[SCM] WebKit Debian packaging branch, debian/experimental, updated. debian/1.3.8-1-1049-g2e11a8e

jschuh at chromium.org jschuh at chromium.org
Fri Jan 21 14:40:31 UTC 2011 

The following commit has been merged in the debian/experimental branch:
commit 887e198977581ba8383c2215807c237a83d58a25
Author: jschuh at chromium.org <jschuh at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Dec 24 10:38:53 2010 +0000

    2010-12-24  Justin Schuh  <jschuh at chromium.org>
    
            Reviewed by Darin Adler.
    
            SVGFontFaceElement::rebuildFontFace() should exit when not in document
            https://bugs.webkit.org/show_bug.cgi?id=51571
    
            * svg/custom/use-invalid-font-face-expected.txt: Added.
            * svg/custom/use-invalid-font-face.svg: Added.
    2010-12-24  Justin Schuh  <jschuh at chromium.org>
    
            Reviewed by Darin Adler.
    
            SVGFontFaceElement::rebuildFontFace() should exit when not in document
            https://bugs.webkit.org/show_bug.cgi?id=51571
    
            We were hitting a NULL deref crash. Since most of the callers checked
            inDocument() anyway, I moved it into the start of rebuildFontFace.
    
            Test: svg/custom/use-invalid-font-face.svg
    
            * svg/SVGFontFaceElement.cpp:
            (WebCore::SVGFontFaceElement::parseMappedAttribute):
            (WebCore::SVGFontFaceElement::rebuildFontFace):
            (WebCore::SVGFontFaceElement::childrenChanged):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@74622 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index ae7ba46..9b283a3 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-12-24  Justin Schuh  <jschuh at chromium.org>
+
+        Reviewed by Darin Adler.
+
+        SVGFontFaceElement::rebuildFontFace() should exit when not in document
+        https://bugs.webkit.org/show_bug.cgi?id=51571
+
+        * svg/custom/use-invalid-font-face-expected.txt: Added.
+        * svg/custom/use-invalid-font-face.svg: Added.
+
 2010-12-23  Yuta Kitamura  <yutak at chromium.org>
 
         Unreviewed. Update GTK's Skipped file.
diff --git a/LayoutTests/svg/custom/use-invalid-font-face-expected.txt b/LayoutTests/svg/custom/use-invalid-font-face-expected.txt
new file mode 100644
index 0000000..ef80d3a
--- /dev/null
+++ b/LayoutTests/svg/custom/use-invalid-font-face-expected.txt
@@ -0,0 +1 @@
+PASS: Invalid font face did not crash.
diff --git a/LayoutTests/svg/custom/use-invalid-font-face.svg b/LayoutTests/svg/custom/use-invalid-font-face.svg
new file mode 100644
index 0000000..78721f3
--- /dev/null
+++ b/LayoutTests/svg/custom/use-invalid-font-face.svg
@@ -0,0 +1,13 @@
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+    <script>
+        if (window.layoutTestController)
+            layoutTestController.dumpAsText();
+    </script>
+    <font-face id="font">
+        <font-face-src>
+            <foreignObject/>
+        </font-face-src>
+    </font-face>
+    <use xlink:href="#font" />
+    <text x="20" y="20" fill="green">PASS: Invalid font face did not crash.</text>
+</svg>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 136cd25..03ba7d0 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -2,6 +2,23 @@
 
         Reviewed by Darin Adler.
 
+        SVGFontFaceElement::rebuildFontFace() should exit when not in document
+        https://bugs.webkit.org/show_bug.cgi?id=51571
+
+        We were hitting a NULL deref crash. Since most of the callers checked
+        inDocument() anyway, I moved it into the start of rebuildFontFace.
+
+        Test: svg/custom/use-invalid-font-face.svg
+
+        * svg/SVGFontFaceElement.cpp:
+        (WebCore::SVGFontFaceElement::parseMappedAttribute):
+        (WebCore::SVGFontFaceElement::rebuildFontFace):
+        (WebCore::SVGFontFaceElement::childrenChanged):
+
+2010-12-24  Justin Schuh  <jschuh at chromium.org>
+
+        Reviewed by Darin Adler.
+
         Remove unnecessary check in CSSCanvasValue::canvasDestroyed().
         https://bugs.webkit.org/show_bug.cgi?id=51564
 
diff --git a/WebCore/svg/SVGFontFaceElement.cpp b/WebCore/svg/SVGFontFaceElement.cpp
index 892d54d..ef7f5bd 100644
--- a/WebCore/svg/SVGFontFaceElement.cpp
+++ b/WebCore/svg/SVGFontFaceElement.cpp
@@ -114,8 +114,7 @@ void SVGFontFaceElement::parseMappedAttribute(Attribute* attr)
     int propId = cssPropertyIdForSVGAttributeName(attr->name());
     if (propId > 0) {
         m_styleDeclaration->setProperty(propId, attr->value(), false);
-        if (inDocument())
-            rebuildFontFace();
+        rebuildFontFace();
         return;
     }
     
@@ -264,7 +263,8 @@ String SVGFontFaceElement::fontFamily() const
 
 void SVGFontFaceElement::rebuildFontFace()
 {
-    ASSERT(inDocument());
+    if (!inDocument())
+        return;
 
     // we currently ignore all but the first src element, alternatively we could concat them
     SVGFontFaceSrcElement* srcElement = 0;
@@ -328,8 +328,7 @@ void SVGFontFaceElement::removedFromDocument()
 void SVGFontFaceElement::childrenChanged(bool changedByParser, Node* beforeChange, Node* afterChange, int childCountDelta)
 {
     SVGElement::childrenChanged(changedByParser, beforeChange, afterChange, childCountDelta);
-    if (inDocument())
-        rebuildFontFace();
+    rebuildFontFace();
 }
 
 void SVGFontFaceElement::removeFromMappedElementSheet()

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list