[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373

Gustavo Noronha Silva gns at gnome.org
Thu Apr 8 02:24:33 UTC 2010 

The following commit has been merged in the webkit-1.2 branch:
commit 022912233bbb8838b48f5dc3293a909e9dcb96c6
Author: dglazkov at chromium.org <dglazkov at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Mar 23 22:07:53 2010 +0000

    WebCore: Fix hard-to-see crash due to incorrect libxml API usage.
    
    Patch by Chris Evans <cevans at chromium.org> on 2010-03-23
    Reviewed by Darin Adler.
    
    https://bugs.webkit.org/show_bug.cgi?id=36000
    
    Test: fast/text/bad-encoding.html
    
    * dom/XMLTokenizerLibxml2.cpp:
    (WebCore::XMLTokenizer::doEnd): Avoid operations on a closed context.
    
    LayoutTests: Add test for crash due to calling into libxml in invalid state. Note
    that it is unlikely that this will actually crash for you in the test
    environment because it is highly intermittent. However, adding test in
    order to exercise the code path and prevent related regression.
    See https://bugs.webkit.org/show_bug.cgi?id=36000
    
    Patch by Chris Evans <cevans at chromium.org> on 2010-03-23
    Reviewed by Darin Adler.
    
    * fast/text/bad-encoding.html: Added.
    * fast/text/bad-encoding-expected.txt: Added.
    * fast/text/resources/bad-encoding.xml: Added.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@56420 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 128bfdb..4c5cd6a 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,17 @@
+2010-03-23  Chris Evans  <cevans at chromium.org>
+
+        Reviewed by Darin Adler.
+
+        Add test for crash due to calling into libxml in invalid state. Note
+        that it is unlikely that this will actually crash for you in the test
+        environment because it is highly intermittent. However, adding test in
+        order to exercise the code path and prevent related regression.
+        See https://bugs.webkit.org/show_bug.cgi?id=36000
+
+        * fast/text/bad-encoding.html: Added.
+        * fast/text/bad-encoding-expected.txt: Added.
+        * fast/text/resources/bad-encoding.xml: Added.
+
 2010-03-18  Chris Evans  <cevans at chromium.org>
 
         Reviewed by Nikolas Zimmermann.
diff --git a/LayoutTests/fast/text/bad-encoding-expected.txt b/LayoutTests/fast/text/bad-encoding-expected.txt
new file mode 100644
index 0000000..61b0584
--- /dev/null
+++ b/LayoutTests/fast/text/bad-encoding-expected.txt
@@ -0,0 +1 @@
+Did not crash - SUCCESS. See https://bugs.webkit.org/show_bug.cgi?id=36000
diff --git a/LayoutTests/fast/text/bad-encoding.html b/LayoutTests/fast/text/bad-encoding.html
new file mode 100644
index 0000000..ae9351f
--- /dev/null
+++ b/LayoutTests/fast/text/bad-encoding.html
@@ -0,0 +1,20 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
+<script>
+if (window.layoutTestController) {
+  layoutTestController.dumpAsText();
+  layoutTestController.waitUntilDone();
+}
+
+function loaded() {
+  if (window.layoutTestController)
+    layoutTestController.notifyDone();
+}
+</script>
+</head>
+<body>
+<iframe src="resources/bad-encoding.xml" onload="loaded()">
+</iframe>Did not crash - SUCCESS. See https://bugs.webkit.org/show_bug.cgi?id=36000
+</body>
+</html>
diff --git a/LayoutTests/fast/text/resources/bad-encoding.xml b/LayoutTests/fast/text/resources/bad-encoding.xml
new file mode 100644
index 0000000..ed261fb
--- /dev/null
+++ b/LayoutTests/fast/text/resources/bad-encoding.xml
@@ -0,0 +1 @@
+<a>AAAAAAAAAAAA°</a>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 9fe6a1b..8d32382 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,16 @@
+2010-03-23  Chris Evans  <cevans at chromium.org>
+
+        Reviewed by Darin Adler.
+
+        Fix hard-to-see crash due to incorrect libxml API usage.
+
+        https://bugs.webkit.org/show_bug.cgi?id=36000
+
+        Test: fast/text/bad-encoding.html
+
+        * dom/XMLTokenizerLibxml2.cpp:
+        (WebCore::XMLTokenizer::doEnd): Avoid operations on a closed context.
+
 2010-03-18  Chris Evans  <cevans at chromium.org>
 
         Reviewed by Nikolas Zimmermann.
diff --git a/WebCore/dom/XMLTokenizerLibxml2.cpp b/WebCore/dom/XMLTokenizerLibxml2.cpp
index 28b508e..70c98bd 100644
--- a/WebCore/dom/XMLTokenizerLibxml2.cpp
+++ b/WebCore/dom/XMLTokenizerLibxml2.cpp
@@ -1307,6 +1307,9 @@ void XMLTokenizer::doEnd()
     }
 #endif
 
+    if (m_parserStopped)
+        return;
+
     if (m_context) {
         // Tell libxml we're done.
         {

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list