyleResolver.cpp.
Test: fast/css/pseudo-element-opagedxy-crash.html
* css/StyleResolver.cpp:
(WebCore::StyleResolver::adjustRenderStyle):
If adjustRenderStyle is invoked in pseudoStyleForElement, the given
element is 0. So e is not available. However if the given style's
overflowY is OPAGEDX or OPAGEDY, adjustRenderStyle doesn't check
whether e is available or not before e->hasTagName.
This causes a crash.
LayoutTests:
* fast/css/pseudo-element-opagedxy-crash-expected.txt: Added.
* fast/css/pseudo-element-opagedxy-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (138450 => 138451)
--- trunk/LayoutTests/ChangeLog 2012-12-25 05:23:19 UTC (rev 138450)
+++ trunk/LayoutTests/ChangeLog 2012-12-25 06:16:43 UTC (rev 138451)
@@ -1,3 +1,13 @@
+2012-12-24 Takashi Sakamoto <[email protected]>
+
+ ::first-letter { overflow: -webkit-paged-y } causes crash
+ https://bugs.webkit.org/show_bug.cgi?id=105393
+
+ Reviewed by Beth Dakin.
+
+ * fast/css/pseudo-element-opagedxy-crash-expected.txt: Added.
+ * fast/css/pseudo-element-opagedxy-crash.html: Added.
+
2012-12-24 Mihnea Ovidenie <[email protected]>
[CSS Regions] Convert some fast/regions pixel tests to reftests
Added: trunk/LayoutTests/fast/css/pseudo-element-opagedxy-crash-expected.txt (0 => 138451)
--- trunk/LayoutTests/fast/css/pseudo-element-opagedxy-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/css/pseudo-element-opagedxy-crash-expected.txt 2012-12-25 06:16:43 UTC (rev 138451)
@@ -0,0 +1,12 @@
+This is a test for ::first-letter { overflow: -webkit-paged-y } causes crash. https://bugs.webkit.org/show_bug.cgi?id=105393
+
+This passes if it does not crash.
+
+PASS: overflow:-webkit-paged-x for ::first-line
+PASS: overflow:-webkit-paged-y for ::first-line
+PASS: overflow:-webkit-paged-x for ::first-letter
+PASS: overflow:-webkit-paged-y for ::first-letter
+PASS: overflow:-webkit-paged-x for ::before
+PASS: overflow:-webkit-paged-y for ::before
+PASS: overflow:-webkit-paged-x for ::after
+PASS: overflow:-webkit-paged-y for ::after
Added: trunk/LayoutTests/fast/css/pseudo-element-opagedxy-crash.html (0 => 138451)
--- trunk/LayoutTests/fast/css/pseudo-element-opagedxy-crash.html (rev 0)
+++ trunk/LayoutTests/fast/css/pseudo-element-opagedxy-crash.html 2012-12-25 06:16:43 UTC (rev 138451)
@@ -0,0 +1,55 @@
+<!doctype html>
+<html>
+<head>
+<style>
+#first-line-pagedx::first-line {
+ overflow: -webkit-paged-x;
+}
+
+#first-line-pagedy::first-line {
+ overflow: -webkit-paged-y;
+}
+
+#first-letter-pagedx::first-letter {
+ overflow: -webkit-paged-x;
+}
+
+#first-letter-pagedy::first-letter {
+ overflow: -webkit-paged-y;
+}
+
+#before-pagedx::before {
+ overflow: -webkit-paged-x;
+}
+
+#before-pagedy::before {
+ overflow: -webkit-paged-y;
+}
+
+#after-pagedx::after {
+ overflow: -webkit-paged-x;
+}
+
+#after-pagedy::after {
+ overflow: -webkit-paged-y;
+}
+</style>
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+</head>
+<body>
+ <p>This is a test for ::first-letter { overflow: -webkit-paged-y } causes crash. <a href=""
+ <p>This passes if it does not crash.</p>
+
+ <div id="first-line-pagedx">PASS: overflow:-webkit-paged-x for ::first-line</div>
+ <div id="first-line-pagedy">PASS: overflow:-webkit-paged-y for ::first-line</div>
+ <div id="first-letter-pagedx">PASS: overflow:-webkit-paged-x for ::first-letter</div>
+ <div id="first-letter-pagedy">PASS: overflow:-webkit-paged-y for ::first-letter</div>
+ <div id="before-pagedx">PASS: overflow:-webkit-paged-x for ::before</div>
+ <div id="before-pagedy">PASS: overflow:-webkit-paged-y for ::before</div>
+ <div id="after-pagedx">PASS: overflow:-webkit-paged-x for ::after</div>
+ <div id="after-pagedy">PASS: overflow:-webkit-paged-y for ::after</div>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (138450 => 138451)
--- trunk/Source/WebCore/ChangeLog 2012-12-25 05:23:19 UTC (rev 138450)
+++ trunk/Source/WebCore/ChangeLog 2012-12-25 06:16:43 UTC (rev 138451)
@@ -1,3 +1,23 @@
+2012-12-24 Takashi Sakamoto <[email protected]>
+
+ ::first-letter { overflow: -webkit-paged-y } causes crash
+ https://bugs.webkit.org/show_bug.cgi?id=105393
+
+ Reviewed by Beth Dakin.
+
+ Should check whether e is available or not before invoking
+ e->hasTagName in adjustRenderStyle in StyleResolver.cpp.
+
+ Test: fast/css/pseudo-element-opagedxy-crash.html
+
+ * css/StyleResolver.cpp:
+ (WebCore::StyleResolver::adjustRenderStyle):
+ If adjustRenderStyle is invoked in pseudoStyleForElement, the given
+ element is 0. So e is not available. However if the given style's
+ overflowY is OPAGEDX or OPAGEDY, adjustRenderStyle doesn't check
+ whether e is available or not before e->hasTagName.
+ This causes a crash.
+
2012-12-24 Alexei Filippov <[email protected]>
Web Inspector: add async API for passing renderer process memory stats
Modified: trunk/Source/WebCore/css/StyleResolver.cpp (138450 => 138451)
--- trunk/Source/WebCore/css/StyleResolver.cpp 2012-12-25 05:23:19 UTC (rev 138450)
+++ trunk/Source/WebCore/css/StyleResolver.cpp 2012-12-25 06:16:43 UTC (rev 138451)
@@ -2049,7 +2049,7 @@
// Call setStylesForPaginationMode() if a pagination mode is set for any non-root elements. If these
// styles are specified on a root element, then they will be incorporated in
// StyleResolver::styleForDocument().
- if ((style->overflowY() == OPAGEDX || style->overflowY() == OPAGEDY) && !(e->hasTagName(htmlTag) || e->hasTagName(bodyTag)))
+ if ((style->overflowY() == OPAGEDX || style->overflowY() == OPAGEDY) && !(e && (e->hasTagName(htmlTag) || e->hasTagName(bodyTag))))
setStylesForPaginationMode(WebCore::paginationModeForRenderStyle(style), style);
// Table rows, sections and the table itself will support overflow:hidden and will ignore scroll/auto.
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
