[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373

bdakin at apple.com bdakin at apple.com
Thu Apr 8 00:03:43 UTC 2010 

The following commit has been merged in the webkit-1.2 branch:
commit 70c2e4511632fc44d6f92dd11fd5577520af1e85
Author: bdakin at apple.com <bdakin at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Mon Nov 30 23:55:38 2009 +0000

    WebCore: Fix for https://bugs.webkit.org/show_bug.cgi?id=32000 Crash in
    Safari caused by extreme column-gap and column-width values
    -and corresponding-
    <rdar://problem/7425433>
    
    Reviewed by Oliver Hunt.
    
    Prevent desiredColumnCount from being less than 1 since it is used
    as a divisor.
    * rendering/RenderBlock.cpp:
    (WebCore::RenderBlock::calcColumnWidth):
    
    LayoutTests: Test for https://bugs.webkit.org/show_bug.cgi?id=32000 Crash in
    Safari caused by extreme column-gap and column-width values
    -and corresponding-
    <rdar://problem/7425433>
    
    Reviewed by Oliver Hunt.
    
    * fast/multicol/huge-column-gap-crash-expected.txt: Added.
    * fast/multicol/huge-column-gap-crash.html: Added.
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@51517 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 2e8fded..70aad6d 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2009-11-30  Beth Dakin  <bdakin at apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Test for https://bugs.webkit.org/show_bug.cgi?id=32000 Crash in 
+        Safari caused by extreme column-gap and column-width values 
+        -and corresponding-
+        <rdar://problem/7425433>
+
+        * fast/multicol/huge-column-gap-crash-expected.txt: Added.
+        * fast/multicol/huge-column-gap-crash.html: Added.
+
 2009-11-30  Alexey Proskuryakov  <ap at apple.com>
 
         Reviewed by Oliver Hunt.
diff --git a/LayoutTests/editing/pasteboard/copy-crash-with-extraneous-attribute-expected.txt b/LayoutTests/fast/multicol/huge-column-gap-crash-expected.txt
similarity index 100%
copy from LayoutTests/editing/pasteboard/copy-crash-with-extraneous-attribute-expected.txt
copy to LayoutTests/fast/multicol/huge-column-gap-crash-expected.txt
diff --git a/LayoutTests/fast/multicol/huge-column-gap-crash.html b/LayoutTests/fast/multicol/huge-column-gap-crash.html
new file mode 100644
index 0000000..1580182
--- /dev/null
+++ b/LayoutTests/fast/multicol/huge-column-gap-crash.html
@@ -0,0 +1,20 @@
+<html>
+<head>
+<style>
+body {
+    -webkit-column-width: .600pt;
+    -webkit-column-gap: 2261953074155095154;
+}
+</style>
+
+<script>
+    if (window.layoutTestController)
+        layoutTestController.dumpAsText();
+</script>
+</head>
+
+<body class="test">
+This test passes if it does not crash.
+</body>
+
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 4d0359d..e9bb016 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,17 @@
+2009-11-30  Beth Dakin  <bdakin at apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=32000 Crash in 
+        Safari caused by extreme column-gap and column-width values 
+        -and corresponding-
+        <rdar://problem/7425433>
+
+        Prevent desiredColumnCount from being less than 1 since it is used 
+        as a divisor.
+        * rendering/RenderBlock.cpp:
+        (WebCore::RenderBlock::calcColumnWidth):
+
 2009-11-30  Alexey Proskuryakov  <ap at apple.com>
 
         Reviewed by Oliver Hunt.
diff --git a/WebCore/rendering/RenderBlock.cpp b/WebCore/rendering/RenderBlock.cpp
index 2655150..7f70b07 100644
--- a/WebCore/rendering/RenderBlock.cpp
+++ b/WebCore/rendering/RenderBlock.cpp
@@ -3553,11 +3553,15 @@ void RenderBlock::calcColumnWidth()
             desiredColumnWidth = (availWidth - (desiredColumnCount - 1) * colGap) / desiredColumnCount;
         } else if (colGap < availWidth) {
             desiredColumnCount = availWidth / colGap;
+            if (desiredColumnCount < 1)
+                desiredColumnCount = 1;
             desiredColumnWidth = (availWidth - (desiredColumnCount - 1) * colGap) / desiredColumnCount;
         }
     } else if (style()->hasAutoColumnCount()) {
         if (colWidth < availWidth) {
             desiredColumnCount = (availWidth + colGap) / (colWidth + colGap);
+            if (desiredColumnCount < 1)
+                desiredColumnCount = 1;
             desiredColumnWidth = (availWidth - (desiredColumnCount - 1) * colGap) / desiredColumnCount;
         }
     } else {
@@ -3567,6 +3571,8 @@ void RenderBlock::calcColumnWidth()
             desiredColumnWidth = colWidth;
         } else if (colWidth < availWidth) {
             desiredColumnCount = (availWidth + colGap) / (colWidth + colGap);
+            if (desiredColumnCount < 1)
+                desiredColumnCount = 1;
             desiredColumnWidth = (availWidth - (desiredColumnCount - 1) * colGap) / desiredColumnCount;
         }
     }

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list