[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
rniwa at webkit.org
rniwa at webkit.org
Wed Dec 22 15:31:24 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit caa18c1b96a6e24b4739dfe719d0751b1e16c6d3
Author: rniwa at webkit.org <rniwa at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Nov 5 17:43:38 2010 +0000
2010-11-05 Ryosuke Niwa <rniwa at webkit.org>
Reviewed by Darin Adler.
Crash in ApplyStyleCommand::surroundNodeRangeWithElement
https://bugs.webkit.org/show_bug.cgi?id=48581
The crash was caused by a false assertion that we can always recover selection in
ApplyStyleCommand::removeInlineStyle. Fixed the crash by removing the assertion
and adding an early exit to the call site. Also converted raw pointers to RefPtr
in surroundNodeRangeWithElement and addInlineStyleIfNeeded.
Test (non-Mac platforms): editing/style/iframe-onload-crash.html
* editing/ApplyStyleCommand.cpp:
(WebCore::ApplyStyleCommand::applyInlineStyle):
(WebCore::ApplyStyleCommand::removeInlineStyle):
(WebCore::ApplyStyleCommand::surroundNodeRangeWithElement):
(WebCore::ApplyStyleCommand::addInlineStyleIfNeeded):
* editing/ApplyStyleCommand.h:
2010-11-04 Ryosuke Niwa <rniwa at webkit.org>
Reviewed by Darin Adler.
Re-enabled editing/style/iframe-onload-crash.html on Chromium, Qt, and Windows platforms.
* platform/chromium/test_expectations.txt:
* platform/qt/Skipped:
* platform/win/Skipped:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@71431 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 4e94992..e8eb5b5 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-11-04 Ryosuke Niwa <rniwa at webkit.org>
+
+ Reviewed by Darin Adler.
+
+ Re-enabled editing/style/iframe-onload-crash.html on Chromium, Qt, and Windows platforms.
+
+ * platform/chromium/test_expectations.txt:
+ * platform/qt/Skipped:
+ * platform/win/Skipped:
+
2010-11-04 Anders Carlsson <andersca at apple.com>
Reviewed by Oliver Hunt.
diff --git a/LayoutTests/platform/chromium/test_expectations.txt b/LayoutTests/platform/chromium/test_expectations.txt
index 2387588..6b560ff 100644
--- a/LayoutTests/platform/chromium/test_expectations.txt
+++ b/LayoutTests/platform/chromium/test_expectations.txt
@@ -3380,9 +3380,6 @@ BUG61799 : plugins/evaluate-js-after-removing-plugin-element.html = TEXT
// Fails because of http://trac.webkit.org/changeset/71268
BUG61824 : canvas/philip/tests/2d.pattern.image.string.html = TEXT
-// Test added in WK r71288 crashes on Windows and Linux
-BUG48973 WIN LINUX : editing/style/iframe-onload-crash.html = CRASH
-
// Added in r71317
BUG61978 WIN MAC : svg/animations/animate-path-nested-transforms.html = CRASH PASS
diff --git a/LayoutTests/platform/qt/Skipped b/LayoutTests/platform/qt/Skipped
index a15c405..bd75f0b 100644
--- a/LayoutTests/platform/qt/Skipped
+++ b/LayoutTests/platform/qt/Skipped
@@ -5464,10 +5464,6 @@ fast/images/webp-image-decoding.html
# https://bugs.webkit.org/show_bug.cgi?id=48958
svg/custom/text-zoom.xhtml
-# [Qt] REGRESSION (r71288): editing/style/iframe-onload-crash.html crashes
-# https://bugs.webkit.org/show_bug.cgi?id=48967
-editing/style/iframe-onload-crash.html
-
# [Qt] svg/animations/animate-path-nested-transforms.html fails
# https://bugs.webkit.org/show_bug.cgi?id=48987
svg/animations/animate-path-nested-transforms.html
diff --git a/LayoutTests/platform/win/Skipped b/LayoutTests/platform/win/Skipped
index c45561d..99f12dc 100644
--- a/LayoutTests/platform/win/Skipped
+++ b/LayoutTests/platform/win/Skipped
@@ -371,9 +371,6 @@ animations/play-state-suspend.html
http/tests/media/pdf-served-as-pdf.html
http/tests/media/video-cancel-load.html
-# Crash preceded by assertion failure http://webkit.org/b/48989
-editing/style/iframe-onload-crash.html
-
# Sometimes crashes http://webkit.org/b/48996
http/tests/websocket/tests/workers/close-in-onmessage-crash.html
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 3579a56..eef971d 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,24 @@
+2010-11-05 Ryosuke Niwa <rniwa at webkit.org>
+
+ Reviewed by Darin Adler.
