[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198

commit-queue at webkit.org commit-queue at webkit.org
Mon Feb 21 00:13:19 UTC 2011 

The following commit has been merged in the webkit-1.3 branch:
commit 21a74964575633dd33cdb10a0952d8916270305f
Author: commit-queue at webkit.org <commit-queue at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Jan 28 22:17:24 2011 +0000

    2011-01-28  Tom Sepez  <tsepez at chromium.org>
    
            Reviewed by Eric Seidel.
    
            NULL pointer crash in TextIterator::handleTextBox()
            https://bugs.webkit.org/show_bug.cgi?id=53267
    
            * fast/css/rtl-nth-child-first-letter-crash-expected.txt: Added.
            * fast/css/rtl-nth-child-first-letter-crash.html: Added.
    2011-01-28  Tom Sepez  <tsepez at chromium.org>
    
            Reviewed by Eric Seidel.
    
            NULL pointer crash in TextIterator::handleTextBox()
            https://bugs.webkit.org/show_bug.cgi?id=53267
    
            Test: fast/css/rtl-nth-child-first-letter-crash.html
    
            * editing/TextIterator.cpp:
            (WebCore::TextIterator::handleTextBox):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@76987 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 7fd0e5a..87e75bd 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2011-01-28  Tom Sepez  <tsepez at chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        NULL pointer crash in TextIterator::handleTextBox()
+        https://bugs.webkit.org/show_bug.cgi?id=53267
+
+        * fast/css/rtl-nth-child-first-letter-crash-expected.txt: Added.
+        * fast/css/rtl-nth-child-first-letter-crash.html: Added.
+
 2011-01-28  Dimitri Glazkov  <dglazkov at chromium.org>
 
         Skip webkitAudioPannerNode from the test. It's not yet implemented across
diff --git a/LayoutTests/fast/css/rtl-nth-child-first-letter-crash-expected.txt b/LayoutTests/fast/css/rtl-nth-child-first-letter-crash-expected.txt
new file mode 100644
index 0000000..edc3efe
--- /dev/null
+++ b/LayoutTests/fast/css/rtl-nth-child-first-letter-crash-expected.txt
@@ -0,0 +1,4 @@
+}
+NULL pointer crash in TextIterator::handleTextBox() when using RTL text. If there is no crash, then the test passes.
+
+If you can see this, then the test passes.
diff --git a/LayoutTests/fast/css/rtl-nth-child-first-letter-crash.html b/LayoutTests/fast/css/rtl-nth-child-first-letter-crash.html
new file mode 100644
index 0000000..67c65a3
--- /dev/null
+++ b/LayoutTests/fast/css/rtl-nth-child-first-letter-crash.html
@@ -0,0 +1,11 @@
+}
+<style>
+ *:nth-child(2):first-letter {float: left;direction: rtl;
+</style>
+<p>NULL pointer crash in TextIterator::handleTextBox() when using RTL text.
+If there is no crash, then the test passes.</p>
+<script>
+    if (window.layoutTestController)
+        layoutTestController.dumpAsText();
+</script>
+<p>If you can see this, then the test passes.</p>
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index 5999eaf..67a1e82 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2011-01-28  Tom Sepez  <tsepez at chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        NULL pointer crash in TextIterator::handleTextBox()
+        https://bugs.webkit.org/show_bug.cgi?id=53267
+
+        Test: fast/css/rtl-nth-child-first-letter-crash.html
+
+        * editing/TextIterator.cpp:
+        (WebCore::TextIterator::handleTextBox):
+
 2011-01-28  Adrienne Walker  <enne at google.com>
 
         Reviewed by Kenneth Russell.
diff --git a/Source/WebCore/editing/TextIterator.cpp b/Source/WebCore/editing/TextIterator.cpp
index 1fc7606..33374b2 100644
--- a/Source/WebCore/editing/TextIterator.cpp
+++ b/Source/WebCore/editing/TextIterator.cpp
@@ -543,7 +543,7 @@ void TextIterator::handleTextBox()
         unsigned runStart = max(textBoxStart, start);
 
         // Check for collapsed space at the start of this run.
-        InlineTextBox* firstTextBox = renderer->containsReversedText() ? m_sortedTextBoxes[0] : renderer->firstTextBox();
+        InlineTextBox* firstTextBox = renderer->containsReversedText() ? (m_sortedTextBoxes.isEmpty() ? 0 : m_sortedTextBoxes[0]) : renderer->firstTextBox();
         bool needSpace = m_lastTextNodeEndedWithCollapsedSpace
             || (m_textBox == firstTextBox && textBoxStart == runStart && runStart > 0);
         if (needSpace && !isCollapsibleWhitespace(m_lastCharacter) && m_lastCharacter) {

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list