[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
jamesr at google.com
jamesr at google.com
Wed Dec 22 13:37:57 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 94228c29240dac461da6d9024e989d3ab65d228e
Author: jamesr at google.com <jamesr at google.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Sep 22 01:08:21 2010 +0000
2010-09-21 Cosmin Truta <ctruta at chromium.org>
Reviewed by James Robinson.
RenderImage::intrinsicSizeChanged crashes when m_imageResource is missing
https://bugs.webkit.org/show_bug.cgi?id=46120
Test a style change applied to a zoomed image.
* css3/style-zoomed-image.html: Added.
* css3/style-zoomed-image-expected.txt: Added.
2010-09-21 Cosmin Truta <ctruta at chromium.org>
Reviewed by James Robinson.
RenderImage::intrinsicSizeChanged crashes when m_imageResource is missing
https://bugs.webkit.org/show_bug.cgi?id=46120
Avoid applying operator -> to m_imageResource when its underlying pointer is NULL.
* rendering/RenderImage.h:
(WebCore::RenderImage::intrinsicSizeChanged): Checked m_imageResource.
* html/HTMLImageElement.cpp:
(HTMLImageElement::createRenderer): Fixed indentation.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@68004 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 2240d51..80931f6 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2010-09-21 Cosmin Truta <ctruta at chromium.org>
+
+ Reviewed by James Robinson.
+
+ RenderImage::intrinsicSizeChanged crashes when m_imageResource is missing
+ https://bugs.webkit.org/show_bug.cgi?id=46120
+
+ Test a style change applied to a zoomed image.
+
+ * css3/style-zoomed-image.html: Added.
+ * css3/style-zoomed-image-expected.txt: Added.
+
2010-09-21 Dan Bernstein <mitz at apple.com>
Reviewed by Geoffrey Garen.
diff --git a/LayoutTests/css3/style-zoomed-image-expected.txt b/LayoutTests/css3/style-zoomed-image-expected.txt
new file mode 100644
index 0000000..e7192b8
--- /dev/null
+++ b/LayoutTests/css3/style-zoomed-image-expected.txt
@@ -0,0 +1,5 @@
+Test for Bug https://bugs.webkit.org/show_bug.cgi?id=46120.
+
+This test checks that setting the style on a zoomed image does not lead to a null pointer exception. The test passes if it does not cause a crash.
+
+
diff --git a/LayoutTests/css3/style-zoomed-image.html b/LayoutTests/css3/style-zoomed-image.html
new file mode 100644
index 0000000..fa83e14
--- /dev/null
+++ b/LayoutTests/css3/style-zoomed-image.html
@@ -0,0 +1,26 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<html>
+<head>
+<script>
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+</script>
+<style type="text/css">
+ div { zoom: 200%; width: 100px; height: 50px; }
+</style>
+</head>
+<body>
+<p>
+Test for <a href="https://bugs.webkit.org/show_bug.cgi?id=46120">Bug https://bugs.webkit.org/show_bug.cgi?id=46120</a>.
+</p>
+<p>
+This test checks that setting the style on a zoomed image does not lead to a null pointer exception.
+The test passes if it does not cause a crash.
+</p>
+<div id="inline">
+</div>
+<script>
+ document.getElementById("inline").setAttribute("style", "content: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA8AAAAPAQMAAAABGAcJAAAAA1BMVEUAgACc+aWRAAAADElEQVR42mNgIAEAAAAtAAH7KhMqAAAAAElFTkSuQmCC);");
+</script>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 665c32c..26c70e7 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,17 @@
+2010-09-21 Cosmin Truta <ctruta at chromium.org>
+
+ Reviewed by James Robinson.
+
+ RenderImage::intrinsicSizeChanged crashes when m_imageResource is missing
+ https://bugs.webkit.org/show_bug.cgi?id=46120
+
+ Avoid applying operator -> to m_imageResource when its underlying pointer is NULL.
+
+ * rendering/RenderImage.h:
+ (WebCore::RenderImage::intrinsicSizeChanged): Checked m_imageResource.
+ * html/HTMLImageElement.cpp:
+ (HTMLImageElement::createRenderer): Fixed indentation.
+
2010-09-21 Kenneth Russell <kbr at google.com>
Reviewed by James Robinson.
diff --git a/WebCore/html/HTMLImageElement.cpp b/WebCore/html/HTMLImageElement.cpp
index d223b1e..29ea592 100644
--- a/WebCore/html/HTMLImageElement.cpp
+++ b/WebCore/html/HTMLImageElement.cpp
@@ -180,7 +180,7 @@ String HTMLImageElement::altText() const
RenderObject* HTMLImageElement::createRenderer(RenderArena* arena, RenderStyle* style)
{
- if (style->contentData())
+ if (style->contentData())
return RenderObject::createObject(this, style);
RenderImage* image = new (arena) RenderImage(this);
diff --git a/WebCore/rendering/RenderImage.h b/WebCore/rendering/RenderImage.h
index f9acba8..96d2988 100644
--- a/WebCore/rendering/RenderImage.h
+++ b/WebCore/rendering/RenderImage.h
@@ -61,7 +61,11 @@ protected:
bool isWidthSpecified() const;
bool isHeightSpecified() const;
- virtual void intrinsicSizeChanged() { imageChanged(m_imageResource->imagePtr()); }
+ virtual void intrinsicSizeChanged()
+ {
+ if (m_imageResource)
+ imageChanged(m_imageResource->imagePtr());
+ }
private:
virtual const char* renderName() const { return "RenderImage"; }
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list