[SCM] WebKit Debian packaging branch, webkit-1.2, updated. 1.2.5-1500-gb65db3c
Huzaifa Sidhpurwala
huzaifas at redhat.com
Tue Jan 11 11:41:58 UTC 2011
The following commit has been merged in the webkit-1.2 branch:
commit 3904251517d5751993c4462aa3be5161776a2245
Author: Huzaifa Sidhpurwala <huzaifas at redhat.com>
Date: Wed Dec 22 12:31:53 2010 +0530
Backport crash fix by Huzaifa Sidhpurwala <huzaifas at redhat.com>
2010-11-24 Cris Neckar <cdn at chromium.org>
Reviewed by Adam Barth.
Added check when parsing local fonts to ensure that a value's unit type is either string or ident.
https://bugs.webkit.org/show_bug.cgi?id=49883
Test: fast/css/local_font_invalid.html
* css/CSSParser.cpp:
(WebCore::CSSParser::parseFontFaceSrc):
2010-11-24 Cris Neckar <cdn at chromium.org>
Reviewed by Adam Barth.
Test for crash with invalid local fonts.
https://bugs.webkit.org/show_bug.cgi?id=49883
* fast/css/local_font_invalid-expected.txt: Added.
* fast/css/local_font_invalid.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@72685 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/editing/selection/5136696-expected.txt b/LayoutTests/fast/css/local_font_invalid-expected.txt
similarity index 100%
copy from LayoutTests/editing/selection/5136696-expected.txt
copy to LayoutTests/fast/css/local_font_invalid-expected.txt
diff --git a/LayoutTests/fast/css/local_font_invalid.html b/LayoutTests/fast/css/local_font_invalid.html
new file mode 100644
index 0000000..35198fd
--- /dev/null
+++ b/LayoutTests/fast/css/local_font_invalid.html
@@ -0,0 +1,10 @@
+<html>
+<script>
+ if (layoutTestController)
+ layoutTestController.dumpAsText();
+</script>
+ <body>
+ <h1 id=1 style="src: local(2097153)" />
+ PASS
+ </body>
+</html>
diff --git a/WebCore/css/CSSParser.cpp b/WebCore/css/CSSParser.cpp
index 69cade9..92c5de1 100644
--- a/WebCore/css/CSSParser.cpp
+++ b/WebCore/css/CSSParser.cpp
@@ -3378,7 +3378,8 @@ bool CSSParser::parseFontFaceSrc()
// There are two allowed functions: local() and format().
CSSParserValueList* args = val->function->args;
if (args && args->size() == 1) {
- if (equalIgnoringCase(val->function->name, "local(") && !expectComma) {
+ if (equalIgnoringCase(val->function->name, "local(") && !expectComma && (args->current()->unit == CSSPrimitiveValue::CSS_STRING ||
+ args->current()->unit == CSSPrimitiveValue::CSS_IDENT)) {
expectComma = true;
allowFormat = false;
CSSParserValue* a = args->current();
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list