[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
simon.fraser at apple.com
simon.fraser at apple.com
Wed Dec 22 16:38:24 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 37bc5fa01bff0a809f30675b74a8c86ee5301d25
Author: simon.fraser at apple.com <simon.fraser at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Mon Nov 29 19:08:44 2010 +0000
2010-11-29 Simon Fraser <simon.fraser at apple.com>
Reviewed by Dan Bernstein.
Crash in WebCore::CSSStyleSelector::loadPendingImages
https://bugs.webkit.org/show_bug.cgi?id=50149
Null-check style->boxReflect() when loading pending style images.
Test: fast/reflections/pending-reflection-mask-crash.html
* css/CSSStyleSelector.cpp:
(WebCore::CSSStyleSelector::loadPendingImages):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@72814 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index e901674..348a726 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-11-29 Simon Fraser <simon.fraser at apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ Crash in WebCore::CSSStyleSelector::loadPendingImages
+ https://bugs.webkit.org/show_bug.cgi?id=50149
+
+ * fast/reflections/pending-reflection-mask-crash-expected.txt: Added.
+ * fast/reflections/pending-reflection-mask-crash.html: Added.
+
2010-11-28 Gavin Barraclough <barraclough at apple.com>
Reviewed by Sam Weinig.
diff --git a/LayoutTests/fast/reflections/pending-reflection-mask-crash-expected.txt b/LayoutTests/fast/reflections/pending-reflection-mask-crash-expected.txt
new file mode 100644
index 0000000..fc0660c
--- /dev/null
+++ b/LayoutTests/fast/reflections/pending-reflection-mask-crash-expected.txt
@@ -0,0 +1 @@
+This test should not crash.
diff --git a/LayoutTests/fast/reflections/pending-reflection-mask-crash.html b/LayoutTests/fast/reflections/pending-reflection-mask-crash.html
new file mode 100644
index 0000000..77bc3b2
--- /dev/null
+++ b/LayoutTests/fast/reflections/pending-reflection-mask-crash.html
@@ -0,0 +1,11 @@
+<style>
+ *{
+ -webkit-box-reflect: none !important;
+ -webkit-box-reflect: below 0 url(x);
+ }
+</style>
+<script>
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+</script>
+<p>This test should not crash.</p>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 2bba28f..32994e4 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,17 @@
+2010-11-29 Simon Fraser <simon.fraser at apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ Crash in WebCore::CSSStyleSelector::loadPendingImages
+ https://bugs.webkit.org/show_bug.cgi?id=50149
+
+ Null-check style->boxReflect() when loading pending style images.
+
+ Test: fast/reflections/pending-reflection-mask-crash.html
+
+ * css/CSSStyleSelector.cpp:
+ (WebCore::CSSStyleSelector::loadPendingImages):
+
2010-11-29 Pavel Feldman <pfeldman at chromium.org>
Reviewed by Yury Semikhatsky.
diff --git a/WebCore/css/CSSStyleSelector.cpp b/WebCore/css/CSSStyleSelector.cpp
index 1ff3bd5..2f2f3b5 100644
--- a/WebCore/css/CSSStyleSelector.cpp
+++ b/WebCore/css/CSSStyleSelector.cpp
@@ -6875,10 +6875,12 @@ void CSSStyleSelector::loadPendingImages()
}
case CSSPropertyWebkitBoxReflect: {
- const NinePieceImage& maskImage = m_style->boxReflect()->mask();
- if (maskImage.image() && maskImage.image()->isPendingImage()) {
- CSSImageValue* imageValue = static_cast<StylePendingImage*>(maskImage.image())->cssImageValue();
- m_style->boxReflect()->setMask(NinePieceImage(imageValue->cachedImage(cachedResourceLoader), maskImage.slices(), maskImage.horizontalRule(), maskImage.verticalRule()));
+ if (StyleReflection* reflection = m_style->boxReflect()) {
+ const NinePieceImage& maskImage = reflection->mask();
+ if (maskImage.image() && maskImage.image()->isPendingImage()) {
+ CSSImageValue* imageValue = static_cast<StylePendingImage*>(maskImage.image())->cssImageValue();
+ reflection->setMask(NinePieceImage(imageValue->cachedImage(cachedResourceLoader), maskImage.slices(), maskImage.horizontalRule(), maskImage.verticalRule()));
+ }
}
break;
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list