[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
commit-queue at webkit.org
commit-queue at webkit.org
Wed Dec 22 13:17:13 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 68bed2787e244c63d721fac76919ebb1250a8322
Author: commit-queue at webkit.org <commit-queue at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Sep 10 09:45:09 2010 +0000
2010-09-10 Cris Neckar <cdn at chromium.org>
Reviewed by Chris Fleizach.
Test for null deref in RenderBlock::findNextLineBreak().
https://bugs.webkit.org/show_bug.cgi?id=45350
* fast/dom/firstline-fixed-crash-expected.txt: Added.
* fast/dom/firstline-fixed-crash.html: Added.
2010-09-10 Cris Neckar <cdn at chromium.org>
Reviewed by Chris Fleizach.
Null deref in RenderBlock::findNextLineBreak(). Check for null style with
first-line style and fixed position.
https://bugs.webkit.org/show_bug.cgi?id=45350
Test: fast/dom/firstline-fixed-crash.html
* rendering/RenderBlockLineLayout.cpp:
(WebCore::RenderBlock::findNextLineBreak):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@67183 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index a904dc9..33a8e21 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-09-10 Cris Neckar <cdn at chromium.org>
+
+ Reviewed by Chris Fleizach.
+
+ Test for null deref in RenderBlock::findNextLineBreak().
+ https://bugs.webkit.org/show_bug.cgi?id=45350
+
+ * fast/dom/firstline-fixed-crash-expected.txt: Added.
+ * fast/dom/firstline-fixed-crash.html: Added.
+
2010-09-10 Eric Seidel <eric at webkit.org>
Reviewed by Dimitri Glazkov.
diff --git a/LayoutTests/fast/dom/firstline-fixed-crash-expected.txt b/LayoutTests/fast/dom/firstline-fixed-crash-expected.txt
new file mode 100644
index 0000000..83d9607
--- /dev/null
+++ b/LayoutTests/fast/dom/firstline-fixed-crash-expected.txt
@@ -0,0 +1,2 @@
+This text should render without crashing
+
diff --git a/LayoutTests/fast/dom/firstline-fixed-crash.html b/LayoutTests/fast/dom/firstline-fixed-crash.html
new file mode 100644
index 0000000..6f95149
--- /dev/null
+++ b/LayoutTests/fast/dom/firstline-fixed-crash.html
@@ -0,0 +1,11 @@
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+</script>
+<style>
+*:nth-child(2):first-line { margin-bottom: 1px; }</style>
+<div contentEditable>
+<a style="position: fixed;">
+This text should render without crashing
+</div>...
+
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index a40f4d7..81aebdc 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,16 @@
+2010-09-10 Cris Neckar <cdn at chromium.org>
+
+ Reviewed by Chris Fleizach.
+
+ Null deref in RenderBlock::findNextLineBreak(). Check for null style with
+ first-line style and fixed position.
+ https://bugs.webkit.org/show_bug.cgi?id=45350
+
+ Test: fast/dom/firstline-fixed-crash.html
+
+ * rendering/RenderBlockLineLayout.cpp:
+ (WebCore::RenderBlock::findNextLineBreak):
+
2010-09-10 Eric Seidel <eric at webkit.org>
Reviewed by Dimitri Glazkov.
diff --git a/WebCore/rendering/RenderBlockLineLayout.cpp b/WebCore/rendering/RenderBlockLineLayout.cpp
index c2d2114..d57f420 100644
--- a/WebCore/rendering/RenderBlockLineLayout.cpp
+++ b/WebCore/rendering/RenderBlockLineLayout.cpp
@@ -1563,6 +1563,8 @@ InlineIterator RenderBlock::findNextLineBreak(InlineBidiResolver& resolver, bool
const UChar* str = t->characters();
RenderStyle* style = t->style(firstLine);
+ if (!style)
+ goto end;
const Font& f = style->font();
bool isFixedPitch = f.isFixedPitch();
bool canHyphenate = style->hyphens() == HyphensAuto && WebCore::canHyphenate(style->hyphenationLocale());
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list