[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
tony at chromium.org
tony at chromium.org
Wed Dec 22 12:39:38 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 88468bcc811db8eddaa2babddbc3feb08425e4f7
Author: tony at chromium.org <tony at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Aug 26 21:05:41 2010 +0000
2010-08-26 Tony Chang <tony at chromium.org>
Reviewed by David Hyatt.
crash when rendering scrollbar gradient
https://bugs.webkit.org/show_bug.cgi?id=44549
* scrollbars/scrollbar-gradient-crash-expected.txt: Added.
* scrollbars/scrollbar-gradient-crash.html: Added.
2010-08-26 Tony Chang <tony at chromium.org>
Reviewed by David Hyatt.
crash when rendering scrollbar gradient
https://bugs.webkit.org/show_bug.cgi?id=44549
Test: scrollbars/scrollbar-gradient-crash.html
* css/CSSImageGeneratorValue.cpp:
(WebCore::CSSImageGeneratorValue::getImage): Keep this alive.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@66133 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 1c8ff55..59696ea 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-08-26 Tony Chang <tony at chromium.org>
+
+ Reviewed by David Hyatt.
+
+ crash when rendering scrollbar gradient
+ https://bugs.webkit.org/show_bug.cgi?id=44549
+
+ * scrollbars/scrollbar-gradient-crash-expected.txt: Added.
+ * scrollbars/scrollbar-gradient-crash.html: Added.
+
2010-08-26 Ojan Vafai <ojan at chromium.org>
Reviewed by Tony Chang.
diff --git a/LayoutTests/editing/pasteboard/copy-crash-with-extraneous-attribute-expected.txt b/LayoutTests/scrollbars/scrollbar-gradient-crash-expected.txt
similarity index 100%
copy from LayoutTests/editing/pasteboard/copy-crash-with-extraneous-attribute-expected.txt
copy to LayoutTests/scrollbars/scrollbar-gradient-crash-expected.txt
diff --git a/LayoutTests/scrollbars/scrollbar-gradient-crash.html b/LayoutTests/scrollbars/scrollbar-gradient-crash.html
new file mode 100644
index 0000000..46d6723
--- /dev/null
+++ b/LayoutTests/scrollbars/scrollbar-gradient-crash.html
@@ -0,0 +1,30 @@
+<style type="text/css">
+::-webkit-scrollbar {
+ width: 0.8em;
+ height: 0.8em;
+}
+::-webkit-scrollbar-thumb {
+ background: #666 -webkit-gradient(linear, left top, right top, from(rgba(255,255,255,0.5)), color-stop(0.5, rgba(255,255,255,0.1)), color-stop(0.5, rgba(0,0,0,0)), to(rgba(0,0,0,0.01)));
+}
+</style>
+
+<body>
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+function test()
+{
+ // Force a layout.
+ window.x = document.body.offsetTop;
+
+ var styles = document.getElementsByTagName("style");
+ for (var i = 0; i < styles.length; ++i)
+ document.head.appendChild(styles[i]);
+}
+document.addEventListener('DOMContentLoaded', test, false);
+</script>
+<div style="height: 1000px;">
+This test passes if it does not crash.
+</div>
+</body>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 3cc9453..92c6ada 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-08-26 Tony Chang <tony at chromium.org>
+
+ Reviewed by David Hyatt.
+
+ crash when rendering scrollbar gradient
+ https://bugs.webkit.org/show_bug.cgi?id=44549
+
+ Test: scrollbars/scrollbar-gradient-crash.html
+
+ * css/CSSImageGeneratorValue.cpp:
+ (WebCore::CSSImageGeneratorValue::getImage): Keep this alive.
+
2010-08-26 Stephen White <senorblanco at chromium.org>
Reviewed by Kenneth Russell.
diff --git a/WebCore/css/CSSImageGeneratorValue.cpp b/WebCore/css/CSSImageGeneratorValue.cpp
index 4cf0873..784f438 100644
--- a/WebCore/css/CSSImageGeneratorValue.cpp
+++ b/WebCore/css/CSSImageGeneratorValue.cpp
@@ -86,6 +86,8 @@ Image* CSSImageGeneratorValue::getImage(RenderObject* renderer, const IntSize& s
SizeCountPair& sizeCount = it->second;
IntSize oldSize = sizeCount.first;
if (oldSize != size) {
+ // If renderer is the only client, make sure we don't delete this.
+ RefPtr<CSSImageGeneratorValue> protect(this);
removeClient(renderer);
addClient(renderer, size);
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list