+
+ Crash in ApplyStyleCommand::surroundNodeRangeWithElement
+ https://bugs.webkit.org/show_bug.cgi?id=48581
+
+ The crash was caused by a false assertion that we can always recover selection in
+ ApplyStyleCommand::removeInlineStyle. Fixed the crash by removing the assertion
+ and adding an early exit to the call site. Also converted raw pointers to RefPtr
+ in surroundNodeRangeWithElement and addInlineStyleIfNeeded.
+
+ Test (non-Mac platforms): editing/style/iframe-onload-crash.html
+
+ * editing/ApplyStyleCommand.cpp:
+ (WebCore::ApplyStyleCommand::applyInlineStyle):
+ (WebCore::ApplyStyleCommand::removeInlineStyle):
+ (WebCore::ApplyStyleCommand::surroundNodeRangeWithElement):
+ (WebCore::ApplyStyleCommand::addInlineStyleIfNeeded):
+ * editing/ApplyStyleCommand.h:
+
2010-11-04 Alexey Proskuryakov <ap at apple.com>
Reviewed by Darin Adler.
diff --git a/WebCore/editing/ApplyStyleCommand.cpp b/WebCore/editing/ApplyStyleCommand.cpp
index 7a2c6ea..230a789 100644
--- a/WebCore/editing/ApplyStyleCommand.cpp
+++ b/WebCore/editing/ApplyStyleCommand.cpp
@@ -1046,6 +1046,8 @@ void ApplyStyleCommand::applyInlineStyle(CSSMutableStyleDeclaration *style)
removeInlineStyle(styleWithoutEmbedding ? styleWithoutEmbedding.get() : style, removeStart, end);
start = startPosition();
end = endPosition();
+ if (start.isNull() || start.isOrphan() || end.isNull() || end.isOrphan())
+ return;
if (splitStart) {
if (mergeStartWithPreviousIfIdentical(start, end)) {
@@ -1659,9 +1661,7 @@ void ApplyStyleCommand::removeInlineStyle(PassRefPtr<CSSMutableStyleDeclaration>
break;
node = next.get();
}
-
- ASSERT(s.node()->inDocument());
- ASSERT(e.node()->inDocument());
+
updateStartEnd(s, e);
}
@@ -1860,18 +1860,19 @@ bool ApplyStyleCommand::mergeEndWithNextIfIdentical(const Position &start, const
return false;
}
-void ApplyStyleCommand::surroundNodeRangeWithElement(Node* startNode, Node* endNode, PassRefPtr<Element> elementToInsert)
+void ApplyStyleCommand::surroundNodeRangeWithElement(PassRefPtr<Node> passedStartNode, PassRefPtr<Node> endNode, PassRefPtr<Element> elementToInsert)
{
- ASSERT(startNode);
+ ASSERT(passedStartNode);
ASSERT(endNode);
ASSERT(elementToInsert);
+ RefPtr<Node> startNode = passedStartNode;
RefPtr<Element> element = elementToInsert;
insertNodeBefore(element, startNode);
-
- Node* node = startNode;
- while (1) {
- Node* next = node->nextSibling();
+
+ RefPtr<Node> node = startNode;
+ while (node) {
+ RefPtr<Node> next = node->nextSibling();
removeNode(node);
appendNode(node, element);
if (node == endNode)
@@ -1879,17 +1880,17 @@ void ApplyStyleCommand::surroundNodeRangeWithElement(Node* startNode, Node* endN
node = next;
}
- Node* nextSibling = element->nextSibling();
- Node* previousSibling = element->previousSibling();
+ RefPtr<Node> nextSibling = element->nextSibling();
+ RefPtr<Node> previousSibling = element->previousSibling();
if (nextSibling && nextSibling->isElementNode() && nextSibling->isContentEditable()
- && areIdenticalElements(element.get(), static_cast<Element*>(nextSibling)))
- mergeIdenticalElements(element, static_cast<Element*>(nextSibling));
+ && areIdenticalElements(element.get(), static_cast<Element*>(nextSibling.get())))
+ mergeIdenticalElements(element.get(), static_cast<Element*>(nextSibling.get()));
if (previousSibling && previousSibling->isElementNode() && previousSibling->isContentEditable()) {
Node* mergedElement = previousSibling->nextSibling();
if (mergedElement->isElementNode() && mergedElement->isContentEditable()
- && areIdenticalElements(static_cast<Element*>(previousSibling), static_cast<Element*>(mergedElement)))
- mergeIdenticalElements(static_cast<Element*>(previousSibling), static_cast<Element*>(mergedElement));
