Diff
Modified: trunk/LayoutTests/ChangeLog (138459 => 138460)
--- trunk/LayoutTests/ChangeLog 2012-12-25 09:24:04 UTC (rev 138459)
+++ trunk/LayoutTests/ChangeLog 2012-12-25 09:26:38 UTC (rev 138460)
@@ -1,5 +1,17 @@
2012-12-25 Alexander Pavlov <[email protected]>
+ Web Inspector: Crash when modifying a rule that has been removed through _javascript_
+ https://bugs.webkit.org/show_bug.cgi?id=105718
+
+ Reviewed by Yury Semikhatsky.
+
+ * http/tests/inspector/elements-test.js: Add InspectorTest.toggleMatchedStyleProperty.
+ (initialize_ElementTest.InspectorTest.toggleMatchedStyleProperty): Added.
+ * inspector/styles/removed-rule-crash-expected.txt: Added.
+ * inspector/styles/removed-rule-crash.html: Added.
+
+2012-12-25 Alexander Pavlov <[email protected]>
+
Web Inspector: device-metrics-fit-window.html is failing on Chromium-Mac
https://bugs.webkit.org/show_bug.cgi?id=104362
Modified: trunk/LayoutTests/http/tests/inspector/elements-test.js (138459 => 138460)
--- trunk/LayoutTests/http/tests/inspector/elements-test.js 2012-12-25 09:24:04 UTC (rev 138459)
+++ trunk/LayoutTests/http/tests/inspector/elements-test.js 2012-12-25 09:26:38 UTC (rev 138460)
@@ -177,6 +177,12 @@
treeItem.toggleEnabled({ target: { checked: checked }, consume: function() { } });
}
+InspectorTest.toggleMatchedStyleProperty = function(propertyName, checked)
+{
+ var treeItem = InspectorTest.getMatchedStylePropertyTreeItem(propertyName);
+ treeItem.toggleEnabled({ target: { checked: checked }, consume: function() { } });
+}
+
InspectorTest.expandAndDumpSelectedElementEventListeners = function(callback)
{
InspectorTest.expandSelectedElementEventListeners(function() {
Added: trunk/LayoutTests/inspector/styles/removed-rule-crash-expected.txt (0 => 138460)
--- trunk/LayoutTests/inspector/styles/removed-rule-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/inspector/styles/removed-rule-crash-expected.txt 2012-12-25 09:26:38 UTC (rev 138460)
@@ -0,0 +1,18 @@
+Tests that disabling style property after the style rule has been removed does not crash the inspected page.
+
+Before disable
+[expanded]
+element.style { ()
+
+======== Matched CSS Rules ========
+[expanded]
+#container { (removed-rule-crash.html:4)
+font-weight: bold;
+
+[expanded]
+div { (user agent stylesheet)
+display: block;
+
+
+PASS: No crash
+
Added: trunk/LayoutTests/inspector/styles/removed-rule-crash.html (0 => 138460)
--- trunk/LayoutTests/inspector/styles/removed-rule-crash.html (rev 0)
+++ trunk/LayoutTests/inspector/styles/removed-rule-crash.html 2012-12-25 09:26:38 UTC (rev 138460)
@@ -0,0 +1,52 @@
+<html>
+<head>
+<style>
+#container {
+ font-weight: bold;
+}
+</style>
+<script src=""
+<script src=""
+<script>
+
+function removeRule()
+{
+ document.styleSheets[0].removeRule(0);
+}
+
+function test()
+{
+ InspectorTest.selectNodeAndWaitForStyles("container", step0);
+
+ function step0(node)
+ {
+ InspectorTest.evaluateInPage("removeRule()", step1);
+ }
+
+ function step1()
+ {
+ InspectorTest.addResult("Before disable");
+ InspectorTest.dumpSelectedElementStyles(true);
+ InspectorTest.toggleMatchedStyleProperty("font-weight", false);
+ InspectorTest.runAfterPendingDispatches(step2);
+ }
+
+ function step2()
+ {
+ InspectorTest.addResult("PASS: No crash");
+ InspectorTest.completeTest();
+ }
+}
+</script>
+</head>
+
+<body _onload_="runTest()">
+<p>
+Tests that disabling style property after the style rule has been removed does not crash the inspected page.
