[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

commit-queue at webkit.org commit-queue at webkit.org
Wed Dec 22 14:26:49 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit e21c9dda7fa46c9db6889b99696fe9b3d8042667
Author: commit-queue at webkit.org <commit-queue at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Oct 8 20:21:01 2010 +0000

    2010-10-08  James Kozianski  <koz at chromium.org>
    
            Reviewed by Simon Fraser.
    
            Crash on reload when CSS property 'content' has malformed URL.
            https://bugs.webkit.org/show_bug.cgi?id=47322
    
            Tests that we don't crash when navigating away from a page with a
            malformed URL as the value of a "content" CSS property.
    
            * fast/css-generated-content/malformed-url-expected.txt: Added.
            * fast/css-generated-content/malformed-url.html: Added.
            * fast/css-generated-content/resources/pass.html: Added.
    2010-10-08  James Kozianski  <koz at chromium.org>
    
            Reviewed by Simon Fraser.
    
            Crash on reload when CSS property 'content' has malformed URL.
            https://bugs.webkit.org/show_bug.cgi?id=47322
    
            Make CSSStyleSelector handle the case where a cached image can't be
            produced due to a malformed URL.
    
            Test: fast/css-generated-content/malformed-url.html
    
            * css/CSSStyleSelector.cpp:
            (WebCore::CSSStyleSelector::loadPendingImages):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@69418 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 4345819..881f9b6 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,17 @@
+2010-10-08  James Kozianski  <koz at chromium.org>
+
+        Reviewed by Simon Fraser.
+
+        Crash on reload when CSS property 'content' has malformed URL.
+        https://bugs.webkit.org/show_bug.cgi?id=47322
+
+        Tests that we don't crash when navigating away from a page with a
+        malformed URL as the value of a "content" CSS property.
+
+        * fast/css-generated-content/malformed-url-expected.txt: Added.
+        * fast/css-generated-content/malformed-url.html: Added.
+        * fast/css-generated-content/resources/pass.html: Added.
+
 2010-10-08  Albert J. Wong  <ajwong at chromium.org>
 
         [chromium] Unreviewed. Text expectation changes caused by r69386.
diff --git a/LayoutTests/compositing/overflow/get-transform-from-non-box-container-expected.txt b/LayoutTests/fast/css-generated-content/malformed-url-expected.txt
similarity index 100%
copy from LayoutTests/compositing/overflow/get-transform-from-non-box-container-expected.txt
copy to LayoutTests/fast/css-generated-content/malformed-url-expected.txt
diff --git a/LayoutTests/fast/css-generated-content/malformed-url.html b/LayoutTests/fast/css-generated-content/malformed-url.html
new file mode 100644
index 0000000..797b6d2
--- /dev/null
+++ b/LayoutTests/fast/css-generated-content/malformed-url.html
@@ -0,0 +1,14 @@
+<html>
+<div style="content:url(//%);"></div>              <!-- Crashes Chromium -->
+<div style="content:url(http://|server|/);"></div> <!-- Crashes debug WebKit -->
+An invalid URL in the "content" style property should not cause a crash when the browser navigates away from the page.
+
+FAIL - The browser should have navigated to resources/pass.html.
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+window.location.href = 'resources/pass.html';
+</script>
+</html>
diff --git a/LayoutTests/fast/css-generated-content/resources/pass.html b/LayoutTests/fast/css-generated-content/resources/pass.html
new file mode 100644
index 0000000..ea4e5c5
--- /dev/null
+++ b/LayoutTests/fast/css-generated-content/resources/pass.html
@@ -0,0 +1,7 @@
+<html>
+PASS
+<script>
+if (window.layoutTestController)
+    layoutTestController.notifyDone();
+</script>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index c247652..6adae22 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,18 @@
+2010-10-08  James Kozianski  <koz at chromium.org>
+
+        Reviewed by Simon Fraser.
+
+        Crash on reload when CSS property 'content' has malformed URL.
+        https://bugs.webkit.org/show_bug.cgi?id=47322
+
+        Make CSSStyleSelector handle the case where a cached image can't be
+        produced due to a malformed URL.
+
+        Test: fast/css-generated-content/malformed-url.html
+
+        * css/CSSStyleSelector.cpp:
+        (WebCore::CSSStyleSelector::loadPendingImages):
+
 2010-10-08  Dirk Schulze  <krit at webkit.org>
 
         Reviewed by Nikolas Zimmermann.
diff --git a/WebCore/css/CSSStyleSelector.cpp b/WebCore/css/CSSStyleSelector.cpp
index 5d22bfe..909d91c 100644
--- a/WebCore/css/CSSStyleSelector.cpp
+++ b/WebCore/css/CSSStyleSelector.cpp
@@ -6818,7 +6818,8 @@ void CSSStyleSelector::loadPendingImages()
                 for (ContentData* contentData = const_cast<ContentData*>(m_style->contentData()); contentData; contentData = contentData->next()) {
                     if (contentData->isImage() && contentData->image()->isPendingImage()) {
                         CSSImageValue* imageValue = static_cast<StylePendingImage*>(contentData->image())->cssImageValue();
-                        contentData->setImage(imageValue->cachedImage(cachedResourceLoader));
+                        if (StyleCachedImage* cachedImage = imageValue->cachedImage(cachedResourceLoader))
+                            contentData->setImage(cachedImage);
                     }
                 }
                 break;

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list