+ && areIdenticalElements(static_cast<Element*>(previousSibling.get()), static_cast<Element*>(mergedElement)))
+ mergeIdenticalElements(static_cast<Element*>(previousSibling.get()), static_cast<Element*>(mergedElement));
}
// FIXME: We should probably call updateStartEnd if the start or end was in the node
@@ -1911,17 +1912,22 @@ void ApplyStyleCommand::addBlockStyle(const StyleChange& styleChange, HTMLElemen
setNodeAttribute(block, styleAttr, cssText);
}
-void ApplyStyleCommand::addInlineStyleIfNeeded(CSSMutableStyleDeclaration *style, Node *startNode, Node *endNode, EAddStyledElement addStyledElement)
+void ApplyStyleCommand::addInlineStyleIfNeeded(CSSMutableStyleDeclaration *style, PassRefPtr<Node> passedStart, PassRefPtr<Node> passedEnd, EAddStyledElement addStyledElement)
{
+ if (!passedStart || !passedEnd || !passedStart->inDocument() || !passedEnd->inDocument())
+ return;
+ RefPtr<Node> startNode = passedStart;
+ RefPtr<Node> endNode = passedEnd;
+
// It's okay to obtain the style at the startNode because we've removed all relevant styles from the current run.
RefPtr<HTMLElement> dummyElement;
Position positionForStyleComparison;
if (!startNode->isElementNode()) {
dummyElement = createStyleSpanElement(document());
- insertNodeAt(dummyElement, positionBeforeNode(startNode));
+ insertNodeAt(dummyElement, positionBeforeNode(startNode.get()));
positionForStyleComparison = positionBeforeNode(dummyElement.get());
} else
- positionForStyleComparison = firstPositionInNode(startNode);
+ positionForStyleComparison = firstPositionInNode(startNode.get());
StyleChange styleChange(style, positionForStyleComparison);
@@ -1931,7 +1937,7 @@ void ApplyStyleCommand::addInlineStyleIfNeeded(CSSMutableStyleDeclaration *style
// Find appropriate font and span elements top-down.
HTMLElement* fontContainer = 0;
HTMLElement* styleContainer = 0;
- for (Node* container = startNode; container && startNode == endNode; container = container->firstChild()) {
+ for (Node* container = startNode.get(); container && startNode == endNode; container = container->firstChild()) {
if (container->isHTMLElement() && container->hasTagName(fontTag))
fontContainer = static_cast<HTMLElement*>(container);
bool styleContainerIsNotSpan = !styleContainer || !styleContainer->hasTagName(spanTag);
diff --git a/WebCore/editing/ApplyStyleCommand.h b/WebCore/editing/ApplyStyleCommand.h
index 1ebd9f6..e4bdc6c 100644
--- a/WebCore/editing/ApplyStyleCommand.h
+++ b/WebCore/editing/ApplyStyleCommand.h
@@ -99,7 +99,7 @@ private:
void fixRangeAndApplyInlineStyle(CSSMutableStyleDeclaration*, const Position& start, const Position& end);
void applyInlineStyleToNodeRange(CSSMutableStyleDeclaration*, Node* startNode, Node* pastEndNode);
void addBlockStyle(const StyleChange&, HTMLElement*);
- void addInlineStyleIfNeeded(CSSMutableStyleDeclaration*, Node* start, Node* end, EAddStyledElement addStyledElement = AddStyledElement);
+ void addInlineStyleIfNeeded(CSSMutableStyleDeclaration*, PassRefPtr<Node> start, PassRefPtr<Node> end, EAddStyledElement addStyledElement = AddStyledElement);
void splitTextAtStart(const Position& start, const Position& end);
void splitTextAtEnd(const Position& start, const Position& end);
void splitTextElementAtStart(const Position& start, const Position& end);
@@ -110,7 +110,7 @@ private:
bool mergeEndWithNextIfIdentical(const Position& start, const Position& end);
void cleanupUnstyledAppleStyleSpans(Node* dummySpanAncestor);
- void surroundNodeRangeWithElement(Node* start, Node* end, PassRefPtr<Element>);
+ void surroundNodeRangeWithElement(PassRefPtr<Node> start, PassRefPtr<Node> end, PassRefPtr<Element>);
float computedFontSize(const Node*);
void joinChildTextNodes(Node*, const Position& start, const Position& end);
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list