+</p>
+
+<div id="container">
+</div>
+
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (138459 => 138460)
--- trunk/Source/WebCore/ChangeLog 2012-12-25 09:24:04 UTC (rev 138459)
+++ trunk/Source/WebCore/ChangeLog 2012-12-25 09:26:38 UTC (rev 138460)
@@ -1,3 +1,22 @@
+2012-12-25 Alexander Pavlov <[email protected]>
+
+ Web Inspector: Crash when modifying a rule that has been removed through _javascript_
+ https://bugs.webkit.org/show_bug.cgi?id=105718
+
+ Reviewed by Yury Semikhatsky.
+
+ CSSStyleRules should be stored by RefPtr's to avoid using stale pointers to deleted instances.
+
+ Test: inspector/styles/removed-rule-crash.html
+
+ * inspector/InspectorStyleSheet.cpp:
+ (WebCore::InspectorStyleSheet::ruleForId):
+ (WebCore::InspectorStyleSheet::revalidateStyle):
+ (WebCore::InspectorStyleSheet::buildArrayForRuleList):
+ (WebCore::InspectorStyleSheet::collectFlatRules):
+ * inspector/InspectorStyleSheet.h:
+ (InspectorStyleSheet):
+
2012-12-25 Eugene Klyuchnikov <[email protected]>
Web Inspector: [Console] Add "Replay XHR" context menu item for corresponding messages.
Modified: trunk/Source/WebCore/inspector/InspectorStyleSheet.cpp (138459 => 138460)
--- trunk/Source/WebCore/inspector/InspectorStyleSheet.cpp 2012-12-25 09:24:04 UTC (rev 138459)
+++ trunk/Source/WebCore/inspector/InspectorStyleSheet.cpp 2012-12-25 09:26:38 UTC (rev 138460)
@@ -910,7 +910,7 @@
ASSERT(!id.isEmpty());
ensureFlatRules();
- return id.ordinal() >= m_flatRules.size() ? 0 : m_flatRules.at(id.ordinal());
+ return id.ordinal() >= m_flatRules.size() ? 0 : m_flatRules.at(id.ordinal()).get();
}
@@ -1268,7 +1268,7 @@
m_isRevalidating = true;
ensureFlatRules();
for (unsigned i = 0, size = m_flatRules.size(); i < size; ++i) {
- CSSStyleRule* parsedRule = m_flatRules.at(i);
+ CSSStyleRule* parsedRule = m_flatRules.at(i).get();
if (parsedRule->style() == pageStyle) {
if (parsedRule->styleRule()->properties()->asText() != pageStyle->cssText()) {
// Clear the disabled properties for the invalid style here.
@@ -1330,16 +1330,16 @@
return result.release();
RefPtr<CSSRuleList> refRuleList = ruleList;
- Vector<CSSStyleRule*> rules;
+ CSSStyleRuleVector rules;
collectFlatRules(refRuleList, &rules);
for (unsigned i = 0, size = rules.size(); i < size; ++i)
- result->addItem(buildObjectForRule(rules.at(i)));
+ result->addItem(buildObjectForRule(rules.at(i).get()));
return result.release();
}
-void InspectorStyleSheet::collectFlatRules(PassRefPtr<CSSRuleList> ruleList, Vector<CSSStyleRule*>* result)
+void InspectorStyleSheet::collectFlatRules(PassRefPtr<CSSRuleList> ruleList, CSSStyleRuleVector* result)
{
if (!ruleList)
return;
Modified: trunk/Source/WebCore/inspector/InspectorStyleSheet.h (138459 => 138460)
--- trunk/Source/WebCore/inspector/InspectorStyleSheet.h 2012-12-25 09:24:04 UTC (rev 138459)
+++ trunk/Source/WebCore/inspector/InspectorStyleSheet.h 2012-12-25 09:26:38 UTC (rev 138460)
@@ -222,9 +222,10 @@
virtual bool setStyleText(CSSStyleDeclaration*, const String&);
private:
+ typedef Vector<RefPtr<CSSStyleRule> > CSSStyleRuleVector;
friend class InspectorStyle;
- static void collectFlatRules(PassRefPtr<CSSRuleList>, Vector<CSSStyleRule*>* result);
+ static void collectFlatRules(PassRefPtr<CSSRuleList>, CSSStyleRuleVector* result);
bool ensureText() const;
bool ensureSourceData();
void ensureFlatRules() const;
@@ -244,7 +245,7 @@
bool m_isRevalidating;
ParsedStyleSheet* m_parsedStyleSheet;
InspectorStyleMap m_inspectorStyles;
- mutable Vector<CSSStyleRule*> m_flatRules;
+ mutable CSSStyleRuleVector m_flatRules;
Listener* m_listener;
};
