[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

inferno at chromium.org inferno at chromium.org
Wed Dec 22 13:09:13 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit b06e7baef65b7cc2d92669d3d10cf9be3b401a6c
Author: inferno at chromium.org <inferno at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Sep 7 21:57:48 2010 +0000

    2010-09-07  Abhishek Arya  <inferno at chromium.org>
    
            Reviewed by Darin Adler.
    
            Remove redundant bounds check in originalText(). Add bounds check
            to previousCharacter(). No need of start() > 0 check since m_start
            is unsigned and we already do start() null check inside function.
            https://bugs.webkit.org/show_bug.cgi?id=45303
    
            Test: fast/text/one-letter-transform-crash.html
    
            * rendering/RenderTextFragment.cpp:
            (WebCore::RenderTextFragment::originalText):
            (WebCore::RenderTextFragment::previousCharacter):
    2010-09-07  Abhishek Arya  <inferno at chromium.org>
    
            Reviewed by Darin Adler.
    
            Tests that we dont hit assert i < m_length when trying to read
            previousCharacter for text fragments.
            https://bugs.webkit.org/show_bug.cgi?id=45303
    
            * fast/text/one-letter-transform-crash-expected.txt: Added.
            * fast/text/one-letter-transform-crash.html: Added.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@66911 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index f15564a..8ccf7d3 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,14 @@
+2010-09-07  Abhishek Arya  <inferno at chromium.org>
+
+        Reviewed by Darin Adler.
+
+        Tests that we dont hit assert i < m_length when trying to read
+        previousCharacter for text fragments.
+        https://bugs.webkit.org/show_bug.cgi?id=45303
+
+        * fast/text/one-letter-transform-crash-expected.txt: Added.
+        * fast/text/one-letter-transform-crash.html: Added.
+
 2010-09-07  Zhenyao Mo  <zmo at google.com>
 
         Unreviewed.
diff --git a/LayoutTests/fast/text/one-letter-transform-crash-expected.txt b/LayoutTests/fast/text/one-letter-transform-crash-expected.txt
new file mode 100644
index 0000000..1042c76
--- /dev/null
+++ b/LayoutTests/fast/text/one-letter-transform-crash-expected.txt
@@ -0,0 +1,2 @@
+Test passes if it does not crash.
+
diff --git a/LayoutTests/fast/text/one-letter-transform-crash.html b/LayoutTests/fast/text/one-letter-transform-crash.html
new file mode 100644
index 0000000..5415359
--- /dev/null
+++ b/LayoutTests/fast/text/one-letter-transform-crash.html
@@ -0,0 +1,18 @@
+<html>
+    Test passes if it does not crash.
+    <style>
+        div:first-letter {
+            text-decoration: overline;
+        }
+        div {
+            text-transform: capitalize;
+        }
+    </style>
+    <script>
+    if (window.layoutTestController)
+        layoutTestController.dumpAsText();
+    </script>
+    <div/>
+    <summary>
+</html>
+
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index e475312..258ed77 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,18 @@
+2010-09-07  Abhishek Arya  <inferno at chromium.org>
+
+        Reviewed by Darin Adler.
+
+        Remove redundant bounds check in originalText(). Add bounds check
+        to previousCharacter(). No need of start() > 0 check since m_start
+        is unsigned and we already do start() null check inside function.
+        https://bugs.webkit.org/show_bug.cgi?id=45303
+
+        Test: fast/text/one-letter-transform-crash.html
+
+        * rendering/RenderTextFragment.cpp:
+        (WebCore::RenderTextFragment::originalText):
+        (WebCore::RenderTextFragment::previousCharacter):
+
 2010-09-07  Kenneth Russell  <kbr at google.com>
 
         Reviewed by Dimitri Glazkov.
diff --git a/WebCore/rendering/RenderTextFragment.cpp b/WebCore/rendering/RenderTextFragment.cpp
index 0556284..b14308d 100644
--- a/WebCore/rendering/RenderTextFragment.cpp
+++ b/WebCore/rendering/RenderTextFragment.cpp
@@ -48,9 +48,9 @@ PassRefPtr<StringImpl> RenderTextFragment::originalText() const
 {
     Node* e = node();
     RefPtr<StringImpl> result = ((e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : contentString());
-    if (result && (start() > 0 || start() < result->length()))
-        result = result->substring(start(), end());
-    return result.release();
+    if (!result)
+        return 0;
+    return result->substring(start(), end());
 }
 
 void RenderTextFragment::destroy()
@@ -81,7 +81,7 @@ UChar RenderTextFragment::previousCharacter() const
     if (start()) {
         Node* e = node();
         StringImpl*  original = ((e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : contentString());
-        if (original)
+        if (original && start() <= original->length())
             return (*original)[start() - 1];
     }
 

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list