[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

inferno at chromium.org inferno at chromium.org
Wed Dec 22 13:46:15 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit 5637f221e8c17d280ee37f2664469b11d4f03766
Author: inferno at chromium.org <inferno at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Sun Sep 26 05:56:28 2010 +0000

    2010-09-25  Abhishek Arya  <inferno at chromium.org>
    
            Reviewed by Nikolas Zimmermann.
    
            Fix the macro to bail out after setting the SVG style to 'initial'. Check that color is
            SVGColor before calling colorFromSVGColorCSSValue which makes sure we don't set invalid
            color. Also, doing the static cast in the caller and keeping the function
            colorFromSVGColorCSSValue clean to accept only take SVGColor objects.
    
            https://bugs.webkit.org/show_bug.cgi?id=46471
    
            Test: svg/css/invalid-color-crash.svg
    
            * css/SVGCSSStyleSelector.cpp:
            (WebCore::colorFromSVGColorCSSValue):
            (WebCore::CSSStyleSelector::applySVGProperty):
    2010-09-25  Abhishek Arya  <inferno at chromium.org>
    
            Reviewed by Nikolas Zimmermann.
    
            Tests that we dont crash when setting color to initial for SVG.
            https://bugs.webkit.org/show_bug.cgi?id=46471
    
            * svg/css/invalid-color-crash-expected.txt: Added.
            * svg/css/invalid-color-crash.svg: Added.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@68340 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 35cdbe4..40d7ac7 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-09-25  Abhishek Arya  <inferno at chromium.org>
+
+        Reviewed by Nikolas Zimmermann.
+
+        Tests that we dont crash when setting color to initial for SVG.
+        https://bugs.webkit.org/show_bug.cgi?id=46471
+
+        * svg/css/invalid-color-crash-expected.txt: Added.
+        * svg/css/invalid-color-crash.svg: Added.
+
 2010-09-25  Mihai Parparita  <mihaip at chromium.org>
 
         Unreviewed Chromium drt_expectations.txt update.
diff --git a/LayoutTests/compositing/overflow/get-transform-from-non-box-container-expected.txt b/LayoutTests/svg/css/invalid-color-crash-expected.txt
similarity index 100%
copy from LayoutTests/compositing/overflow/get-transform-from-non-box-container-expected.txt
copy to LayoutTests/svg/css/invalid-color-crash-expected.txt
diff --git a/LayoutTests/svg/css/invalid-color-crash.svg b/LayoutTests/svg/css/invalid-color-crash.svg
new file mode 100644
index 0000000..bdb85ed
--- /dev/null
+++ b/LayoutTests/svg/css/invalid-color-crash.svg
@@ -0,0 +1,16 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http:/xlink">
+    <script>
+        <![CDATA[
+            if (window.layoutTestController)
+                layoutTestController.dumpAsText();
+        ]]>
+    </script>
+    <style type="text/css">
+        svg 
+        {
+            stop-color: initial;
+        }
+    </style>
+    <text id="myText1" fill="green" x="0" y="0">PASS</text>
+</svg>
+
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 57df732..878ddf2 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,20 @@
+2010-09-25  Abhishek Arya  <inferno at chromium.org>
+
+        Reviewed by Nikolas Zimmermann.
+
+        Fix the macro to bail out after setting the SVG style to 'initial'. Check that color is
+        SVGColor before calling colorFromSVGColorCSSValue which makes sure we don't set invalid
+        color. Also, doing the static cast in the caller and keeping the function
+        colorFromSVGColorCSSValue clean to accept only take SVGColor objects.
+        
+        https://bugs.webkit.org/show_bug.cgi?id=46471
+
+        Test: svg/css/invalid-color-crash.svg
+
+        * css/SVGCSSStyleSelector.cpp:
+        (WebCore::colorFromSVGColorCSSValue):
+        (WebCore::CSSStyleSelector::applySVGProperty):
+
 2010-09-25  Ryosuke Niwa  <rniwa at webkit.org>
 
         Reviewed by Tony Chang.
diff --git a/WebCore/css/SVGCSSStyleSelector.cpp b/WebCore/css/SVGCSSStyleSelector.cpp
index b8cc4f7..5ddaf99 100644
--- a/WebCore/css/SVGCSSStyleSelector.cpp
+++ b/WebCore/css/SVGCSSStyleSelector.cpp
@@ -48,15 +48,17 @@
 
 #define HANDLE_INHERIT(prop, Prop) \
 if (isInherit) \
-{\
-    svgstyle->set##Prop(m_parentStyle->svgStyle()->prop());\
-    return;\
+{ \
+    svgstyle->set##Prop(m_parentStyle->svgStyle()->prop()); \
+    return; \
 }
 
 #define HANDLE_INHERIT_AND_INITIAL(prop, Prop) \
 HANDLE_INHERIT(prop, Prop) \
-else if (isInitial) \
-    svgstyle->set##Prop(SVGRenderStyle::initial##Prop());
+if (isInitial) { \
+    svgstyle->set##Prop(SVGRenderStyle::initial##Prop()); \
+    return; \
+}
 
 namespace WebCore {
 
@@ -90,15 +92,13 @@ static int angleToGlyphOrientation(float angle)
     return -1;
 }
 
-static Color colorFromSVGColorCSSValue(CSSValue* value, const Color& fgColor)
+static Color colorFromSVGColorCSSValue(SVGColor* svgColor, const Color& fgColor)
 {
-    ASSERT(value->isSVGColor());
-    SVGColor* c = static_cast<SVGColor*>(value);
     Color color;
-    if (c->colorType() == SVGColor::SVG_COLORTYPE_CURRENTCOLOR)
+    if (svgColor->colorType() == SVGColor::SVG_COLORTYPE_CURRENTCOLOR)
         color = fgColor;
     else
-        color = c->color();
+        color = svgColor->color();
     return color;
 }
 
@@ -468,13 +468,15 @@ void CSSStyleSelector::applySVGProperty(int id, CSSValue* value)
         case CSSPropertyStopColor:
         {
             HANDLE_INHERIT_AND_INITIAL(stopColor, StopColor);
-            svgstyle->setStopColor(colorFromSVGColorCSSValue(value, m_style->color()));
+            if (value->isSVGColor())
+                svgstyle->setStopColor(colorFromSVGColorCSSValue(static_cast<SVGColor*>(value), m_style->color()));
             break;
         }
        case CSSPropertyLightingColor:
         {
             HANDLE_INHERIT_AND_INITIAL(lightingColor, LightingColor);
-            svgstyle->setLightingColor(colorFromSVGColorCSSValue(value, m_style->color()));
+            if (value->isSVGColor())
+                svgstyle->setLightingColor(colorFromSVGColorCSSValue(static_cast<SVGColor*>(value), m_style->color()));
             break;
         }
         case CSSPropertyFloodOpacity:
@@ -497,11 +499,9 @@ void CSSStyleSelector::applySVGProperty(int id, CSSValue* value)
         }
         case CSSPropertyFloodColor:
         {
-            if (isInitial) {
-                svgstyle->setFloodColor(SVGRenderStyle::initialFloodColor());
-                return;
-            }
-            svgstyle->setFloodColor(colorFromSVGColorCSSValue(value, m_style->color()));
+            HANDLE_INHERIT_AND_INITIAL(floodColor, FloodColor);
+            if (value->isSVGColor())
+                svgstyle->setFloodColor(colorFromSVGColorCSSValue(static_cast<SVGColor*>(value), m_style->color()));
             break;
         }
         case CSSPropertyGlyphOrientationHorizontal:

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list