[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

rniwa at webkit.org rniwa at webkit.org
Wed Dec 22 14:59:22 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit 8ae5396e889916185ddb406f9ee6caec3f1c7487
Author: rniwa at webkit.org <rniwa at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Wed Oct 27 00:42:45 2010 +0000

    2010-10-26  Ryosuke Niwa  <rniwa at webkit.org>
    
            Reviewed by Kent Tamura.
    
            REGRESSION(r67170): crash in removeImplicitlyStyledElement
            https://bugs.webkit.org/show_bug.cgi?id=48389
    
            Fixed the crash by adding a null pointer check.
    
            Test: editing/style/invalid-font-size.html
    
            * editing/ApplyStyleCommand.cpp:
            (WebCore::ApplyStyleCommand::removeImplicitlyStyledElement):
    2010-10-26  Ryosuke Niwa  <rniwa at webkit.org>
    
            Reviewed by Kent Tamura.
    
            REGRESSION(r67170): crash in removeImplicitlyStyledElement
            https://bugs.webkit.org/show_bug.cgi?id=48389
    
            Added a test to ensure WebKit does not crash when changing the font size
            of text inside a font element with an invalid size attribute.
    
            * editing/style/invalid-font-size-expected.txt: Added.
            * editing/style/invalid-font-size.html: Added.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@70593 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 84f6bcd..ed6fc8c 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,16 @@
+2010-10-26  Ryosuke Niwa  <rniwa at webkit.org>
+
+        Reviewed by Kent Tamura.
+
+        REGRESSION(r67170): crash in removeImplicitlyStyledElement
+        https://bugs.webkit.org/show_bug.cgi?id=48389
+
+        Added a test to ensure WebKit does not crash when changing the font size
+        of text inside a font element with an invalid size attribute.
+
+        * editing/style/invalid-font-size-expected.txt: Added.
+        * editing/style/invalid-font-size.html: Added.
+
 2010-10-26  Stephen White  <senorblanco at chromium.org>
 
         Reviewed by Kenneth Russell.
diff --git a/LayoutTests/editing/style/invalid-font-size-expected.txt b/LayoutTests/editing/style/invalid-font-size-expected.txt
new file mode 100644
index 0000000..4520bf8
--- /dev/null
+++ b/LayoutTests/editing/style/invalid-font-size-expected.txt
@@ -0,0 +1,6 @@
+This tests applying font size to text inside a font element with an invalid size attribute.
+WebKit should not crash and there should be exactly one font element with size="4"
+| <font>
+|   class="Apple-style-span"
+|   size="4"
+|   "<#selection-anchor>hello<#selection-focus>"
diff --git a/LayoutTests/editing/style/invalid-font-size.html b/LayoutTests/editing/style/invalid-font-size.html
new file mode 100644
index 0000000..1049f60
--- /dev/null
+++ b/LayoutTests/editing/style/invalid-font-size.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script src="../../resources/dump-as-markup.js"></script>
+<div id="test" contenteditable><font size="x">hello</font></div>
+<script>
+
+Markup.description('This tests applying font size to text inside a font element with an invalid size attribute.\n' + 
+'WebKit should not crash and there should be exactly one font element with size="4"')
+var test = document.getElementById('test');
+window.getSelection().selectAllChildren(test);
+document.execCommand('fontSize', false, '4');
+Markup.dump(test);
+
+</script>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 73b86fb..fa5eb85 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,17 @@
+2010-10-26  Ryosuke Niwa  <rniwa at webkit.org>
+
+        Reviewed by Kent Tamura.
+
+        REGRESSION(r67170): crash in removeImplicitlyStyledElement
+        https://bugs.webkit.org/show_bug.cgi?id=48389
+
+        Fixed the crash by adding a null pointer check.
+
+        Test: editing/style/invalid-font-size.html
+
+        * editing/ApplyStyleCommand.cpp:
+        (WebCore::ApplyStyleCommand::removeImplicitlyStyledElement):
+
 2010-10-26  Dimitri Glazkov  <dglazkov at chromium.org>
 
         Unreviewed, rolling out r70573.
diff --git a/WebCore/editing/ApplyStyleCommand.cpp b/WebCore/editing/ApplyStyleCommand.cpp
index 273edb4..9187eb6 100644
--- a/WebCore/editing/ApplyStyleCommand.cpp
+++ b/WebCore/editing/ApplyStyleCommand.cpp
@@ -1360,7 +1360,7 @@ bool ApplyStyleCommand::removeImplicitlyStyledElement(CSSMutableStyleDeclaration
                 continue; // If CSS value is primitive, then skip if they are equal.
         }
 
-        if (extractedStyle)
+        if (extractedStyle && mapValue)
             extractedStyle->setProperty(equivalent.propertyID, mapValue->cssText());
 
         if (mode == RemoveNone)

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list