[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

mitz at apple.com mitz at apple.com
Wed Dec 22 13:19:14 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit b7653cfb7c60aff07f2e1583e0111ce9a0a92567
Author: mitz at apple.com <mitz at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Sat Sep 11 00:53:09 2010 +0000

    2010-09-10  Dan Bernstein  <mitz at apple.com>
    
            Reviewed by Anders Carlsson.
    
            Pseudostyle resolution corrupts cached child index values
            https://bugs.webkit.org/show_bug.cgi?id=45574
    
            Covered by fast/dom/firstline-fixed-crash.html and fast/dom/firstletter-tablecell-crash.html.
    
            RenderBlock::updateFirstLetter() calls getCachedPseudoStyle() passing as the parent style the
            style of the parent of the first letter, which is not always the parent of the element for
            which we are getting :first-letter style. As a result, style resolution caches childIndex values
            in the wrong element’s style.
    
            * css/CSSStyleSelector.cpp:
            (WebCore::CSSStyleSelector::pseudoStyleForElement): Create the new style and inherit from
            the parent style before matching rules, to avoid corrupting the parent style itself.
            (WebCore::CSSStyleSelector::checkSelector): Always pass the element’s parent style as
            the parent style here.
            * rendering/RenderBlock.cpp:
            (WebCore::RenderBlock::updateFirstLetter): Removed the null check that was added
            in r67183.
            * rendering/RenderBlockLineLayout.cpp:
            (WebCore::RenderBlock::findNextLineBreak): Removed the null check that was added
            in r67184.
    2010-09-10  Dan Bernstein  <mitz at apple.com>
    
            Reviewed by Anders Carlsson.
    
            Pseudostyle resolution corrupts cached child index values
            https://bugs.webkit.org/show_bug.cgi?id=45574
    
            * fast/dom/firstline-fixed-crash-expected.txt: Updated results.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@67255 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 431f114..1add944 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,12 @@
+2010-09-10  Dan Bernstein  <mitz at apple.com>
+
+        Reviewed by Anders Carlsson.
+
+        Pseudostyle resolution corrupts cached child index values
+        https://bugs.webkit.org/show_bug.cgi?id=45574
+
+        * fast/dom/firstline-fixed-crash-expected.txt: Updated results.
+
 2010-09-10  Cosmin Truta  <ctruta at chromium.org>
 
         Reviewed by Nikolas Zimmermann.
diff --git a/LayoutTests/fast/dom/firstline-fixed-crash-expected.txt b/LayoutTests/fast/dom/firstline-fixed-crash-expected.txt
index 83d9607..89db3a7 100644
--- a/LayoutTests/fast/dom/firstline-fixed-crash-expected.txt
+++ b/LayoutTests/fast/dom/firstline-fixed-crash-expected.txt
@@ -1,2 +1,2 @@
 This text should render without crashing 
-
+...
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index a35049a..67cca0e 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,29 @@
+2010-09-10  Dan Bernstein  <mitz at apple.com>
+
+        Reviewed by Anders Carlsson.
+
+        Pseudostyle resolution corrupts cached child index values
+        https://bugs.webkit.org/show_bug.cgi?id=45574
+
+        Covered by fast/dom/firstline-fixed-crash.html and fast/dom/firstletter-tablecell-crash.html.
+
+        RenderBlock::updateFirstLetter() calls getCachedPseudoStyle() passing as the parent style the
+        style of the parent of the first letter, which is not always the parent of the element for
+        which we are getting :first-letter style. As a result, style resolution caches childIndex values
+        in the wrong element’s style.
+
+        * css/CSSStyleSelector.cpp:
+        (WebCore::CSSStyleSelector::pseudoStyleForElement): Create the new style and inherit from
+        the parent style before matching rules, to avoid corrupting the parent style itself.
+        (WebCore::CSSStyleSelector::checkSelector): Always pass the element’s parent style as
+        the parent style here.
+        * rendering/RenderBlock.cpp:
+        (WebCore::RenderBlock::updateFirstLetter): Removed the null check that was added
+        in r67183.
+        * rendering/RenderBlockLineLayout.cpp:
+        (WebCore::RenderBlock::findNextLineBreak): Removed the null check that was added
+        in r67184.
+
 2010-09-10  Jer Noble  <jer.noble at apple.com>
 
