[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.17-1283-gcf603cf
rolandsteiner at chromium.org
rolandsteiner at chromium.org
Tue Jan 5 23:50:36 UTC 2010
The following commit has been merged in the webkit-1.1 branch:
commit dd91830ae6596a438c1c1187f944eef90fa72bd7
Author: rolandsteiner at chromium.org <rolandsteiner at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Dec 16 02:02:12 2009 +0000
Fix crash when encountering illegal HTML within a continuation inside <ruby>.
(https://bugs.webkit.org/show_bug.cgi?id=32316)
Reviewed by Adam Barth.
Avoid having the anonymous blocks utilized in the ruby renderers being
re-used as continuation blocks.
Avoid having ruby runs collected as "leftover blocks".
Test: fast/ruby/ruby-illegal.html
WebCore:
* rendering/RenderRuby.h:
(WebCore::RenderRubyAsInline::removeLeftoverAnonymousBlock): mustn't be called
(WebCore::RenderRubyAsInline::isRuby): made private
(WebCore::RenderRubyAsInline::renderName): made private
(WebCore::RenderRubyAsInline::createsAnonymousWrapper): return true
(WebCore::RenderRubyAsBlock::removeLeftoverAnonymousBlock): mustn't be called
(WebCore::RenderRubyAsBlock::isRuby): made private
(WebCore::RenderRubyAsBlock::renderName): made private
(WebCore::RenderRubyAsBlock::createsAnonymousWrapper): return true
* rendering/RenderRubyRun.h:
(WebCore::RenderRubyRun::removeLeftoverAnonymousBlock): avoid
(WebCore::RenderRubyRun::isRubyRun): made private
(WebCore::RenderRubyRun::renderName): made private
(WebCore::RenderRubyRun::createsAnonymousWrapper): return true
LayoutTests:
* fast/ruby/ruby-illegal-expected.txt: Added.
* fast/ruby/ruby-illegal.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@52184 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index f7e0bf4..da82259 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,17 @@
+2009-12-13 Roland Steiner <rolandsteiner at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Fix crash when encountering illegal HTML within a continuation inside <ruby>.
+ (https://bugs.webkit.org/show_bug.cgi?id=32316)
+
+ Avoid having the anonymous blocks utilized in the ruby renderers being
+ re-used as continuation blocks.
+ Avoid having ruby runs collected as "leftover blocks".
+
+ * fast/ruby/ruby-illegal-expected.txt: Added.
+ * fast/ruby/ruby-illegal.html: Added.
+
2009-12-15 Dan Bernstein <mitz at apple.com>
Reviewed by Darin Adler.
diff --git a/LayoutTests/fast/ruby/ruby-illegal-expected.txt b/LayoutTests/fast/ruby/ruby-illegal-expected.txt
new file mode 100644
index 0000000..37f1c7b
--- /dev/null
+++ b/LayoutTests/fast/ruby/ruby-illegal-expected.txt
@@ -0,0 +1,5 @@
+SUCCESS!
+
+\x0e
+\x0e
+
diff --git a/LayoutTests/fast/ruby/ruby-illegal.html b/LayoutTests/fast/ruby/ruby-illegal.html
new file mode 100644
index 0000000..0622514
--- /dev/null
+++ b/LayoutTests/fast/ruby/ruby-illegal.html
@@ -0,0 +1,22 @@
+<html>
+<head>
+<script>
+function test()
+{
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+ document.getElementById("result").firstChild.data = 'SUCCESS!';
+}
+</script>
+</head>
+<body onload="test()">
+<div id="result">FAILED!</div>
+<!-- The following malformed (!) lines mustn't crash the renderer -->
+<div><blockQuote><ruby><i><noBR><form><input type=file></i></div>
+<div><ruby <table >\x0e</div>
+<div><ruby <table >\x0e<i</div>
+<div><samp><ruby <s<hr</samp></div>
+<div><samp><ruby <s<r<blockQuote</samp></div>
+<div><samp><ruby <s<hr<blockQuote</samp></div>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 4788cc6..e6a2a4b 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,31 @@
+2009-12-13 Roland Steiner <rolandsteiner at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Fix crash when encountering illegal HTML within a continuation inside <ruby>.
+ (https://bugs.webkit.org/show_bug.cgi?id=32316)
+
+ Avoid having the anonymous blocks utilized in the ruby renderers being
+ re-used as continuation blocks.
+ Avoid having ruby runs collected as "leftover blocks".
+
+ Test: fast/ruby/ruby-illegal.html
+
+ * rendering/RenderRuby.h:
+ (WebCore::RenderRubyAsInline::removeLeftoverAnonymousBlock): mustn't be called
+ (WebCore::RenderRubyAsInline::isRuby): made private
+ (WebCore::RenderRubyAsInline::renderName): made private
+ (WebCore::RenderRubyAsInline::createsAnonymousWrapper): return true
+ (WebCore::RenderRubyAsBlock::removeLeftoverAnonymousBlock): mustn't be called
+ (WebCore::RenderRubyAsBlock::isRuby): made private
+ (WebCore::RenderRubyAsBlock::renderName): made private
+ (WebCore::RenderRubyAsBlock::createsAnonymousWrapper): return true
+ * rendering/RenderRubyRun.h:
+ (WebCore::RenderRubyRun::removeLeftoverAnonymousBlock): avoid
+ (WebCore::RenderRubyRun::isRubyRun): made private
+ (WebCore::RenderRubyRun::renderName): made private
+ (WebCore::RenderRubyRun::createsAnonymousWrapper): return true
+
2009-12-15 Nate Chapin <japhet at chromium.org>
Reviewed by Darin Adler.
diff --git a/WebCore/rendering/RenderRuby.h b/WebCore/rendering/RenderRuby.h
index a74150c..49a84d8 100644
--- a/WebCore/rendering/RenderRuby.h
+++ b/WebCore/rendering/RenderRuby.h
@@ -54,13 +54,15 @@ public:
RenderRubyAsInline(Node*);
virtual ~RenderRubyAsInline();
- virtual const char* renderName() const { return "RenderRuby (inline)"; }
-
- virtual bool isRuby() const { return true; }
-
virtual bool isChildAllowed(RenderObject*, RenderStyle*) const;
virtual void addChild(RenderObject* child, RenderObject* beforeChild = 0);
virtual void removeChild(RenderObject* child);
+
+private:
+ virtual bool isRuby() const { return true; }
+ virtual const char* renderName() const { return "RenderRuby (inline)"; }
+ virtual bool createsAnonymousWrapper() const { return true; }
+ virtual void removeLeftoverAnonymousBlock(RenderBlock*) { ASSERT_NOT_REACHED(); }
};
// <ruby> when used as 'display:block' or 'display:inline-block'
@@ -69,13 +71,15 @@ public:
RenderRubyAsBlock(Node*);
virtual ~RenderRubyAsBlock();
- virtual const char* renderName() const { return "RenderRuby (block)"; }
-
- virtual bool isRuby() const { return true; }
-
virtual bool isChildAllowed(RenderObject*, RenderStyle*) const;
virtual void addChild(RenderObject* child, RenderObject* beforeChild = 0);
virtual void removeChild(RenderObject* child);
+
+private:
+ virtual bool isRuby() const { return true; }
+ virtual const char* renderName() const { return "RenderRuby (block)"; }
+ virtual bool createsAnonymousWrapper() const { return true; }
+ virtual void removeLeftoverAnonymousBlock(RenderBlock*) { ASSERT_NOT_REACHED(); }
};
} // namespace WebCore
diff --git a/WebCore/rendering/RenderRubyRun.h b/WebCore/rendering/RenderRubyRun.h
index 361dfe5..222ddb6 100644
--- a/WebCore/rendering/RenderRubyRun.h
+++ b/WebCore/rendering/RenderRubyRun.h
@@ -48,10 +48,6 @@ public:
virtual void destroy();
- virtual const char* renderName() const { return "RenderRubyRun (anonymous)"; }
-
- virtual bool isRubyRun() const { return true; }
-
bool hasRubyText() const;
bool hasRubyBase() const;
bool isEmpty() const;
@@ -70,8 +66,13 @@ public:
protected:
RenderRubyBase* createRubyBase() const;
-
+
private:
+ virtual bool isRubyRun() const { return true; }
+ virtual const char* renderName() const { return "RenderRubyRun (anonymous)"; }
+ virtual bool createsAnonymousWrapper() const { return true; }
+ virtual void removeLeftoverAnonymousBlock(RenderBlock*) { }
+
bool m_beingDestroyed;
};
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list