[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198

yuzo at google.com yuzo at google.com
Sun Feb 20 23:22:10 UTC 2011 

The following commit has been merged in the webkit-1.3 branch:
commit ab365cee6290f6ec3b5af883dde23771ff761461
Author: yuzo at google.com <yuzo at google.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Jan 20 04:19:50 2011 +0000

    2011-01-19  Yuzo Fujishima  <yuzo at google.com>
    
            Reviewed by Kent Tamura.
    
            Fix for Bug 52279 - WebCore::RenderBlock::updateFirstLetter crashes for anonymous blocks
            https://bugs.webkit.org/show_bug.cgi?id=52279
    
            * fast/css/first-letter-anonymous-block-crash-expected.txt: Added.
            * fast/css/first-letter-anonymous-block-crash.html: Added.
    2011-01-19  Yuzo Fujishima  <yuzo at google.com>
    
            Reviewed by Kent Tamura.
    
            Fix for Bug 52279 - WebCore::RenderBlock::updateFirstLetter crashes for anonymous blocks
            https://bugs.webkit.org/show_bug.cgi?id=52279
    
            In constructing text fragments to handle first-letter rule, first add
            the text for the non-first letters and then remove the original text,
            rather than the other way around. Otherwise, the text can be added to
            an anoymous block that is different from the original one. This breaks
            the assumption that a first letter render object has a non-null sibling
            for the non-first letters and causes a crash.
    
            Test: fast/css/first-letter-anonymous-block-crash.html
    
            * rendering/RenderBlock.cpp:
            (WebCore::RenderBlock::updateFirstLetter):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@76201 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index f9e9ae1..c358971 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2011-01-19  Yuzo Fujishima  <yuzo at google.com>
+
+        Reviewed by Kent Tamura.
+
+        Fix for Bug 52279 - WebCore::RenderBlock::updateFirstLetter crashes for anonymous blocks
+        https://bugs.webkit.org/show_bug.cgi?id=52279
+
+        * fast/css/first-letter-anonymous-block-crash-expected.txt: Added.
+        * fast/css/first-letter-anonymous-block-crash.html: Added.
+
 2011-01-19  James Robinson  <jamesr at chromium.org>
 
         Unreviewed, rolling out r76194.
diff --git a/LayoutTests/fast/css-generated-content/absolute-position-inside-inline-expected.txt b/LayoutTests/fast/css/first-letter-anonymous-block-crash-expected.txt
similarity index 100%
copy from LayoutTests/fast/css-generated-content/absolute-position-inside-inline-expected.txt
copy to LayoutTests/fast/css/first-letter-anonymous-block-crash-expected.txt
diff --git a/LayoutTests/fast/css/first-letter-anonymous-block-crash.html b/LayoutTests/fast/css/first-letter-anonymous-block-crash.html
new file mode 100644
index 0000000..3c21504
--- /dev/null
+++ b/LayoutTests/fast/css/first-letter-anonymous-block-crash.html
@@ -0,0 +1,15 @@
+<html>
+<style type=text/css>
+dd:first-letter { content:""; }
+dir:first-letter { text-align:""; }
+</style>
+<dd>
+<dir>
+<font>
+<form>
+No crash means PASS
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+</script>
+</html>
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index 7365cbc..e8d77d5 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,22 @@
+2011-01-19  Yuzo Fujishima  <yuzo at google.com>
+
+        Reviewed by Kent Tamura.
+
+        Fix for Bug 52279 - WebCore::RenderBlock::updateFirstLetter crashes for anonymous blocks
+        https://bugs.webkit.org/show_bug.cgi?id=52279
+
+        In constructing text fragments to handle first-letter rule, first add
+        the text for the non-first letters and then remove the original text,
+        rather than the other way around. Otherwise, the text can be added to
+        an anoymous block that is different from the original one. This breaks
+        the assumption that a first letter render object has a non-null sibling
+        for the non-first letters and causes a crash.
+
+        Test: fast/css/first-letter-anonymous-block-crash.html
+
+        * rendering/RenderBlock.cpp:
+        (WebCore::RenderBlock::updateFirstLetter):
+
 2011-01-19  James Robinson  <jamesr at chromium.org>
 
         Unreviewed, rolling out r76194.
diff --git a/Source/WebCore/rendering/RenderBlock.cpp b/Source/WebCore/rendering/RenderBlock.cpp
index fa48907..33c5d8b 100644
--- a/Source/WebCore/rendering/RenderBlock.cpp
+++ b/Source/WebCore/rendering/RenderBlock.cpp
@@ -5251,9 +5251,8 @@ void RenderBlock::updateFirstLetter()
         if (remainingText->node())
             remainingText->node()->setRenderer(remainingText);
 
-        RenderObject* nextObj = textObj->nextSibling();
+        firstLetterContainer->addChild(remainingText, textObj);
         firstLetterContainer->removeChild(textObj);
-        firstLetterContainer->addChild(remainingText, nextObj);
         remainingText->setFirstLetter(firstLetter);
         
         // construct text fragment for the first letter

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list