[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.17-1283-gcf603cf

hamaji at chromium.org hamaji at chromium.org
Tue Jan 5 23:53:16 UTC 2010 

The following commit has been merged in the webkit-1.1 branch:
commit 34678514963f9545546fd7a445ab47518d88543f
Author: hamaji at chromium.org <hamaji at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Dec 18 05:42:26 2009 +0000

    2009-12-17  Shinichiro Hamaji  <hamaji at chromium.org>
    
            Reviewed by Dan Bernstein.
    
            marquee with display:inline causes crash
            https://bugs.webkit.org/show_bug.cgi?id=32374
    
            * fast/inline/inline-marquee-crash-expected.txt: Added.
            * fast/inline/inline-marquee-crash.html: Added.
    2009-12-17  Shinichiro Hamaji  <hamaji at chromium.org>
    
            Reviewed by Dan Bernstein.
    
            marquee with display:inline causes crash
            https://bugs.webkit.org/show_bug.cgi?id=32374
    
            Test: fast/inline/inline-marquee-crash.html
    
            * html/HTMLMarqueeElement.cpp:
            (WebCore::HTMLMarqueeElement::start):
            (WebCore::HTMLMarqueeElement::stop):
            (WebCore::HTMLMarqueeElement::suspend):
            (WebCore::HTMLMarqueeElement::resume):
            (WebCore::HTMLMarqueeElement::renderMarquee):
            * html/HTMLMarqueeElement.h:
            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::styleChanged):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@52299 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index c29e6a5..b839819 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2009-12-17  Shinichiro Hamaji  <hamaji at chromium.org>
+
+        Reviewed by Dan Bernstein.
+
+        marquee with display:inline causes crash
+        https://bugs.webkit.org/show_bug.cgi?id=32374
+
+        * fast/inline/inline-marquee-crash-expected.txt: Added.
+        * fast/inline/inline-marquee-crash.html: Added.
+
 2009-12-17  Fumitoshi Ukai  <ukai at chromium.org>
 
         Unreviewed. Unskip websocket tests
diff --git a/LayoutTests/fast/css-generated-content/absolute-position-inside-inline-expected.txt b/LayoutTests/fast/inline/inline-marquee-crash-expected.txt
similarity index 100%
copy from LayoutTests/fast/css-generated-content/absolute-position-inside-inline-expected.txt
copy to LayoutTests/fast/inline/inline-marquee-crash-expected.txt
diff --git a/LayoutTests/fast/inline/inline-marquee-crash.html b/LayoutTests/fast/inline/inline-marquee-crash.html
new file mode 100644
index 0000000..1435e4b
--- /dev/null
+++ b/LayoutTests/fast/inline/inline-marquee-crash.html
@@ -0,0 +1,16 @@
+<html>
+<head>
+<title>inline marquee causes crashes</title>
+<script>
+  if (window.layoutTestController)
+      layoutTestController.dumpAsText();
+</script>
+</head>
+
+<body>
+  <div style="opacity: 0.9;">
+    <marquee style="opacity: 0.9; display: inline;">No crash means PASS</marquee>
+  </div>
+</body>
+
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index f7f3c9f..dd318a1 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,22 @@
+2009-12-17  Shinichiro Hamaji  <hamaji at chromium.org>
+
+        Reviewed by Dan Bernstein.
+
+        marquee with display:inline causes crash
+        https://bugs.webkit.org/show_bug.cgi?id=32374
+
+        Test: fast/inline/inline-marquee-crash.html
+
+        * html/HTMLMarqueeElement.cpp:
+        (WebCore::HTMLMarqueeElement::start):
+        (WebCore::HTMLMarqueeElement::stop):
+        (WebCore::HTMLMarqueeElement::suspend):
+        (WebCore::HTMLMarqueeElement::resume):
+        (WebCore::HTMLMarqueeElement::renderMarquee):
+        * html/HTMLMarqueeElement.h:
+        * rendering/RenderLayer.cpp:
+        (WebCore::RenderLayer::styleChanged):
+
 2009-12-17  Zoltan Horvath  <zoltan at webkit.org>
 
         Reviewed by Darin Adler.
diff --git a/WebCore/html/HTMLMarqueeElement.cpp b/WebCore/html/HTMLMarqueeElement.cpp
index 0cb6501..7c16f16 100644
--- a/WebCore/html/HTMLMarqueeElement.cpp
+++ b/WebCore/html/HTMLMarqueeElement.cpp
@@ -112,14 +112,14 @@ void HTMLMarqueeElement::parseMappedAttribute(MappedAttribute *attr)
 
 void HTMLMarqueeElement::start()
 {
-    if (renderer() && renderer()->hasLayer() && renderBox()->layer()->marquee())
-        renderBox()->layer()->marquee()->start();
+    if (RenderMarquee* marqueeRenderer = renderMarquee())
+        marqueeRenderer->start();
 }
 
 void HTMLMarqueeElement::stop()
 {
-    if (renderer() && renderer()->hasLayer() && renderBox()->layer()->marquee())
-        renderBox()->layer()->marquee()->stop();
+    if (RenderMarquee* marqueeRenderer = renderMarquee())
+        marqueeRenderer->stop();
 }
 
 bool HTMLMarqueeElement::canSuspend() const
@@ -129,14 +129,21 @@ bool HTMLMarqueeElement::canSuspend() const
 
 void HTMLMarqueeElement::suspend()
 {
-    if (renderer() && renderer()->hasLayer() && renderBox()->layer()->marquee())
-        renderBox()->layer()->marquee()->suspend();
+    if (RenderMarquee* marqueeRenderer = renderMarquee())
+        marqueeRenderer->suspend();
 }
-    
+
 void HTMLMarqueeElement::resume()
 {
-    if (renderer() && renderer()->hasLayer() && renderBox()->layer()->marquee())
-        renderBox()->layer()->marquee()->updateMarqueePosition();
+    if (RenderMarquee* marqueeRenderer = renderMarquee())
+        marqueeRenderer->updateMarqueePosition();
+}
+
+RenderMarquee* HTMLMarqueeElement::renderMarquee() const
+{
+    if (renderer() && renderer()->hasLayer())
+        return renderBoxModelObject()->layer()->marquee();
+    return 0;
 }
 
 } // namespace WebCore
diff --git a/WebCore/html/HTMLMarqueeElement.h b/WebCore/html/HTMLMarqueeElement.h
index 2423fc6..9100e8f 100644
--- a/WebCore/html/HTMLMarqueeElement.h
+++ b/WebCore/html/HTMLMarqueeElement.h
@@ -28,6 +28,8 @@
 
 namespace WebCore {
 
+class RenderMarquee;
+
 class HTMLMarqueeElement : public HTMLElement, private ActiveDOMObject {
 public:
     HTMLMarqueeElement(const QualifiedName&, Document*);
@@ -51,6 +53,8 @@ private:
     virtual void suspend();
     virtual void resume();
 
+    RenderMarquee* renderMarquee() const;
+
     int m_minimumDelay;
 };
 
diff --git a/WebCore/rendering/RenderLayer.cpp b/WebCore/rendering/RenderLayer.cpp
index c1639f5..cbd7a78 100644
--- a/WebCore/rendering/RenderLayer.cpp
+++ b/WebCore/rendering/RenderLayer.cpp
@@ -3317,7 +3317,7 @@ void RenderLayer::styleChanged(StyleDifference diff, const RenderStyle*)
         dirtyStackingContextZOrderLists();
     }
 
-    if (renderer()->style()->overflowX() == OMARQUEE && renderer()->style()->marqueeBehavior() != MNONE) {
+    if (renderer()->style()->overflowX() == OMARQUEE && renderer()->style()->marqueeBehavior() != MNONE && renderer()->isBox()) {
         if (!m_marquee)
             m_marquee = new RenderMarquee(this);
         m_marquee->updateMarqueeStyle();

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list