[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.17-1283-gcf603cf
mitz at apple.com
mitz at apple.com
Tue Jan 5 23:48:35 UTC 2010
The following commit has been merged in the webkit-1.1 branch:
commit abd0e75a71e2ed017651e6374840e4fc883d2973
Author: mitz at apple.com <mitz at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Mon Dec 14 00:12:14 2009 +0000
<rdar://problem/7341364> Crash at HTMLParser::popOneBlockCommon() after
handling misnested residual style tags
Reviewed by Simon Fraser.
WebCore:
Test: fast/parser/residual-style-close-ref-clone.html
* html/HTMLParser.cpp:
(WebCore::HTMLParser::handleResidualStyleCloseTagAcrossBlocks): Gave the
block stack a strong reference to the cloned residual style element.
LayoutTests:
* fast/parser/residual-style-close-ref-clone-expected.txt: Added.
* fast/parser/residual-style-close-ref-clone.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@52073 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index b35175f..98d152e 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2009-12-13 Dan Bernstein <mitz at apple.com>
+
+ Reviewed by Simon Fraser.
+
+ <rdar://problem/7341364> Crash at HTMLParser::popOneBlockCommon() after
+ handling misnested residual style tags
+
+ * fast/parser/residual-style-close-ref-clone-expected.txt: Added.
+ * fast/parser/residual-style-close-ref-clone.html: Added.
+
2009-12-13 Adele Peterson <adele at apple.com>
Reviewed by Sam Weinig.
diff --git a/LayoutTests/fast/parser/residual-style-close-ref-clone-expected.txt b/LayoutTests/fast/parser/residual-style-close-ref-clone-expected.txt
new file mode 100644
index 0000000..881b957
--- /dev/null
+++ b/LayoutTests/fast/parser/residual-style-close-ref-clone-expected.txt
@@ -0,0 +1,5 @@
+Test for rdar://problem/7341364 Crash at HTMLParser::popOneBlockCommon() after handling misnested residual style tags.
+
+No crash means PASS.
+
+
diff --git a/LayoutTests/fast/parser/residual-style-close-ref-clone.html b/LayoutTests/fast/parser/residual-style-close-ref-clone.html
new file mode 100644
index 0000000..0e2bd8a
--- /dev/null
+++ b/LayoutTests/fast/parser/residual-style-close-ref-clone.html
@@ -0,0 +1,20 @@
+<p>
+ Test for <i><a href="rdar://problem/7341364">rdar://problem/7341364</a>
+ Crash at HTMLParser::popOneBlockCommon() after handling misnested residual
+ style tags</i>.
+</p>
+<p>
+ No crash means PASS.
+</p>
+<b> <!-- residual style element -->
+ <h1 id="target">
+ <span> <!-- can't put h2 diretly in h1 since it will get bumped out -->
+ <h2>
+ </b> <!-- closing residual style across blocks -->
+<script type="text/javascript">
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+ var target = document.getElementById("target");
+ target.innerHTML = "";
+</script>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index fd717fe..3d91653 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,16 @@
+2009-12-13 Dan Bernstein <mitz at apple.com>
+
+ Reviewed by Simon Fraser.
+
+ <rdar://problem/7341364> Crash at HTMLParser::popOneBlockCommon() after
+ handling misnested residual style tags
+
+ Test: fast/parser/residual-style-close-ref-clone.html
+
+ * html/HTMLParser.cpp:
+ (WebCore::HTMLParser::handleResidualStyleCloseTagAcrossBlocks): Gave the
+ block stack a strong reference to the cloned residual style element.
+
2009-12-13 Adele Peterson <adele at apple.com>
Reviewed by Sam Weinig.
diff --git a/WebCore/html/HTMLParser.cpp b/WebCore/html/HTMLParser.cpp
index f13c19b..88c6eb1 100644
--- a/WebCore/html/HTMLParser.cpp
+++ b/WebCore/html/HTMLParser.cpp
@@ -1290,7 +1290,8 @@ void HTMLParser::handleResidualStyleCloseTagAcrossBlocks(HTMLStackElem* elem)
prevMaxElem->next = elem;
ASSERT(newNodePtr);
prevMaxElem->node = newNodePtr;
- prevMaxElem->didRefNode = false;
+ newNodePtr->ref();
+ prevMaxElem->didRefNode = true;
} else
delete elem;
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list