[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

mitz at apple.com mitz at apple.com
Wed Dec 22 13:46:08 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit ae953cf7ed105906ca7b89d7761c00fcc59f00b8
Author: mitz at apple.com <mitz at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Sat Sep 25 17:34:01 2010 +0000

    <rdar://problem/8478160> Null deref in InlineBox::height()
    https://bugs.webkit.org/show_bug.cgi?id=45344
    
    Reviewed by John Sullivan.
    
    WebCore:
    
    Test: fast/css/first-line-parent-style-different.html
    
    * rendering/RenderObject.cpp:
    (WebCore::RenderObject::firstLineStyleSlowCase): Set the pseudo style bit on the RenderStyle
    which is going to supply the first-line style rather than on this object’s RenderStyle. The
    styles may differ.
    
    LayoutTests:
    
    * fast/css/first-line-parent-style-different-expected.txt: Added.
    * fast/css/first-line-parent-style-different.html: Added.
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@68335 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 27851af..6c82566 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-09-25  Dan Bernstein  <mitz at apple.com>
+
+        Reviewed by John Sullivan.
+
+        <rdar://problem/8478160> Null deref in InlineBox::height()
+        https://bugs.webkit.org/show_bug.cgi?id=45344
+
+        * fast/css/first-line-parent-style-different-expected.txt: Added.
+        * fast/css/first-line-parent-style-different.html: Added.
+
 2010-09-25  Andreas Kling  <andreas.kling at nokia.com>
 
         Unreviewed, Qt rebaseline after r68331 which fixed dash offset rendering.
diff --git a/LayoutTests/fast/css/first-line-parent-style-different-expected.txt b/LayoutTests/fast/css/first-line-parent-style-different-expected.txt
new file mode 100644
index 0000000..d898c3e
--- /dev/null
+++ b/LayoutTests/fast/css/first-line-parent-style-different-expected.txt
@@ -0,0 +1,7 @@
+Test for https://bugs.webkit.org/show_bug.cgi?id=45344 Null deref in InlineBox::height().
+
+This test should not crash.
+
+
+
+
diff --git a/LayoutTests/fast/css/first-line-parent-style-different.html b/LayoutTests/fast/css/first-line-parent-style-different.html
new file mode 100644
index 0000000..9907ba5
--- /dev/null
+++ b/LayoutTests/fast/css/first-line-parent-style-different.html
@@ -0,0 +1,20 @@
+<style>
+    #dummy:nth-child(3) { }
+    #container:first-line { color: blue; }
+</style>
+<p>
+    Test for <i><a href="https://bugs.webkit.org/show_bug.cgi?id=45344">https://bugs.webkit.org/show_bug.cgi?id=45344</a>
+    Null deref in InlineBox::height()</i>.
+</p>
+<p>
+    This test should not crash.
+</p>
+<div contentEditable>
+    <img id="dummy">
+    <div id="container"><span id="target"><br></span></div>
+</div>
+<script>
+    if (window.layoutTestController)
+        layoutTestController.dumpAsText();
+    document.getElementById("container").parentNode.focus();
+</script>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 54d6310..b4a75aa 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -2,6 +2,20 @@
 
         Reviewed by John Sullivan.
 
+        <rdar://problem/8478160> Null deref in InlineBox::height()
+        https://bugs.webkit.org/show_bug.cgi?id=45344
+
+        Test: fast/css/first-line-parent-style-different.html
+
+        * rendering/RenderObject.cpp:
+        (WebCore::RenderObject::firstLineStyleSlowCase): Set the pseudo style bit on the RenderStyle
+        which is going to supply the first-line style rather than on this object’s RenderStyle. The
+        styles may differ.
+
+2010-09-25  Dan Bernstein  <mitz at apple.com>
+
+        Reviewed by John Sullivan.
+
         <rdar://problem/8478182> Make canHyphenate() return false for unsupported locales
 
         No change in functionality, hence no new test.
diff --git a/WebCore/rendering/RenderObject.cpp b/WebCore/rendering/RenderObject.cpp
index 9a60ea6..fd0b394 100644
--- a/WebCore/rendering/RenderObject.cpp
+++ b/WebCore/rendering/RenderObject.cpp
@@ -2342,7 +2342,7 @@ RenderStyle* RenderObject::firstLineStyleSlowCase() const
         RenderStyle* parentStyle = renderer->parent()->firstLineStyle();
         if (parentStyle != renderer->parent()->style()) {
             // A first-line style is in effect. Cache a first-line style for ourselves.
-            style->setHasPseudoStyle(FIRST_LINE_INHERITED);
+            renderer->style()->setHasPseudoStyle(FIRST_LINE_INHERITED);
             style = renderer->getCachedPseudoStyle(FIRST_LINE_INHERITED, parentStyle);
         }
     }

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list