[webkit-changes] [124076] branches/chromium/1180

[schenney]

Title: [124076] branches/chromium/1180

Revision

124076

Author

schen...@chromium.org

Date

2012-07-30 13:04:06 -0700 (Mon, 30 Jul 2012)

Log Message

Merge 123377 - Crash when setting empty class name on a new element
https://bugs.webkit.org/show_bug.cgi?id=92024

Reviewed by Andreas Kling.

Source/WebCore: 

Add a check for null attributeData() when setting the className to an
empty string on a newly created element. New SVG elements have null
attributeData() on baseVal upon creation.

Test: svg/custom/empty-className-baseVal-crash.html

* dom/StyledElement.cpp:
(WebCore::StyledElement::classAttributeChanged): Add check for null attributeData()

LayoutTests: 

Add a check for null attributeData() when setting the className to an
empty string on a newly created element.

* svg/custom/empty-className-baseVal-crash-expected.txt: Added.
* svg/custom/empty-className-baseVal-crash.html: Added.


TBR=schen...@chromium.org
Review URL: https://chromiumcodereview.appspot.com/10824091

Modified Paths

• branches/chromium/1180/Source/WebCore/dom/StyledElement.cpp

Added Paths

• branches/chromium/1180/LayoutTests/svg/custom/empty-className-baseVal-crash-expected.txt
• branches/chromium/1180/LayoutTests/svg/custom/empty-className-baseVal-crash.html

Diff

Copied: branches/chromium/1180/LayoutTests/svg/custom/empty-className-baseVal-crash-expected.txt (from rev 123377, trunk/LayoutTests/svg/custom/empty-className-baseVal-crash-expected.txt) (0 => 124076)

--- branches/chromium/1180/LayoutTests/svg/custom/empty-className-baseVal-crash-expected.txt	                        (rev 0)
+++ branches/chromium/1180/LayoutTests/svg/custom/empty-className-baseVal-crash-expected.txt	2012-07-30 20:04:06 UTC (rev 124076)
@@ -0,0 +1 @@
+PASS if no crash.

Copied: branches/chromium/1180/LayoutTests/svg/custom/empty-className-baseVal-crash.html (from rev 123377, trunk/LayoutTests/svg/custom/empty-className-baseVal-crash.html) (0 => 124076)

--- branches/chromium/1180/LayoutTests/svg/custom/empty-className-baseVal-crash.html	                        (rev 0)
+++ branches/chromium/1180/LayoutTests/svg/custom/empty-className-baseVal-crash.html	2012-07-30 20:04:06 UTC (rev 124076)
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<script>
+  if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+  document.createElementNS("http://www.w3.org/2000/svg", "svg").className.baseVal = "";
+</script>
+<body>
+  PASS if no crash.
+</body>

Modified: branches/chromium/1180/Source/WebCore/dom/StyledElement.cpp (124075 => 124076)

--- branches/chromium/1180/Source/WebCore/dom/StyledElement.cpp	2012-07-30 19:51:56 UTC (rev 124075)
+++ branches/chromium/1180/Source/WebCore/dom/StyledElement.cpp	2012-07-30 20:04:06 UTC (rev 124076)
@@ -172,7 +172,7 @@
         ensureAttributeData()->setClass(newClassString, shouldFoldCase);
         if (DOMTokenList* classList = optionalClassList())
             static_cast<ClassList*>(classList)->reset(newClassString);
-    } else
+    } else if (attributeData())
         attributeData()->clearClass();
     setNeedsStyleRecalc();
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes