Title: [127071] trunk
- Revision
- 127071
- Author
- infe...@chromium.org
- Date
- 2012-08-29 17:42:04 -0700 (Wed, 29 Aug 2012)
Log Message
Crash in WebCore::StyleSheetContents::checkLoadCompleted.
https://bugs.webkit.org/show_bug.cgi?id=95106
Reviewed by Antti Koivisto.
Source/WebCore:
RefPtr StyleSheetContents since it can get blown away in script execution inside
sheetLoaded().
Test: fast/css/style-element-process-crash.html
* css/StyleSheetContents.cpp:
(WebCore::StyleSheetContents::checkLoadCompleted):
LayoutTests:
* fast/css/style-element-process-crash-expected.txt: Added.
* fast/css/style-element-process-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (127070 => 127071)
--- trunk/LayoutTests/ChangeLog 2012-08-30 00:34:34 UTC (rev 127070)
+++ trunk/LayoutTests/ChangeLog 2012-08-30 00:42:04 UTC (rev 127071)
@@ -1,3 +1,13 @@
+2012-08-29 Abhishek Arya <infe...@chromium.org>
+
+ Crash in WebCore::StyleSheetContents::checkLoadCompleted.
+ https://bugs.webkit.org/show_bug.cgi?id=95106
+
+ Reviewed by Antti Koivisto.
+
+ * fast/css/style-element-process-crash-expected.txt: Added.
+ * fast/css/style-element-process-crash.html: Added.
+
2012-08-29 José Dapena Paz <jdap...@igalia.com>
[Gtk] Process Gtk 3.4 smooth scroll events properly.
Added: trunk/LayoutTests/fast/css/style-element-process-crash-expected.txt (0 => 127071)
--- trunk/LayoutTests/fast/css/style-element-process-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/css/style-element-process-crash-expected.txt 2012-08-30 00:42:04 UTC (rev 127071)
@@ -0,0 +1 @@
+PASS. WebKit didn't crash.
Added: trunk/LayoutTests/fast/css/style-element-process-crash.html (0 => 127071)
--- trunk/LayoutTests/fast/css/style-element-process-crash.html (rev 0)
+++ trunk/LayoutTests/fast/css/style-element-process-crash.html 2012-08-30 00:42:04 UTC (rev 127071)
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+
+function crash() {
+ document.body.innerHTML = "PASS. WebKit didn't crash.";
+}
+</script>
+<object>
+<input autofocus _onfocus_="crash()">
+</object>
+<style>
+.abc::first-child {
+ font: 2147483647 small-caps 3507521020px sans-serif;
+}
+</style>
+</html>
Property changes on: trunk/LayoutTests/fast/css/style-element-process-crash.html
___________________________________________________________________
Added: svn:executable
Modified: trunk/Source/WebCore/ChangeLog (127070 => 127071)
--- trunk/Source/WebCore/ChangeLog 2012-08-30 00:34:34 UTC (rev 127070)
+++ trunk/Source/WebCore/ChangeLog 2012-08-30 00:42:04 UTC (rev 127071)
@@ -1,3 +1,18 @@
+2012-08-29 Abhishek Arya <infe...@chromium.org>
+
+ Crash in WebCore::StyleSheetContents::checkLoadCompleted.
+ https://bugs.webkit.org/show_bug.cgi?id=95106
+
+ Reviewed by Antti Koivisto.
+
+ RefPtr StyleSheetContents since it can get blown away in script execution inside
+ sheetLoaded().
+
+ Test: fast/css/style-element-process-crash.html
+
+ * css/StyleSheetContents.cpp:
+ (WebCore::StyleSheetContents::checkLoadCompleted):
+
2012-08-29 José Dapena Paz <jdap...@igalia.com>
[Gtk] Process Gtk 3.4 smooth scroll events properly.
Modified: trunk/Source/WebCore/css/StyleSheetContents.cpp (127070 => 127071)
--- trunk/Source/WebCore/css/StyleSheetContents.cpp 2012-08-30 00:34:34 UTC (rev 127070)
+++ trunk/Source/WebCore/css/StyleSheetContents.cpp 2012-08-30 00:42:04 UTC (rev 127071)
@@ -349,6 +349,8 @@
if (!checkImportedSheetLoadCompleted())
return;
+ RefPtr<StyleSheetContents> protect(this);
+
ASSERT(hasOneClient());
ASSERT(!m_clients[0]->parentStyleSheet());
RefPtr<Node> ownerNode = m_clients[0]->ownerNode();
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes
