[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
commit-queue at webkit.org
commit-queue at webkit.org
Wed Dec 22 13:17:15 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 9fc8b9329aca5031c08f5e4a585cb0fe4c57a718
Author: commit-queue at webkit.org <commit-queue at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Sep 10 10:04:27 2010 +0000
2010-09-10 Cris Neckar <cdn at chromium.org>
Reviewed by Chris Fleizach.
Test for null deref in RenderBlock::updateFirstLetter().
https://bugs.webkit.org/show_bug.cgi?id=45404
* fast/dom/firstletter-tablecell-crash-expected.txt: Added.
* fast/dom/firstletter-tablecell-crash.html: Added.
2010-09-10 Cris Neckar <cdn at chromium.org>
Reviewed by Chris Fleizach.
Null deref in RenderBlock::updateFirstLetter(). Check for null psuedo style.
https://bugs.webkit.org/show_bug.cgi?id=45404
Test: fast/dom/firstletter-tablecell-crash.html
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::updateFirstLetter):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@67184 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 33a8e21..1cd92ad 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -2,6 +2,16 @@
Reviewed by Chris Fleizach.
+ Test for null deref in RenderBlock::updateFirstLetter().
+ https://bugs.webkit.org/show_bug.cgi?id=45404
+
+ * fast/dom/firstletter-tablecell-crash-expected.txt: Added.
+ * fast/dom/firstletter-tablecell-crash.html: Added.
+
+2010-09-10 Cris Neckar <cdn at chromium.org>
+
+ Reviewed by Chris Fleizach.
+
Test for null deref in RenderBlock::findNextLineBreak().
https://bugs.webkit.org/show_bug.cgi?id=45350
diff --git a/LayoutTests/fast/dom/firstletter-tablecell-crash-expected.txt b/LayoutTests/fast/dom/firstletter-tablecell-crash-expected.txt
new file mode 100644
index 0000000..3316340
--- /dev/null
+++ b/LayoutTests/fast/dom/firstletter-tablecell-crash-expected.txt
@@ -0,0 +1 @@
+...This text should be displayed without crashing
diff --git a/LayoutTests/fast/dom/firstletter-tablecell-crash.html b/LayoutTests/fast/dom/firstletter-tablecell-crash.html
new file mode 100644
index 0000000..bacd464
--- /dev/null
+++ b/LayoutTests/fast/dom/firstletter-tablecell-crash.html
@@ -0,0 +1,7 @@
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+</script>
+<style>*:nth-child(2):first-letter { vertical-align: super; }</style>
+<a>...</a><del style="display:table-cell;">This text should be displayed without crashing
+
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 81aebdc..728e553 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -2,6 +2,18 @@
Reviewed by Chris Fleizach.
+ Null deref in RenderBlock::updateFirstLetter(). Check for null psuedo style.
+ https://bugs.webkit.org/show_bug.cgi?id=45404
+
+ Test: fast/dom/firstletter-tablecell-crash.html
+
+ * rendering/RenderBlock.cpp:
+ (WebCore::RenderBlock::updateFirstLetter):
+
+2010-09-10 Cris Neckar <cdn at chromium.org>
+
+ Reviewed by Chris Fleizach.
+
Null deref in RenderBlock::findNextLineBreak(). Check for null style with
first-line style and fixed position.
https://bugs.webkit.org/show_bug.cgi?id=45350
diff --git a/WebCore/rendering/RenderBlock.cpp b/WebCore/rendering/RenderBlock.cpp
index e507699..66299ab 100644
--- a/WebCore/rendering/RenderBlock.cpp
+++ b/WebCore/rendering/RenderBlock.cpp
@@ -5168,7 +5168,11 @@ void RenderBlock::updateFirstLetter()
// Create our pseudo style now that we have our firstLetterContainer determined.
RenderStyle* pseudoStyle = firstLetterBlock->getCachedPseudoStyle(FIRST_LETTER,
firstLetterContainer->firstLineStyle());
-
+ if (!pseudoStyle) {
+ view()->enableLayoutState();
+ return;
+ }
+
// Force inline display (except for floating first-letters)
pseudoStyle->setDisplay(pseudoStyle->isFloating() ? BLOCK : INLINE);
pseudoStyle->setPosition(StaticPosition); // CSS2 says first-letter can't be positioned.
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list