Title: [186971] trunk
- Revision
- 186971
- Author
- mmaxfi...@apple.com
- Date
- 2015-07-17 16:26:34 -0700 (Fri, 17 Jul 2015)
Log Message
style.fontFamily accessor crashes on unstyled node created from DOMParser().parseFromString()
https://bugs.webkit.org/show_bug.cgi?id=147026
<rdar://problem/21864487>
Reviewed by Andreas Kling.
Source/WebCore:
Font CSS properties are a little special because they are used as indices into caches.
Normally, StyleResolver gives all nodes a default font family, so our cache works correctly.
However, if the document doesn't have a Settings object, StyleResolver wasn't doing this.
Documents created from DOMParser().parseFromString() don't have a Settings object.
Test: fast/text/crash-font-family-parsed.html
* css/StyleResolver.cpp:
(WebCore::StyleResolver::defaultStyleForElement):
(WebCore::StyleResolver::initializeFontStyle): Set a font family even if we don't have a
Settings object.
LayoutTests:
* fast/text/crash-font-family-parsed-expected.txt: Added.
* fast/text/crash-font-family-parsed.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (186970 => 186971)
--- trunk/LayoutTests/ChangeLog 2015-07-17 23:18:44 UTC (rev 186970)
+++ trunk/LayoutTests/ChangeLog 2015-07-17 23:26:34 UTC (rev 186971)
@@ -1,3 +1,14 @@
+2015-07-17 Myles C. Maxfield <mmaxfi...@apple.com>
+
+ style.fontFamily accessor crashes on unstyled node created from DOMParser().parseFromString()
+ https://bugs.webkit.org/show_bug.cgi?id=147026
+ <rdar://problem/21864487>
+
+ Reviewed by Andreas Kling.
+
+ * fast/text/crash-font-family-parsed-expected.txt: Added.
+ * fast/text/crash-font-family-parsed.html: Added.
+
2015-07-17 Yusuke Suzuki <utatane....@gmail.com>
Unreviewed, rename test file from promise-resolve-non-dom.js to promise-resolve-in-non-dom.js
Added: trunk/LayoutTests/fast/text/crash-font-family-parsed-expected.txt (0 => 186971)
--- trunk/LayoutTests/fast/text/crash-font-family-parsed-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/text/crash-font-family-parsed-expected.txt 2015-07-17 23:26:34 UTC (rev 186971)
@@ -0,0 +1 @@
+This test passes if there is no crash.
Added: trunk/LayoutTests/fast/text/crash-font-family-parsed.html (0 => 186971)
--- trunk/LayoutTests/fast/text/crash-font-family-parsed.html (rev 0)
+++ trunk/LayoutTests/fast/text/crash-font-family-parsed.html 2015-07-17 23:26:34 UTC (rev 186971)
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<head>
+</head>
+<body>
+This test passes if there is no crash.
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+var parser = new DOMParser();
+var doc = parser.parseFromString("<?xml><!DOCTYPE svg><svg></svg>", "application/xml");
+var style = getComputedStyle(doc.children[0]);
+style.cssText;
+</script>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (186970 => 186971)
--- trunk/Source/WebCore/ChangeLog 2015-07-17 23:18:44 UTC (rev 186970)
+++ trunk/Source/WebCore/ChangeLog 2015-07-17 23:26:34 UTC (rev 186971)
@@ -1,5 +1,25 @@
2015-07-17 Myles C. Maxfield <mmaxfi...@apple.com>
+ style.fontFamily accessor crashes on unstyled node created from DOMParser().parseFromString()
+ https://bugs.webkit.org/show_bug.cgi?id=147026
+ <rdar://problem/21864487>
+
+ Reviewed by Andreas Kling.
+
+ Font CSS properties are a little special because they are used as indices into caches.
+ Normally, StyleResolver gives all nodes a default font family, so our cache works correctly.
+ However, if the document doesn't have a Settings object, StyleResolver wasn't doing this.
+ Documents created from DOMParser().parseFromString() don't have a Settings object.
+
+ Test: fast/text/crash-font-family-parsed.html
+
+ * css/StyleResolver.cpp:
+ (WebCore::StyleResolver::defaultStyleForElement):
+ (WebCore::StyleResolver::initializeFontStyle): Set a font family even if we don't have a
+ Settings object.
+
+2015-07-17 Myles C. Maxfield <mmaxfi...@apple.com>
+
Video posters disappear once media has loaded
https://bugs.webkit.org/show_bug.cgi?id=147045
Modified: trunk/Source/WebCore/css/StyleResolver.cpp (186970 => 186971)
--- trunk/Source/WebCore/css/StyleResolver.cpp 2015-07-17 23:18:44 UTC (rev 186970)
+++ trunk/Source/WebCore/css/StyleResolver.cpp 2015-07-17 23:26:34 UTC (rev 186971)
@@ -1048,10 +1048,10 @@
{
m_state.setStyle(RenderStyle::create());
// Make sure our fonts are initialized if we don't inherit them from our parent style.
- if (Settings* settings = documentSettings()) {
- initializeFontStyle(settings);
+ initializeFontStyle(documentSettings());
+ if (documentSettings())
m_state.style()->fontCascade().update(&document().fontSelector());
- } else
+ else
m_state.style()->fontCascade().update(nullptr);
return m_state.takeStyle();
@@ -2035,7 +2035,8 @@
void StyleResolver::initializeFontStyle(Settings* settings)
{
FontDescription fontDescription;
- fontDescription.setRenderingMode(settings->fontRenderingMode());
+ if (settings)
+ fontDescription.setRenderingMode(settings->fontRenderingMode());
fontDescription.setOneFamily(standardFamily);
fontDescription.setKeywordSizeFromIdentifier(CSSValueMedium);
setFontSize(fontDescription, Style::fontSizeForKeyword(CSSValueMedium, false, document()));
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
