[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.2.2-27-g91dab87
Gustavo Noronha Silva
gns at gnome.org
Thu Jul 15 21:13:38 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit c93e62354c5b895e00fbc67ad1ae2806a3d2a9da
Author: bdakin at apple.com <bdakin at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri May 21 19:53:29 2010 +0000
WebCore: Fix for <rdar://problem/8009118> Crash in WebCore::toAlphabetic()
while running MangleMe
-and corresponding-
https://bugs.webkit.org/show_bug.cgi?id=39508
Reviewed by Darin Adler.
The math was slightly off here, and we wound up trying to access an
array at index -1 in some cases. We need to decrement numberShadow
rather than subtracting one from the result of the modulo
operation.
* rendering/RenderListMarker.cpp:
(WebCore::toAlphabeticOrNumeric):
LayoutTests: Test for <rdar://problem/8009118> Crash in WebCore::toAlphabetic()
while running MangleMe
-and corresponding-
https://bugs.webkit.org/show_bug.cgi?id=39508
Reviewed by Darin Adler.
* fast/lists/alpha-boundary-values.html: Added.
* platform/mac/fast/lists/alpha-boundary-values-expected.checksum: Added.
* platform/mac/fast/lists/alpha-boundary-values-expected.png: Added.
* platform/mac/fast/lists/alpha-boundary-values-expected.txt: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@59950 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 3a87c20..ac5177c 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,17 @@
+2010-05-21 Beth Dakin <bdakin at apple.com>
+
+ Reviewed by Darin Adler.
+
+ Test for <rdar://problem/8009118> Crash in WebCore::toAlphabetic()
+ while running MangleMe
+ -and corresponding-
+ https://bugs.webkit.org/show_bug.cgi?id=39508
+
+ * fast/lists/alpha-boundary-values.html: Added.
+ * platform/mac/fast/lists/alpha-boundary-values-expected.checksum: Added.
+ * platform/mac/fast/lists/alpha-boundary-values-expected.png: Added.
+ * platform/mac/fast/lists/alpha-boundary-values-expected.txt: Added.
+
2010-05-20 Dan Bernstein <mitz at apple.com>
Reviewed by Dave Hyatt.
diff --git a/LayoutTests/fast/lists/alpha-boundary-values.html b/LayoutTests/fast/lists/alpha-boundary-values.html
new file mode 100644
index 0000000..cb24611
--- /dev/null
+++ b/LayoutTests/fast/lists/alpha-boundary-values.html
@@ -0,0 +1,18 @@
+<ol style="position:absolute; left:50px;">
+<li value=1 type=A>
+<li value=2 type=A>
+<li value=25 type=A>
+<li value=26 type=A>
+<li value=27 type=A>
+<li value=28 type=A>
+<li value=676 type=A>
+<li value=677 type=A>
+<li value=678 type=A>
+<li value=702 type=A>
+<li value=703 type=A>
+<li value=704 type=A>
+<li value=18277 type=A>
+<li value=18278 type=A>
+<li value=18279 type=A>
+<li value=18280 type=A>
+<li value=18281 type=A>
diff --git a/LayoutTests/platform/mac/fast/lists/alpha-boundary-values-expected.checksum b/LayoutTests/platform/mac/fast/lists/alpha-boundary-values-expected.checksum
new file mode 100644
index 0000000..df4ce80
--- /dev/null
+++ b/LayoutTests/platform/mac/fast/lists/alpha-boundary-values-expected.checksum
@@ -0,0 +1 @@
+0782ad73e0b930a4652a37afbc6e60f9
\ No newline at end of file
diff --git a/LayoutTests/platform/mac/fast/lists/alpha-boundary-values-expected.png b/LayoutTests/platform/mac/fast/lists/alpha-boundary-values-expected.png
new file mode 100644
index 0000000..c8121eb
Binary files /dev/null and b/LayoutTests/platform/mac/fast/lists/alpha-boundary-values-expected.png differ
diff --git a/LayoutTests/platform/mac/fast/lists/alpha-boundary-values-expected.txt b/LayoutTests/platform/mac/fast/lists/alpha-boundary-values-expected.txt
