[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.15.1-1414-gc69ee75

eric at webkit.org eric at webkit.org
Thu Oct 29 20:44:54 UTC 2009 

The following commit has been merged in the webkit-1.1 branch:
commit a0a6b746767101dcd498e390fc8ef90016ba055a
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Oct 15 06:12:39 2009 +0000

    2009-10-14  Matt Mueller  <mattm at chromium.org>
    
            Reviewed by Darin Adler.
    
            Check FNonNeg after the unit switch to avoid valgrind uninitialised conditional reference in WebCore::CSSParser::validUnit.  See http://crbug.com/20939.
            https://bugs.webkit.org/show_bug.cgi?id=30347
            https://bugs.webkit.org/show_bug.cgi?id=22772
    
            Covered by running LayoutTests/fast/css/invalid-percentage-property.html under valgrind.
    
            * css/CSSParser.cpp:
            (WebCore::CSSParser::validUnit):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@49609 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index e5e45fb..d959366 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,16 @@
+2009-10-14  Matt Mueller  <mattm at chromium.org>
+
+        Reviewed by Darin Adler.
+
+        Check FNonNeg after the unit switch to avoid valgrind uninitialised conditional reference in WebCore::CSSParser::validUnit.  See http://crbug.com/20939.
+        https://bugs.webkit.org/show_bug.cgi?id=30347
+        https://bugs.webkit.org/show_bug.cgi?id=22772
+
+        Covered by running LayoutTests/fast/css/invalid-percentage-property.html under valgrind.
+
+        * css/CSSParser.cpp:
+        (WebCore::CSSParser::validUnit):
+
 2009-10-14  Adam Barth  <abarth at webkit.org>
 
         Reviewed by Sam Weinig.
diff --git a/WebCore/css/CSSParser.cpp b/WebCore/css/CSSParser.cpp
index d768bdb..fd6cb4d 100644
--- a/WebCore/css/CSSParser.cpp
+++ b/WebCore/css/CSSParser.cpp
@@ -405,9 +405,6 @@ Document* CSSParser::document() const
 
 bool CSSParser::validUnit(CSSParserValue* value, Units unitflags, bool strict)
 {
-    if (unitflags & FNonNeg && value->fValue < 0)
-        return false;
-
     bool b = false;
     switch (value->unit) {
     case CSSPrimitiveValue::CSS_NUMBER:
@@ -451,6 +448,8 @@ bool CSSParser::validUnit(CSSParserValue* value, Units unitflags, bool strict)
     default:
         break;
     }
+    if (b && unitflags & FNonNeg && value->fValue < 0)
+        b = false;
     return b;
 }
 

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list