Skip to site navigation (Press enter)

[webkit-changes] [190962] releases/WebKitGTK/webkit-2.10

carlosgc Tue, 13 Oct 2015 03:57:08 -0700

Title: [190962] releases/WebKitGTK/webkit-2.10

Revision: 190962
Author: [email protected]
Date: 2015-10-13 03:56:30 -0700 (Tue, 13 Oct 2015)

Log Message

Merge r190597 - CSSGradientValue should check whether gradientLength is zero or not.
https://bugs.webkit.org/show_bug.cgi?id=149373
<rdar://problem/22771418>


Patch by Jiewen Tan <[email protected]> on 2015-10-05
Reviewed by Darin Adler.

Source/WebCore:

This is a merge of Blink r158220,
https://chromiumcodereview.appspot.com/24350008

Test: fast/gradients/css3-repeating-radial-gradients-crash.html

* css/CSSGradientValue.cpp:
(WebCore::CSSGradientValue::addStops):
Check whether gradientLength > 0 before using it as denominator.

LayoutTests:

* fast/gradients/css3-repeating-radial-gradients-crash-expected.txt: Added.
* fast/gradients/css3-repeating-radial-gradients-crash.html: Added.

Modified Paths

releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog
releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.10/Source/WebCore/css/CSSGradientValue.cpp

Added Paths

releases/WebKitGTK/webkit-2.10/LayoutTests/fast/gradients/css3-repeating-radial-gradients-crash-expected.txt
releases/WebKitGTK/webkit-2.10/LayoutTests/fast/gradients/css3-repeating-radial-gradients-crash.html

Diff

Modified: releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog (190961 => 190962)


--- releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog	2015-10-13 10:55:28 UTC (rev 190961)
+++ releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog	2015-10-13 10:56:30 UTC (rev 190962)
@@ -1,3 +1,14 @@
+2015-10-05  Jiewen Tan  <[email protected]>
+
+        CSSGradientValue should check whether gradientLength is zero or not.
+        https://bugs.webkit.org/show_bug.cgi?id=149373
+        <rdar://problem/22771418>
+
+        Reviewed by Darin Adler.
+
+        * fast/gradients/css3-repeating-radial-gradients-crash-expected.txt: Added.
+        * fast/gradients/css3-repeating-radial-gradients-crash.html: Added.
+
 2015-10-05  Dean Jackson  <[email protected]>
 
         Reference cycles during SVG dependency invalidation

Added: releases/WebKitGTK/webkit-2.10/LayoutTests/fast/gradients/css3-repeating-radial-gradients-crash-expected.txt (0 => 190962)


--- releases/WebKitGTK/webkit-2.10/LayoutTests/fast/gradients/css3-repeating-radial-gradients-crash-expected.txt	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.10/LayoutTests/fast/gradients/css3-repeating-radial-gradients-crash-expected.txt	2015-10-13 10:56:30 UTC (rev 190962)
@@ -0,0 +1 @@
+If this test passes, no crash occurs.

Added: releases/WebKitGTK/webkit-2.10/LayoutTests/fast/gradients/css3-repeating-radial-gradients-crash.html (0 => 190962)


--- releases/WebKitGTK/webkit-2.10/LayoutTests/fast/gradients/css3-repeating-radial-gradients-crash.html	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.10/LayoutTests/fast/gradients/css3-repeating-radial-gradients-crash.html	2015-10-13 10:56:30 UTC (rev 190962)
@@ -0,0 +1,10 @@
+<!doctype html>
+<html>
+<script>
+     if (window.testRunner)
+          testRunner.dumpAsText();
+</script>
+<body style="background-image: repeating-radial-gradient(closest-side circle at 0% 0%, #fff, #000);">
+If this test passes, no crash occurs.
+</body>
+</html>

Modified: releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog (190961 => 190962)


--- releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog	2015-10-13 10:55:28 UTC (rev 190961)
+++ releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog	2015-10-13 10:56:30 UTC (rev 190962)
@@ -1,3 +1,20 @@
+2015-10-05  Jiewen Tan  <[email protected]>
+
+        CSSGradientValue should check whether gradientLength is zero or not.
+        https://bugs.webkit.org/show_bug.cgi?id=149373
+        <rdar://problem/22771418>
+
+        Reviewed by Darin Adler.
+
+        This is a merge of Blink r158220,
+        https://chromiumcodereview.appspot.com/24350008
+
+        Test: fast/gradients/css3-repeating-radial-gradients-crash.html
+
+        * css/CSSGradientValue.cpp:
+        (WebCore::CSSGradientValue::addStops):
+        Check whether gradientLength > 0 before using it as denominator.
+
 2015-10-05  Dean Jackson  <[email protected]>
 
         Reference cycles during SVG dependency invalidation

Modified: releases/WebKitGTK/webkit-2.10/Source/WebCore/css/CSSGradientValue.cpp (190961 => 190962)


--- releases/WebKitGTK/webkit-2.10/Source/WebCore/css/CSSGradientValue.cpp	2015-10-13 10:55:28 UTC (rev 190961)
+++ releases/WebKitGTK/webkit-2.10/Source/WebCore/css/CSSGradientValue.cpp	2015-10-13 10:56:30 UTC (rev 190962)
@@ -375,7 +375,7 @@
                 }
 
                 if (maxLengthForRepeat > gradientLength)
-                    maxExtent = maxLengthForRepeat / gradientLength;
+                    maxExtent = gradientLength > 0 ? maxLengthForRepeat / gradientLength : 0;
             }
 
             size_t originalNumStops = numStops;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes