Title: [166645] trunk/LayoutTests
- Revision
- 166645
- Author
- [email protected]
- Date
- 2014-04-02 07:52:23 -0700 (Wed, 02 Apr 2014)
Log Message
Add LayoutTest for crash with bidi isolates
Merged from Blink (patch by [email protected]):
https://src.chromium.org/viewvc/blink?revision=156580&view=revision
http://crbug.com/265838
See Bug 120504: Fix nested unicode-bidi: isolate
<https://bugs.webkit.org/show_bug.cgi?id=120504>
<http://trac.webkit.org/changeset/155554>
* fast/text/international/unicode-bidi-isolate-nested-with-removes-expected.txt: Added.
* fast/text/international/unicode-bidi-isolate-nested-with-removes.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (166644 => 166645)
--- trunk/LayoutTests/ChangeLog 2014-04-02 14:37:22 UTC (rev 166644)
+++ trunk/LayoutTests/ChangeLog 2014-04-02 14:52:23 UTC (rev 166645)
@@ -1,3 +1,18 @@
+2014-04-02 David Kilzer <[email protected]>
+
+ Add LayoutTest for crash with bidi isolates
+
+ Merged from Blink (patch by [email protected]):
+ https://src.chromium.org/viewvc/blink?revision=156580&view=revision
+ http://crbug.com/265838
+
+ See Bug 120504: Fix nested unicode-bidi: isolate
+ <https://bugs.webkit.org/show_bug.cgi?id=120504>
+ <http://trac.webkit.org/changeset/155554>
+
+ * fast/text/international/unicode-bidi-isolate-nested-with-removes-expected.txt: Added.
+ * fast/text/international/unicode-bidi-isolate-nested-with-removes.html: Added.
+
2014-04-02 Ion Rosca <[email protected]>
[CSS Blending] Compositing requirements for blending are not computed correctly
Added: trunk/LayoutTests/fast/text/international/unicode-bidi-isolate-nested-with-removes-expected.txt (0 => 166645)
--- trunk/LayoutTests/fast/text/international/unicode-bidi-isolate-nested-with-removes-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/text/international/unicode-bidi-isolate-nested-with-removes-expected.txt 2014-04-02 14:52:23 UTC (rev 166645)
@@ -0,0 +1,4 @@
+ bar
+
+
+PASS did not crash
Added: trunk/LayoutTests/fast/text/international/unicode-bidi-isolate-nested-with-removes.html (0 => 166645)
--- trunk/LayoutTests/fast/text/international/unicode-bidi-isolate-nested-with-removes.html (rev 0)
+++ trunk/LayoutTests/fast/text/international/unicode-bidi-isolate-nested-with-removes.html 2014-04-02 14:52:23 UTC (rev 166645)
@@ -0,0 +1,36 @@
+<!-- This tests for regression of https://crbug.com/265838 where adjacent, nested isolates caused a use-after-free if the elements were later removed. -->
+<script>
+function remove(node)
+{
+ node.parentNode.removeChild(node);
+}
+
+window._onload_ = function()
+{
+ document.body.offsetTop;
+ remove(b.lastChild);
+ document.body.offsetTop;
+ remove(a.firstChild);
+ document.body.offsetTop;
+
+ document.body.appendChild(document.createTextNode("PASS did not crash"));
+}
+</script>
+
+<body>
+ <div id="a">foo</div>
+ <div></div>
+ <div>
+ <output>
+ <output>bar</output>
+ <span id="b">
+ <span><div style="display:inline-block"></div><br><br><br></span>
+ </span>
+ </output>
+ </div>
+</body>
+
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