new file mode 100644
index 0000000..dbfe0e3
--- /dev/null
+++ b/LayoutTests/platform/mac/fast/lists/alpha-boundary-values-expected.txt
@@ -0,0 +1,41 @@
+layer at (0,0) size 800x600
+ RenderView at (0,0) size 800x600
+layer at (0,0) size 800x600
+ RenderBlock {HTML} at (0,0) size 800x600
+ RenderBody {BODY} at (8,8) size 784x584
+layer at (50,24) size 40x306
+ RenderBlock (positioned) {OL} at (50,24) size 40x306
+ RenderListItem {LI} at (40,0) size 0x18
+ RenderListMarker at (-24,0) size 20x18: "A"
+ RenderListItem {LI} at (40,18) size 0x18
+ RenderListMarker at (-23,0) size 19x18: "B"
+ RenderListItem {LI} at (40,36) size 0x18
+ RenderListMarker at (-24,0) size 20x18: "Y"
+ RenderListItem {LI} at (40,54) size 0x18
+ RenderListMarker at (-22,0) size 18x18: "Z"
+ RenderListItem {LI} at (40,72) size 0x18
+ RenderListMarker at (-36,0) size 32x18: "AA"
+ RenderListItem {LI} at (40,90) size 0x18
+ RenderListMarker at (-35,0) size 31x18: "AB"
+ RenderListItem {LI} at (40,108) size 0x18
+ RenderListMarker at (-34,0) size 30x18: "YZ"
+ RenderListItem {LI} at (40,126) size 0x18
+ RenderListMarker at (-34,0) size 30x18: "ZA"
+ RenderListItem {LI} at (40,144) size 0x18
+ RenderListMarker at (-33,0) size 29x18: "ZB"
+ RenderListItem {LI} at (40,162) size 0x18
+ RenderListMarker at (-32,0) size 28x18: "ZZ"
+ RenderListItem {LI} at (40,180) size 0x18
+ RenderListMarker at (-48,0) size 44x18: "AAA"
+ RenderListItem {LI} at (40,198) size 0x18
+ RenderListMarker at (-47,0) size 43x18: "AAB"
+ RenderListItem {LI} at (40,216) size 0x18
+ RenderListMarker at (-44,0) size 40x18: "ZZY"
+ RenderListItem {LI} at (40,234) size 0x18
+ RenderListMarker at (-42,0) size 38x18: "ZZZ"
+ RenderListItem {LI} at (40,252) size 0x18
+ RenderListMarker at (-60,0) size 56x18: "AAAA"
+ RenderListItem {LI} at (40,270) size 0x18
+ RenderListMarker at (-59,0) size 55x18: "AAAB"
+ RenderListItem {LI} at (40,288) size 0x18
+ RenderListMarker at (-59,0) size 55x18: "AAAC"
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 7d8ca7e..08afadb 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,20 @@
+2010-05-21 Beth Dakin <bdakin at apple.com>
+
+ Reviewed by Darin Adler.
+
+ Fix for <rdar://problem/8009118> Crash in WebCore::toAlphabetic()
+ while running MangleMe
+ -and corresponding-
+ https://bugs.webkit.org/show_bug.cgi?id=39508
+
+ The math was slightly off here, and we wound up trying to access an
+ array at index -1 in some cases. We need to decrement numberShadow
+ rather than subtracting one from the result of the modulo
+ operation.
+
+ * rendering/RenderListMarker.cpp:
+ (WebCore::toAlphabeticOrNumeric):
+
2010-05-20 Marcus Bulach <bulach at chromium.org>
Reviewed by Steve Block.
diff --git a/WebCore/rendering/RenderListMarker.cpp b/WebCore/rendering/RenderListMarker.cpp
index d0353ee..6c8f769 100644
--- a/WebCore/rendering/RenderListMarker.cpp
+++ b/WebCore/rendering/RenderListMarker.cpp
@@ -101,8 +101,10 @@ static inline String toAlphabeticOrNumeric(int number, const UChar* sequence, in
int length = 1;
if (type == AlphabeticSequence) {
- while ((numberShadow /= sequenceSize) > 0)
- letters[lettersSize - ++length] = sequence[numberShadow % sequenceSize - 1];
+ while ((numberShadow /= sequenceSize) > 0) {
+ --numberShadow;
+ letters[lettersSize - ++length] = sequence[numberShadow % sequenceSize];
+ }
} else {
while ((numberShadow /= sequenceSize) > 0)
letters[lettersSize - ++length] = sequence[numberShadow % sequenceSize];
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list