         No review; build fix only.
diff --git a/WebCore/css/CSSStyleSelector.cpp b/WebCore/css/CSSStyleSelector.cpp
index 5dcd774..8bd6720 100644
--- a/WebCore/css/CSSStyleSelector.cpp
+++ b/WebCore/css/CSSStyleSelector.cpp
@@ -1503,8 +1503,10 @@ PassRefPtr<RenderStyle> CSSStyleSelector::pseudoStyleForElement(PseudoId pseudo,
     }
 
     initForStyleResolve(e, parentStyle, pseudo);
-    m_style = parentStyle;
-    
+    m_style = RenderStyle::create();
+    if (parentStyle)
+        m_style->inheritFrom(parentStyle);
+
     m_checker.m_matchVisitedPseudoClass = matchVisitedPseudoClass;
 
     // Since we don't use pseudo-elements in any of our quirk/print user agent rules, don't waste time walking
@@ -1522,10 +1524,6 @@ PassRefPtr<RenderStyle> CSSStyleSelector::pseudoStyleForElement(PseudoId pseudo,
     if (m_matchedDecls.isEmpty() && !visitedStyle)
         return 0;
 
-    m_style = RenderStyle::create();
-    if (parentStyle)
-        m_style->inheritFrom(parentStyle);
-
     m_style->setStyleType(pseudo);
     
     m_lineHeightValue = 0;
@@ -1888,7 +1886,7 @@ bool CSSStyleSelector::checkSelector(CSSSelector* sel)
     m_dynamicPseudo = NOPSEUDO;
 
     // Check the selector
-    SelectorMatch match = m_checker.checkSelector(sel, m_element, &m_selectorAttrs, m_dynamicPseudo, false, false, style(), m_parentStyle);
+    SelectorMatch match = m_checker.checkSelector(sel, m_element, &m_selectorAttrs, m_dynamicPseudo, false, false, style(), m_parentNode ? m_parentNode->renderStyle() : 0);
     if (match != SelectorMatches)
         return false;
 
diff --git a/WebCore/rendering/RenderBlock.cpp b/WebCore/rendering/RenderBlock.cpp
index 7f18bf0..87ef3e9 100644
--- a/WebCore/rendering/RenderBlock.cpp
+++ b/WebCore/rendering/RenderBlock.cpp
@@ -5168,10 +5168,6 @@ void RenderBlock::updateFirstLetter()
         // Create our pseudo style now that we have our firstLetterContainer determined.
         RenderStyle* pseudoStyle = firstLetterBlock->getCachedPseudoStyle(FIRST_LETTER,
                                                                           firstLetterContainer->firstLineStyle());
-        if (!pseudoStyle) {
-            view()->enableLayoutState();
-            return;
-        }        
 
         // Force inline display (except for floating first-letters)
         pseudoStyle->setDisplay(pseudoStyle->isFloating() ? BLOCK : INLINE);
diff --git a/WebCore/rendering/RenderBlockLineLayout.cpp b/WebCore/rendering/RenderBlockLineLayout.cpp
index 51ec2e9..84c110a 100644
--- a/WebCore/rendering/RenderBlockLineLayout.cpp
+++ b/WebCore/rendering/RenderBlockLineLayout.cpp
@@ -1568,8 +1568,6 @@ InlineIterator RenderBlock::findNextLineBreak(InlineBidiResolver& resolver, bool
             const UChar* str = t->characters();
 
             RenderStyle* style = t->style(firstLine);
-            if (!style)
-                goto end;
             const Font& f = style->font();
             bool isFixedPitch = f.isFixedPitch();
             bool canHyphenate = style->hyphens() == HyphensAuto && WebCore::canHyphenate(style->hyphenationLocale());

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list