[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.2.3-2-60-g76add97

Gustavo Noronha Silva gns at gnome.org
Sun Oct 17 22:26:49 UTC 2010 

The following commit has been merged in the debian/unstable branch:
commit 82ad52c05cdb4b0c9fdc20e950a1f2d1ab74ca64
Author: ojan at chromium.org <ojan at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Jul 9 00:23:35 2010 +0000

    2010-07-02  Ojan Vafai  <ojan at chromium.org>
    
            Reviewed by Adam Barth.
    
            Crash in RenderObject::containingBlock when clearing selection in a display:none node.
            https://bugs.webkit.org/show_bug.cgi?id=41523
    
            * editing/selection/crash-on-clear-selection-expected.txt: Added.
            * editing/selection/crash-on-clear-selection.html: Added.
    2010-07-02  Ojan Vafai  <ojan at chromium.org>
    
            Reviewed by Adam Barth.
    
            Crash in RenderObject::containingBlock when clearing selection in a display:none node.
            https://bugs.webkit.org/show_bug.cgi?id=41523
    
            updateStyleIfNeeded before clearing the selection in the RenderView. Otherwise,
            m_selectionStart and m_selectionEnd in RenderView point to garbage object.
            This fixes the crash because updateStyleIfNeeded clears the selection before
            clobbering nodes that contain the selection.
    
            Test: editing/selection/crash-on-clear-selection.html
    
            * editing/SelectionController.cpp:
            (WebCore::SelectionController::updateAppearance):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@62873 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 456c32b..cd9ee7e 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-07-02  Ojan Vafai  <ojan at chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Crash in RenderObject::containingBlock when clearing selection in a display:none node.
+        https://bugs.webkit.org/show_bug.cgi?id=41523
+
+        * editing/selection/crash-on-clear-selection-expected.txt: Added.
+        * editing/selection/crash-on-clear-selection.html: Added.
+
 2010-06-23  Abhishek Arya  <inferno at chromium.org>
 
         Reviewed by Kenneth Rohde Christiansen.
diff --git a/LayoutTests/editing/selection/crash-on-clear-selection-expected.txt b/LayoutTests/editing/selection/crash-on-clear-selection-expected.txt
new file mode 100644
index 0000000..9d85fa9
--- /dev/null
+++ b/LayoutTests/editing/selection/crash-on-clear-selection-expected.txt
@@ -0,0 +1 @@
+If this doesn't crash, then the test passes.
diff --git a/LayoutTests/editing/selection/crash-on-clear-selection.html b/LayoutTests/editing/selection/crash-on-clear-selection.html
new file mode 100644
index 0000000..19fedae
--- /dev/null
+++ b/LayoutTests/editing/selection/crash-on-clear-selection.html
@@ -0,0 +1,12 @@
+If this doesn't crash, then the test passes.
+<div id=foo>foo</div>
+<script>
+    if (window.layoutTestController)
+        layoutTestController.dumpAsText();
+
+    var foo = document.getElementById('foo');
+    window.getSelection().selectAllChildren(foo);
+
+    foo.style.display = 'none';
+    window.getSelection().removeAllRanges();
+</script>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 1c58774..1ff99a2 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,20 @@
+2010-07-02  Ojan Vafai  <ojan at chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Crash in RenderObject::containingBlock when clearing selection in a display:none node.
+        https://bugs.webkit.org/show_bug.cgi?id=41523
+
+        updateStyleIfNeeded before clearing the selection in the RenderView. Otherwise,
+        m_selectionStart and m_selectionEnd in RenderView point to garbage object.
+        This fixes the crash because updateStyleIfNeeded clears the selection before
+        clobbering nodes that contain the selection.
+
+        Test: editing/selection/crash-on-clear-selection.html
+
+        * editing/SelectionController.cpp:
+        (WebCore::SelectionController::updateAppearance):
+
 2010-06-23  Abhishek Arya  <inferno at chromium.org>
 
         Reviewed by Kenneth Rohde Christiansen.
diff --git a/WebCore/editing/SelectionController.cpp b/WebCore/editing/SelectionController.cpp
index 38a6e7b..b365d1d 100644
--- a/WebCore/editing/SelectionController.cpp
+++ b/WebCore/editing/SelectionController.cpp
@@ -1389,6 +1389,9 @@ void SelectionController::updateAppearance()
     }
 #endif
 
+    // We need to update style in case the node containing the selection is made display:none.
+    m_frame->document()->updateStyleIfNeeded();
+
     RenderView* view = m_frame->contentRenderer();
     if (!view)
         return;

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list