[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
inferno at chromium.org
inferno at chromium.org
Wed Dec 22 13:37:06 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 59f537f978959b8eb7ea7bea37093121d50ab14a
Author: inferno at chromium.org <inferno at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Sep 21 18:16:08 2010 +0000
2010-09-21 Abhishek Arya <inferno at chromium.org>
Reviewed by Dave Hyatt.
Take isValueList() checks out of the asserts for memory safety.
https://bugs.webkit.org/show_bug.cgi?id=46194
Test: editing/execCommand/apply-style-text-decoration-crash.html
* editing/ApplyStyleCommand.cpp:
(WebCore::StyleChange::extractTextStyles):
(WebCore::ApplyStyleCommand::applyInlineStyleToPushDown):
2010-09-21 Abhishek Arya <inferno at chromium.org>
Reviewed by Dave Hyatt.
Tests that applying a text decoration style does not result in crash.
https://bugs.webkit.org/show_bug.cgi?id=46194
* editing/execCommand/apply-style-text-decoration-crash-expected.txt: Added.
* editing/execCommand/apply-style-text-decoration-crash.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@67967 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 430ce94..8002e01 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-09-21 Abhishek Arya <inferno at chromium.org>
+
+ Reviewed by Dave Hyatt.
+
+ Tests that applying a text decoration style does not result in crash.
+ https://bugs.webkit.org/show_bug.cgi?id=46194
+
+ * editing/execCommand/apply-style-text-decoration-crash-expected.txt: Added.
+ * editing/execCommand/apply-style-text-decoration-crash.html: Added.
+
2010-09-21 Adam Barth <abarth at webkit.org>
Reviewed by Darin Adler.
diff --git a/LayoutTests/editing/execCommand/apply-style-text-decoration-crash-expected.txt b/LayoutTests/editing/execCommand/apply-style-text-decoration-crash-expected.txt
new file mode 100644
index 0000000..de41c88
--- /dev/null
+++ b/LayoutTests/editing/execCommand/apply-style-text-decoration-crash-expected.txt
@@ -0,0 +1,4 @@
+PASS
+
+
+
diff --git a/LayoutTests/editing/execCommand/apply-style-text-decoration-crash.html b/LayoutTests/editing/execCommand/apply-style-text-decoration-crash.html
new file mode 100644
index 0000000..a3d00ea
--- /dev/null
+++ b/LayoutTests/editing/execCommand/apply-style-text-decoration-crash.html
@@ -0,0 +1,20 @@
+<html>
+ <script>
+ function runTest()
+ {
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+ window.getSelection().setBaseAndExtent(start, 0, null, 0);
+ document.execCommand("Indent");
+ document.getElementById("result").innerHTML = "PASS";
+ }
+ </script>
+ <body onLoad="runTest();">
+ <p id="result"></p>
+ <div contenteditable="true" id="start" style="text-decoration: none;">
+ <hr style="text-align: right;"/>
+ </div>
+ </body>
+</html>
+
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 712db61..daf2cd3 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,16 @@
+2010-09-21 Abhishek Arya <inferno at chromium.org>
+
+ Reviewed by Dave Hyatt.
+
+ Take isValueList() checks out of the asserts for memory safety.
+ https://bugs.webkit.org/show_bug.cgi?id=46194
+
+ Test: editing/execCommand/apply-style-text-decoration-crash.html
+
+ * editing/ApplyStyleCommand.cpp:
+ (WebCore::StyleChange::extractTextStyles):
+ (WebCore::ApplyStyleCommand::applyInlineStyleToPushDown):
+
2010-09-21 Vangelis Kokkevis <vangelis at chromium.org>
Reviewed by Kenneth Russell.
diff --git a/WebCore/editing/ApplyStyleCommand.cpp b/WebCore/editing/ApplyStyleCommand.cpp
index b2e93ec..a1270ac 100644
--- a/WebCore/editing/ApplyStyleCommand.cpp
+++ b/WebCore/editing/ApplyStyleCommand.cpp
@@ -221,8 +221,8 @@ void StyleChange::extractTextStyles(Document* document, CSSMutableStyleDeclarati
// Assuming reconcileTextDecorationProperties has been called, there should not be -webkit-text-decorations-in-effect
// Furthermore, text-decoration: none has been trimmed so that text-decoration property is always a CSSValueList.
- if (RefPtr<CSSValue> textDecoration = style->getPropertyCSSValue(CSSPropertyTextDecoration)) {
- ASSERT(textDecoration->isValueList());
+ RefPtr<CSSValue> textDecoration = style->getPropertyCSSValue(CSSPropertyTextDecoration);
+ if (textDecoration && textDecoration->isValueList()) {
DEFINE_STATIC_LOCAL(RefPtr<CSSPrimitiveValue>, underline, (CSSPrimitiveValue::createIdentifier(CSSValueUnderline)));
DEFINE_STATIC_LOCAL(RefPtr<CSSPrimitiveValue>, lineThrough, (CSSPrimitiveValue::createIdentifier(CSSValueLineThrough)));
@@ -1437,11 +1437,9 @@ void ApplyStyleCommand::applyInlineStyleToPushDown(Node* node, CSSMutableStyleDe
newInlineStyle->setProperty(it->id(), it->value()->cssText(), it->isImportant(), ec);
// text-decorations adds up
- if (it->id() == CSSPropertyTextDecoration) {
- ASSERT(it->value()->isValueList());
+ if (it->id() == CSSPropertyTextDecoration && it->value()->isValueList()) {
RefPtr<CSSValue> textDecoration = newInlineStyle->getPropertyCSSValue(CSSPropertyTextDecoration);
- if (textDecoration) {
- ASSERT(textDecoration->isValueList());
+ if (textDecoration && textDecoration->isValueList()) {
CSSValueList* textDecorationOfInlineStyle = static_cast<CSSValueList*>(textDecoration.get());
CSSValueList* textDecorationOfStyleApplied = static_cast<CSSValueList*>(it->value());
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list