[webkit-changes] [190958] releases/WebKitGTK/webkit-2.10

[carlosgc]

Title: [190958] releases/WebKitGTK/webkit-2.10

Revision

190958

Author

carlo...@webkit.org

Date

2015-10-13 03:51:55 -0700 (Tue, 13 Oct 2015)

Log Message

Merge r190585 - ShadowRoot with leading or trailing white space cause a crash
https://bugs.webkit.org/show_bug.cgi?id=149782

Reviewed by Chris Dumez.

Source/WebCore:

Fixed the crash by adding a null pointer check since a TextNode that appears as a direct child
of a ShadowRoot doesn't have a parent element.

Test: fast/shadow-dom/shadow-root-with-child-whitespace-text-crash.html

* style/RenderTreePosition.cpp:
(WebCore::RenderTreePosition::previousSiblingRenderer):

LayoutTests:

Added a regression test.

* fast/shadow-dom/shadow-root-with-child-whitespace-text-crash-expected.txt: Added.
* fast/shadow-dom/shadow-root-with-child-whitespace-text-crash.html: Added.

Modified Paths

• releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog
• releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog
• releases/WebKitGTK/webkit-2.10/Source/WebCore/style/RenderTreePosition.cpp

Added Paths

• releases/WebKitGTK/webkit-2.10/LayoutTests/fast/shadow-dom/
• releases/WebKitGTK/webkit-2.10/LayoutTests/fast/shadow-dom/shadow-root-with-child-whitespace-text-crash-expected.txt
• releases/WebKitGTK/webkit-2.10/LayoutTests/fast/shadow-dom/shadow-root-with-child-whitespace-text-crash.html

Diff

Modified: releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog (190957 => 190958)

--- releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog	2015-10-13 10:49:47 UTC (rev 190957)
+++ releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog	2015-10-13 10:51:55 UTC (rev 190958)
@@ -1,3 +1,15 @@
+2015-10-02  Ryosuke Niwa  <rn...@webkit.org>
+
+        ShadowRoot with leading or trailing white space cause a crash
+        https://bugs.webkit.org/show_bug.cgi?id=149782
+
+        Reviewed by Chris Dumez.
+
+        Added a regression test.
+
+        * fast/shadow-dom/shadow-root-with-child-whitespace-text-crash-expected.txt: Added.
+        * fast/shadow-dom/shadow-root-with-child-whitespace-text-crash.html: Added.
+
 2015-10-05  Zalan Bujtas  <za...@apple.com>
 
         Mark the line dirty when RenderQuote's text changes.

Added: releases/WebKitGTK/webkit-2.10/LayoutTests/fast/shadow-dom/shadow-root-with-child-whitespace-text-crash-expected.txt (0 => 190958)

--- releases/WebKitGTK/webkit-2.10/LayoutTests/fast/shadow-dom/shadow-root-with-child-whitespace-text-crash-expected.txt	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.10/LayoutTests/fast/shadow-dom/shadow-root-with-child-whitespace-text-crash-expected.txt	2015-10-13 10:51:55 UTC (rev 190958)
@@ -0,0 +1,3 @@
+This tests creating a shadow root with leading and trailing white spaces. WebKit should not crash. You should see PASS below.
+
+PASS

Added: releases/WebKitGTK/webkit-2.10/LayoutTests/fast/shadow-dom/shadow-root-with-child-whitespace-text-crash.html (0 => 190958)

--- releases/WebKitGTK/webkit-2.10/LayoutTests/fast/shadow-dom/shadow-root-with-child-whitespace-text-crash.html	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.10/LayoutTests/fast/shadow-dom/shadow-root-with-child-whitespace-text-crash.html	2015-10-13 10:51:55 UTC (rev 190958)
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+<body>
+<p>
+This tests creating a shadow root with leading and trailing white spaces.
+WebKit should not crash. You should see PASS below.
+</p>
+<div id="host">PASS</div>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+
+var host = document.getElementById('host');
+host.attachShadow({mode: 'closed'}).innerHTML = ' <slot></slot> ';
+</script>
+</body>
+</html>

Modified: releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog (190957 => 190958)

--- releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog	2015-10-13 10:49:47 UTC (rev 190957)
+++ releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog	2015-10-13 10:51:55 UTC (rev 190958)
@@ -1,3 +1,18 @@
+2015-10-02  Ryosuke Niwa  <rn...@webkit.org>
+
+        ShadowRoot with leading or trailing white space cause a crash
+        https://bugs.webkit.org/show_bug.cgi?id=149782
+
+        Reviewed by Chris Dumez.
+
+        Fixed the crash by adding a null pointer check since a TextNode that appears as a direct child
+        of a ShadowRoot doesn't have a parent element.
+
+        Test: fast/shadow-dom/shadow-root-with-child-whitespace-text-crash.html
+
+        * style/RenderTreePosition.cpp:
+        (WebCore::RenderTreePosition::previousSiblingRenderer):
+
 2015-10-05  Zalan Bujtas  <za...@apple.com>
 
         Mark the line dirty when RenderQuote's text changes.

Modified: releases/WebKitGTK/webkit-2.10/Source/WebCore/style/RenderTreePosition.cpp (190957 => 190958)

--- releases/WebKitGTK/webkit-2.10/Source/WebCore/style/RenderTreePosition.cpp	2015-10-13 10:49:47 UTC (rev 190957)
+++ releases/WebKitGTK/webkit-2.10/Source/WebCore/style/RenderTreePosition.cpp	2015-10-13 10:51:55 UTC (rev 190958)
@@ -62,8 +62,10 @@
         if (renderer && !RenderTreePosition::isRendererReparented(*renderer))
             return renderer;
     }
-    if (PseudoElement* before = textNode.parentElement()->beforePseudoElement())
-        return before->renderer();
+    if (auto* parent = textNode.parentElement()) {
+        if (auto* before = parent->beforePseudoElement())
+            return before->renderer();
+    }
     return nullptr;
 }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes