[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.2.2-27-g91dab87
Gustavo Noronha Silva
gns at gnome.org
Thu Jul 15 21:13:34 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit 8b82d53163d6b0755727ebcef66501dbf4bf671e
Author: yaar at chromium.org <yaar at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed May 19 23:59:08 2010 +0000
2010-05-19 Abhishek Arya <inferno at chromium.org>
Reviewed by David Hyatt.
Check that the node is a text node before doing a static cast
to a Text class pointer.
https://bugs.webkit.org/show_bug.cgi?id=38626
Test: fast/text/text-transform-nontext-node-crash.xhtml
* rendering/RenderText.cpp:
(WebCore::RenderText::originalText):
* rendering/RenderTextFragment.cpp:
(WebCore::RenderTextFragment::originalText):
(WebCore::RenderTextFragment::previousCharacter):
2010-05-19 Abhishek Arya <inferno at chromium.org>
Reviewed by David Hyatt.
Tests that text transformation applied to a non-text node
does not result in crash.
https://bugs.webkit.org/show_bug.cgi?id=38626
* fast/text/text-transform-nontext-node-crash-expected.txt: Added.
* fast/text/text-transform-nontext-node-crash.xhtml: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@59795 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 8f4f1d7..b552baa 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,14 @@
+2010-05-19 Abhishek Arya <inferno at chromium.org>
+
+ Reviewed by David Hyatt.
+
+ Tests that text transformation applied to a non-text node
+ does not result in crash.
+ https://bugs.webkit.org/show_bug.cgi?id=38626
+
+ * fast/text/text-transform-nontext-node-crash-expected.txt: Added.
+ * fast/text/text-transform-nontext-node-crash.xhtml: Added.
+
2010-05-12 Abhishek Arya <inferno at chromium.org>
Reviewed by Darin Adler.
diff --git a/LayoutTests/fast/text/text-transform-nontext-node-crash-expected.txt b/LayoutTests/fast/text/text-transform-nontext-node-crash-expected.txt
new file mode 100644
index 0000000..8d36717
--- /dev/null
+++ b/LayoutTests/fast/text/text-transform-nontext-node-crash-expected.txt
@@ -0,0 +1,5 @@
+Tests that text transformation applied to a non-text node does not result in crash.
+
+PASS
+
+
diff --git a/LayoutTests/fast/text/text-transform-nontext-node-crash.xhtml b/LayoutTests/fast/text/text-transform-nontext-node-crash.xhtml
new file mode 100644
index 0000000..80e2512
--- /dev/null
+++ b/LayoutTests/fast/text/text-transform-nontext-node-crash.xhtml
@@ -0,0 +1,26 @@
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+function finish() {
+ document.getElementById("result").innerHTML = "PASS";
+}
+</script>
+</head>
+<body onload="finish()">
+<p>Tests that text transformation applied to a non-text node does not result in crash.</p>
+<div id="result"></div>
+<br>
+<style type="text/css">
+br {
+ text-transform: lowercase;
+}
+br:first-letter {
+ text-transform: lowercase;
+}
+</style>
+</br>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 1e3dd40..81fdeb0 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,19 @@
+2010-05-19 Abhishek Arya <inferno at chromium.org>
+
+ Reviewed by David Hyatt.
+
+ Check that the node is a text node before doing a static cast
+ to a Text class pointer.
+ https://bugs.webkit.org/show_bug.cgi?id=38626
+
+ Test: fast/text/text-transform-nontext-node-crash.xhtml
+
+ * rendering/RenderText.cpp:
+ (WebCore::RenderText::originalText):
+ * rendering/RenderTextFragment.cpp:
+ (WebCore::RenderTextFragment::originalText):
+ (WebCore::RenderTextFragment::previousCharacter):
+
2010-05-12 Abhishek Arya <inferno at chromium.org>
Reviewed by Darin Adler.
diff --git a/WebCore/rendering/RenderText.cpp b/WebCore/rendering/RenderText.cpp
index aa919e0..81f1dde 100644
--- a/WebCore/rendering/RenderText.cpp
+++ b/WebCore/rendering/RenderText.cpp
@@ -203,7 +203,7 @@ void RenderText::deleteTextBoxes()
PassRefPtr<StringImpl> RenderText::originalText() const
{
Node* e = node();
- return e ? static_cast<Text*>(e)->dataImpl() : 0;
+ return (e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : 0;
}
void RenderText::absoluteRects(Vector<IntRect>& rects, int tx, int ty)
diff --git a/WebCore/rendering/RenderTextFragment.cpp b/WebCore/rendering/RenderTextFragment.cpp
index f3398a3..1e15d66 100644
--- a/WebCore/rendering/RenderTextFragment.cpp
+++ b/WebCore/rendering/RenderTextFragment.cpp
@@ -47,7 +47,7 @@ RenderTextFragment::RenderTextFragment(Node* node, StringImpl* str)
PassRefPtr<StringImpl> RenderTextFragment::originalText() const
{
Node* e = node();
- RefPtr<StringImpl> result = (e ? static_cast<Text*>(e)->dataImpl() : contentString());
+ RefPtr<StringImpl> result = ((e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : contentString());
if (result && (start() > 0 || start() < result->length()))
result = result->substring(start(), end());
return result.release();
@@ -80,7 +80,7 @@ UChar RenderTextFragment::previousCharacter()
{
if (start()) {
Node* e = node();
- StringImpl* original = (e ? static_cast<Text*>(e)->dataImpl() : contentString());
+ StringImpl* original = ((e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : contentString());
if (original)
return (*original)[start() - 1];
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list