[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-10851-g50815da

commit-queue at webkit.org commit-queue at webkit.org
Wed Dec 22 18:21:36 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit 0c77be31081c61ef4f2d748b58db77588afa843c
Author: commit-queue at webkit.org <commit-queue at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Dec 10 05:44:36 2010 +0000

    2010-12-09  Sadrul Habib Chowdhury  <sadrul at chromium.org>
    
            Reviewed by Kent Tamura.
    
            Make sure a non-zero value is used for tile-width to avoid a crash
            https://bugs.webkit.org/show_bug.cgi?id=50341
    
            The scaled tile width can be very small at times (e.g. with 'style: font 1
            required'). So use a minimum width of 1 instead of using 0 (which leads to a
            crash).
    
            * fast/dom/HTMLProgressElement/progress-element-with-style-crash.html: Added.
            * fast/dom/HTMLProgressElement/progress-element-with-style-crash-expected.txt: Added.
    2010-12-09  Sadrul Habib Chowdhury  <sadrul at chromium.org>
    
            Reviewed by Kent Tamura.
    
            Make sure a non-zero value is used for tile-width to avoid a crash
            https://bugs.webkit.org/show_bug.cgi?id=50341
    
            The scaled tile width can be very small at times (e.g. with 'style: font 1
            required'). So use a minimum width of 1 instead of using 0 (which leads to a
            crash).
    
            Tests: fast/dom/HTMLProgressElement/progress-element-with-style-crash.html
    
            * rendering/RenderThemeChromiumSkia.cpp:
            (WebCore::RenderThemeChromiumSkia::paintProgressBar):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@73685 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 59082e0..56006d3 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,17 @@
+2010-12-09  Sadrul Habib Chowdhury  <sadrul at chromium.org>
+
+        Reviewed by Kent Tamura.
+
+        Make sure a non-zero value is used for tile-width to avoid a crash
+        https://bugs.webkit.org/show_bug.cgi?id=50341
+
+        The scaled tile width can be very small at times (e.g. with 'style: font 1
+        required'). So use a minimum width of 1 instead of using 0 (which leads to a
+        crash).
+
+        * fast/dom/HTMLProgressElement/progress-element-with-style-crash.html: Added.
+        * fast/dom/HTMLProgressElement/progress-element-with-style-crash-expected.txt: Added.
+
 2010-12-09  Ryosuke Niwa  <rniwa at webkit.org>
 
         Reviewed by Ojan Vafai.
diff --git a/LayoutTests/fast/dom/HTMLProgressElement/progress-element-with-style-crash-expected.txt b/LayoutTests/fast/dom/HTMLProgressElement/progress-element-with-style-crash-expected.txt
new file mode 100644
index 0000000..3ad1103
--- /dev/null
+++ b/LayoutTests/fast/dom/HTMLProgressElement/progress-element-with-style-crash-expected.txt
@@ -0,0 +1,3 @@
+Test for Bug 50341. It is not OK to crash.
+
+
diff --git a/LayoutTests/fast/dom/HTMLProgressElement/progress-element-with-style-crash.html b/LayoutTests/fast/dom/HTMLProgressElement/progress-element-with-style-crash.html
new file mode 100644
index 0000000..cb4214a
--- /dev/null
+++ b/LayoutTests/fast/dom/HTMLProgressElement/progress-element-with-style-crash.html
@@ -0,0 +1,23 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+function test() {
+    // It is necessary to allow some time for the progress bar to render the
+    // progress and produce the crash.
+    window.setTimeout(function() {
+          if (window.layoutTestController)
+              layoutTestController.notifyDone();
+    }, 10);
+}
+</script>
+</head>
+<body onload="test();">
+  <h1>Test for <a href="https://bugs.webkit.org/show_bug.cgi?id=50341">Bug 50341</a>. It is not OK to crash.</h1>
+  <progress style='font: 1 required'/>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 7e68079..beb949a 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,19 @@
+2010-12-09  Sadrul Habib Chowdhury  <sadrul at chromium.org>
+
+        Reviewed by Kent Tamura.
+
+        Make sure a non-zero value is used for tile-width to avoid a crash
+        https://bugs.webkit.org/show_bug.cgi?id=50341
+
+        The scaled tile width can be very small at times (e.g. with 'style: font 1
+        required'). So use a minimum width of 1 instead of using 0 (which leads to a
+        crash).
+
+        Tests: fast/dom/HTMLProgressElement/progress-element-with-style-crash.html
+
+        * rendering/RenderThemeChromiumSkia.cpp:
+        (WebCore::RenderThemeChromiumSkia::paintProgressBar):
+
 2010-12-09  Ryosuke Niwa  <rniwa at webkit.org>
 
         Reviewed by Ojan Vafai.
diff --git a/WebCore/rendering/RenderThemeChromiumSkia.cpp b/WebCore/rendering/RenderThemeChromiumSkia.cpp
index 7f664eb..9824851 100644
--- a/WebCore/rendering/RenderThemeChromiumSkia.cpp
+++ b/WebCore/rendering/RenderThemeChromiumSkia.cpp
@@ -840,7 +840,8 @@ bool RenderThemeChromiumSkia::paintProgressBar(RenderObject* renderObject, const
     IntRect valueRect = progressValueRectFor(renderProgress, rect);
     if (valueRect.width()) {
 
-        IntSize valueTileSize(static_cast<int>(valueImage->width() * tileScale), valueRect.height());
+        IntSize valueTileSize(std::max(1, static_cast<int>(valueImage->width() * tileScale)), valueRect.height());
+
         int leftOffset = valueRect.x() - rect.x();
         int roundedLeftOffset= (leftOffset / valueTileSize.width()) * valueTileSize.width();
         int dstLeftValueWidth = roundedLeftOffset - leftOffset + (leftOffset % valueImage->width()) ? valueTileSize.width() : 0;

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list