[webkit-changes] [138141] trunk

Wed, 19 Dec 2012 03:54:25 -0800

Title: [138141] trunk
Revision
138141
Author
r...@webkit.org
Date
2012-12-19 03:56:08 -0800 (Wed, 19 Dec 2012)

Log Message

CSSParser crases, when no context is available, and the value is a valid keyword
https://bugs.webkit.org/show_bug.cgi?id=105275

Reviewed by Tony Chang.

ParserContext could be null even if the keyword is valid. We have to check it.

Source/WebCore:

Test: fast/css/invalid-parsercontext-valid-keyword-crash.svg

* css/CSSParser.cpp:
(WebCore::CSSParser::parseValue):

LayoutTests:

* fast/css/invalid-parsercontext-valid-keyword-crash-expected.txt: Added.
* fast/css/invalid-parsercontext-valid-keyword-crash.svg: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (138140 => 138141)


--- trunk/LayoutTests/ChangeLog	2012-12-19 11:35:05 UTC (rev 138140)
+++ trunk/LayoutTests/ChangeLog	2012-12-19 11:56:08 UTC (rev 138141)
@@ -1,3 +1,15 @@
+2012-12-19  Renata Hodovan  <r...@webkit.org>
+
+        CSSParser crases, when no context is available, and the value is a valid keyword
+        https://bugs.webkit.org/show_bug.cgi?id=105275
+
+        Reviewed by Tony Chang.
+
+        ParserContext could be null even if the keyword is valid. We have to check it.
+
+        * fast/css/invalid-parsercontext-valid-keyword-crash-expected.txt: Added.
+        * fast/css/invalid-parsercontext-valid-keyword-crash.svg: Added.
+
 2012-12-19  Dominik Röttsches  <dominik.rottsc...@intel.com>
 
         [EFL] Unreviewed gardening.

Added: trunk/LayoutTests/fast/css/invalid-parsercontext-valid-keyword-crash-expected.txt (0 => 138141)


--- trunk/LayoutTests/fast/css/invalid-parsercontext-valid-keyword-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/css/invalid-parsercontext-valid-keyword-crash-expected.txt	2012-12-19 11:56:08 UTC (rev 138141)
@@ -0,0 +1 @@
+Excellent - did not crash. See bug https://bugs.webkit.org/show_bug.cgi?id=105275

Added: trunk/LayoutTests/fast/css/invalid-parsercontext-valid-keyword-crash.svg (0 => 138141)


--- trunk/LayoutTests/fast/css/invalid-parsercontext-valid-keyword-crash.svg	                        (rev 0)
+++ trunk/LayoutTests/fast/css/invalid-parsercontext-valid-keyword-crash.svg	2012-12-19 11:56:08 UTC (rev 138141)
@@ -0,0 +1,13 @@
+<svg xmlns="http://www.w3.org/2000/svg">
+    <!-- This test passes if there is no crash. -->
+    <rect>
+	    <animate attributeName="display" to="bevel"></animate>
+    </rect>
+
+    <text x="10" y="20">Excellent - did not crash. See bug https://bugs.webkit.org/show_bug.cgi?id=105275</text>
+    <script>
+        if (window.testRunner)
+            testRunner.dumpAsText();
+    </script>
+</svg>
+

Modified: trunk/Source/WebCore/ChangeLog (138140 => 138141)


--- trunk/Source/WebCore/ChangeLog	2012-12-19 11:35:05 UTC (rev 138140)
+++ trunk/Source/WebCore/ChangeLog	2012-12-19 11:56:08 UTC (rev 138141)
@@ -1,3 +1,17 @@
+2012-12-19  Renata Hodovan  <r...@webkit.org>
+
+        CSSParser crases, when no context is available, and the value is a valid keyword
+        https://bugs.webkit.org/show_bug.cgi?id=105275
+
+        Reviewed by Tony Chang.
+
+        ParserContext could be null even if the keyword is valid. We have to check it.
+
+        Test: fast/css/invalid-parsercontext-valid-keyword-crash.svg
+
+        * css/CSSParser.cpp:
+        (WebCore::CSSParser::parseValue):
+
 2012-12-19  Kondapally Kalyan  <kalyan.kondapa...@intel.com>
 
         [EFL][WebGL] Refactor GLXSurface.

Modified: trunk/Source/WebCore/css/CSSParser.cpp (138140 => 138141)


--- trunk/Source/WebCore/css/CSSParser.cpp	2012-12-19 11:35:05 UTC (rev 138140)
+++ trunk/Source/WebCore/css/CSSParser.cpp	2012-12-19 11:56:08 UTC (rev 138141)
@@ -1229,16 +1229,18 @@
         return true;
     if (parseColorValue(declaration, propertyID, string, important, cssParserMode))
         return true;
-    if (parseKeywordValue(declaration, propertyID, string, important, contextStyleSheet->parserContext()))
-        return true;
-    if (parseTranslateTransformValue(declaration, propertyID, string, important))
-        return true;
 
     CSSParserContext context(cssParserMode);
     if (contextStyleSheet) {
         context = contextStyleSheet->parserContext();
         context.mode = cssParserMode;
     }
+
+    if (parseKeywordValue(declaration, propertyID, string, important, context))
+        return true;
+    if (parseTranslateTransformValue(declaration, propertyID, string, important))
+        return true;
+
     CSSParser parser(context);
     return parser.parseValue(declaration, propertyID, string, important, contextStyleSheet);
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to