[webkit-changes] [191093] branches/safari-601.1.46-branch

Wed, 14 Oct 2015 23:47:16 -0700

Title: [191093] branches/safari-601.1.46-branch

Diff

Modified: branches/safari-601.1.46-branch/LayoutTests/ChangeLog (191092 => 191093)


--- branches/safari-601.1.46-branch/LayoutTests/ChangeLog	2015-10-15 06:46:30 UTC (rev 191092)
+++ branches/safari-601.1.46-branch/LayoutTests/ChangeLog	2015-10-15 06:46:33 UTC (rev 191093)
@@ -1,5 +1,22 @@
 2015-10-14  Matthew Hanson  <matthew_han...@apple.com>
 
+        Merge r190339. rdar://problem/23075839
+
+    2015-09-29  Jon Honeycutt  <jhoneyc...@apple.com>
+
+            Avoid reparsing an XSLT stylesheet after the first failure.
+            https://bugs.webkit.org/show_bug.cgi?id=149188
+            <rdar://problem/22709912>
+
+            Reviewed by Dave Hyatt.
+
+            Patch by Jiewen Tan, jiewen_...@apple.com.
+
+            * svg/custom/invalid-xslt-crash-expected.txt: Added.
+            * svg/custom/invalid-xslt-crash.svg: Added.
+
+2015-10-14  Matthew Hanson  <matthew_han...@apple.com>
+
         Merge r188390. rdar://problem/22803749
 
     2015-08-13  Eric Carlson  <eric.carl...@apple.com>

Added: branches/safari-601.1.46-branch/LayoutTests/svg/custom/invalid-xslt-crash-expected.txt (0 => 191093)


--- branches/safari-601.1.46-branch/LayoutTests/svg/custom/invalid-xslt-crash-expected.txt	                        (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/svg/custom/invalid-xslt-crash-expected.txt	2015-10-15 06:46:33 UTC (rev 191093)
@@ -0,0 +1,2 @@
+layer at (0,0) size 800x600
+  RenderView at (0,0) size 800x600

Added: branches/safari-601.1.46-branch/LayoutTests/svg/custom/invalid-xslt-crash.svg (0 => 191093)


--- branches/safari-601.1.46-branch/LayoutTests/svg/custom/invalid-xslt-crash.svg	                        (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/svg/custom/invalid-xslt-crash.svg	2015-10-15 06:46:33 UTC (rev 191093)
@@ -0,0 +1,7 @@
+<?xml-stylesheet type="application/xml" href=""
+<svg xmlns="http://www.w3.org/2000/svg"
+		xmlns:xslt="http://www.w3.org/1999/XSL/Transform"
+		xslt:version="1.0">
+  <!-- The test passes if it doesn't crash -->
+  <xslt:attribute nnnnnnnnnnname="fill">lime</xslt:attribute>
+</svg>

Modified: branches/safari-601.1.46-branch/Source/WebCore/ChangeLog (191092 => 191093)


--- branches/safari-601.1.46-branch/Source/WebCore/ChangeLog	2015-10-15 06:46:30 UTC (rev 191092)
+++ branches/safari-601.1.46-branch/Source/WebCore/ChangeLog	2015-10-15 06:46:33 UTC (rev 191093)
@@ -1,5 +1,30 @@
 2015-10-14  Matthew Hanson  <matthew_han...@apple.com>
 
+        Merge r190339. rdar://problem/23075839
+
+    2015-09-29  Jon Honeycutt  <jhoneyc...@apple.com>
+
+            Avoid reparsing an XSLT stylesheet after the first failure.
+            https://bugs.webkit.org/show_bug.cgi?id=149188
+            <rdar://problem/22709912>
+
+            Reviewed by Dave Hyatt.
+
+            Patch by Jiewen Tan, jiewen_...@apple.com.
+
+            Test: svg/custom/invalid-xslt-crash.svg
+
+            * xml/XSLStyleSheet.h:
+            Add a new member variable m_compilationFailed that tracks whether
+            compilation has failed. Default value is false.
+
+            * xml/XSLStyleSheetLibxslt.cpp:
+            (WebCore::XSLStyleSheet::compileStyleSheet):
+            Return early if the compilation has failed before. After compiling the
+            style sheet, if we failed, set m_compilationFailed to true.
+
+2015-10-14  Matthew Hanson  <matthew_han...@apple.com>
+
         Merge r190097. rdar://problem/23075843
 
     2015-09-21  Ryosuke Niwa  <rn...@webkit.org>

Modified: branches/safari-601.1.46-branch/Source/WebCore/xml/XSLStyleSheet.h (191092 => 191093)


--- branches/safari-601.1.46-branch/Source/WebCore/xml/XSLStyleSheet.h	2015-10-15 06:46:30 UTC (rev 191092)
+++ branches/safari-601.1.46-branch/Source/WebCore/xml/XSLStyleSheet.h	2015-10-15 06:46:33 UTC (rev 191093)
@@ -116,7 +116,8 @@
 
     xmlDocPtr m_stylesheetDoc;
     bool m_stylesheetDocTaken;
-    
+    bool m_compilationFailed = false;
+
     XSLStyleSheet* m_parentStyleSheet;
 };

Modified: branches/safari-601.1.46-branch/Source/WebCore/xml/XSLStyleSheetLibxslt.cpp (191092 => 191093)


--- branches/safari-601.1.46-branch/Source/WebCore/xml/XSLStyleSheetLibxslt.cpp	2015-10-15 06:46:30 UTC (rev 191092)
+++ branches/safari-601.1.46-branch/Source/WebCore/xml/XSLStyleSheetLibxslt.cpp	2015-10-15 06:46:33 UTC (rev 191093)
@@ -245,12 +245,19 @@
     if (m_embedded)
         return xsltLoadStylesheetPI(document());
 
+    // Certain libxslt versions are corrupting the xmlDoc on compilation
+    // failures - hence attempting to recompile after a failure is unsafe.
+    if (m_compilationFailed)
+        return 0;
+
     // xsltParseStylesheetDoc makes the document part of the stylesheet
     // so we have to release our pointer to it.
     ASSERT(!m_stylesheetDocTaken);
     xsltStylesheetPtr result = xsltParseStylesheetDoc(m_stylesheetDoc);
     if (result)
         m_stylesheetDocTaken = true;
+    else
+        m_compilationFailed = true;
     return result;
 }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to