[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

cfleizach at apple.com cfleizach at apple.com
Wed Dec 22 12:37:02 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit abf104922dc8ce7c0fb127a9042ff80b8dc9f18b
Author: cfleizach at apple.com <cfleizach at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Aug 26 00:31:19 2010 +0000

    AX: CSS first letter text transform causes crash
    https://bugs.webkit.org/show_bug.cgi?id=44352
    
    Reviewed by David Kilzer.
    
    WebCore:
    
    Test: accessibility/first-letter-text-transform-causes-crash.html
    
    * accessibility/AccessibilityRenderObject.cpp:
    (WebCore::nextContinuation):
    
    LayoutTests:
    
    * accessibility/first-letter-text-transform-causes-crash-expected.txt: Added.
    * accessibility/first-letter-text-transform-causes-crash.html: Added.
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@66061 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 831f086..611f412 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-08-25  Chris Fleizach  <cfleizach at apple.com>
+
+        Reviewed by David Kilzer.
+
+        AX: CSS first letter text transform causes crash
+        https://bugs.webkit.org/show_bug.cgi?id=44352
+
+        * accessibility/first-letter-text-transform-causes-crash-expected.txt: Added.
+        * accessibility/first-letter-text-transform-causes-crash.html: Added.
+
 2010-08-25  Ryosuke Niwa  <rniwa at webkit.org>
 
         Reviewed by Tony Chang.
diff --git a/LayoutTests/accessibility/first-letter-text-transform-causes-crash-expected.txt b/LayoutTests/accessibility/first-letter-text-transform-causes-crash-expected.txt
new file mode 100644
index 0000000..c7c2c16
--- /dev/null
+++ b/LayoutTests/accessibility/first-letter-text-transform-causes-crash-expected.txt
@@ -0,0 +1,10 @@
+Dt
+First letter text transform causes assert and bad type cast. This can cause a crash.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/accessibility/first-letter-text-transform-causes-crash.html b/LayoutTests/accessibility/first-letter-text-transform-causes-crash.html
new file mode 100644
index 0000000..bd4e3bd
--- /dev/null
+++ b/LayoutTests/accessibility/first-letter-text-transform-causes-crash.html
@@ -0,0 +1,43 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="../fast/js/resources/js-test-style.css">
+<style>
+       dt:first-letter{text-transform:uppercase;}
+</style>
+<script>
+    var successfullyParsed = false;
+
+    function buildAccessibilityTree(accessibilityObject) {
+        var count = accessibilityObject.childrenCount;
+        for (var i = 0; i < count; ++i)
+            buildAccessibilityTree(accessibilityObject.childAtIndex(i));
+    }
+</script>
+<script src="../fast/js/resources/js-test-pre.js"></script>
+</head>
+<body>
+
+<dt>dt</dt>
+
+<p id="description"></p>
+<div id="console"></div>
+
+<script>
+    description("First letter text transform causes assert and bad type cast. This can cause a crash.");
+
+    // Trigger a layout operation to create the two RenderTextFragment instances.
+    document.body.children[0].offsetWidth;
+
+    if (window.accessibilityController) {
+        // Build up full accessibility tree.
+        document.body.focus();
+        buildAccessibilityTree(accessibilityController.focusedElement);
+    }
+
+    successfullyParsed = true;
+</script>
+
+<script src="../fast/js/resources/js-test-post.js"></script>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index e020791..5cfbf30 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-08-25  Chris Fleizach  <cfleizach at apple.com>
+
+        Reviewed by David Kilzer.
+
+        AX: CSS first letter text transform causes crash
+        https://bugs.webkit.org/show_bug.cgi?id=44352
+
+        Test: accessibility/first-letter-text-transform-causes-crash.html
+
+        * accessibility/AccessibilityRenderObject.cpp:
+        (WebCore::nextContinuation):
+
 2010-08-25  Eric Seidel  <eric at webkit.org>
 
         Reviewed by Adam Barth.
diff --git a/WebCore/accessibility/AccessibilityRenderObject.cpp b/WebCore/accessibility/AccessibilityRenderObject.cpp
index 6b90b63..92c57c6 100644
--- a/WebCore/accessibility/AccessibilityRenderObject.cpp
+++ b/WebCore/accessibility/AccessibilityRenderObject.cpp
@@ -370,9 +370,12 @@ AccessibilityObject* AccessibilityRenderObject::nextSibling() const
 
 static RenderBoxModelObject* nextContinuation(RenderObject* renderer)
 {
-    if (renderer->isInline() && !renderer->isReplaced())
+    ASSERT(renderer);
+    if (renderer->isRenderInline() && !renderer->isReplaced())
         return toRenderInline(renderer)->continuation();
-    return toRenderBlock(renderer)->inlineElementContinuation();
+    if (renderer->isRenderBlock())
+        return toRenderBlock(renderer)->inlineElementContinuation();
+    return 0;
 }
     
 RenderObject* AccessibilityRenderObject::renderParentObject() const

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list