Title: [191055] branches/safari-601-branch
- Revision
- 191055
- Author
- matthew_han...@apple.com
- Date
- 2015-10-14 11:49:39 -0700 (Wed, 14 Oct 2015)
Log Message
Merge r190339. rdar://problem/23075538
Modified Paths
Added Paths
Diff
Modified: branches/safari-601-branch/LayoutTests/ChangeLog (191054 => 191055)
--- branches/safari-601-branch/LayoutTests/ChangeLog 2015-10-14 18:49:36 UTC (rev 191054)
+++ branches/safari-601-branch/LayoutTests/ChangeLog 2015-10-14 18:49:39 UTC (rev 191055)
@@ -1,5 +1,22 @@
2015-10-13 Matthew Hanson <matthew_han...@apple.com>
+ Merge r190339. rdar://problem/23075538
+
+ 2015-09-29 Jon Honeycutt <jhoneyc...@apple.com>
+
+ Avoid reparsing an XSLT stylesheet after the first failure.
+ https://bugs.webkit.org/show_bug.cgi?id=149188
+ <rdar://problem/22709912>
+
+ Reviewed by Dave Hyatt.
+
+ Patch by Jiewen Tan, jiewen_...@apple.com.
+
+ * svg/custom/invalid-xslt-crash-expected.txt: Added.
+ * svg/custom/invalid-xslt-crash.svg: Added.
+
+2015-10-13 Matthew Hanson <matthew_han...@apple.com>
+
Merge r189421. rdar://problem/22802049
2015-09-04 Myles C. Maxfield <mmaxfi...@apple.com>
Added: branches/safari-601-branch/LayoutTests/svg/custom/invalid-xslt-crash-expected.txt (0 => 191055)
--- branches/safari-601-branch/LayoutTests/svg/custom/invalid-xslt-crash-expected.txt (rev 0)
+++ branches/safari-601-branch/LayoutTests/svg/custom/invalid-xslt-crash-expected.txt 2015-10-14 18:49:39 UTC (rev 191055)
@@ -0,0 +1,2 @@
+layer at (0,0) size 800x600
+ RenderView at (0,0) size 800x600
Added: branches/safari-601-branch/LayoutTests/svg/custom/invalid-xslt-crash.svg (0 => 191055)
--- branches/safari-601-branch/LayoutTests/svg/custom/invalid-xslt-crash.svg (rev 0)
+++ branches/safari-601-branch/LayoutTests/svg/custom/invalid-xslt-crash.svg 2015-10-14 18:49:39 UTC (rev 191055)
@@ -0,0 +1,7 @@
+<?xml-stylesheet type="application/xml" href=""
+<svg xmlns="http://www.w3.org/2000/svg"
+ xmlns:xslt="http://www.w3.org/1999/XSL/Transform"
+ xslt:version="1.0">
+ <!-- The test passes if it doesn't crash -->
+ <xslt:attribute nnnnnnnnnnname="fill">lime</xslt:attribute>
+</svg>
Modified: branches/safari-601-branch/Source/WebCore/ChangeLog (191054 => 191055)
--- branches/safari-601-branch/Source/WebCore/ChangeLog 2015-10-14 18:49:36 UTC (rev 191054)
+++ branches/safari-601-branch/Source/WebCore/ChangeLog 2015-10-14 18:49:39 UTC (rev 191055)
@@ -1,5 +1,30 @@
2015-10-13 Matthew Hanson <matthew_han...@apple.com>
+ Merge r190339. rdar://problem/23075538
+
+ 2015-09-29 Jon Honeycutt <jhoneyc...@apple.com>
+
+ Avoid reparsing an XSLT stylesheet after the first failure.
+ https://bugs.webkit.org/show_bug.cgi?id=149188
+ <rdar://problem/22709912>
+
+ Reviewed by Dave Hyatt.
+
+ Patch by Jiewen Tan, jiewen_...@apple.com.
+
+ Test: svg/custom/invalid-xslt-crash.svg
+
+ * xml/XSLStyleSheet.h:
+ Add a new member variable m_compilationFailed that tracks whether
+ compilation has failed. Default value is false.
+
+ * xml/XSLStyleSheetLibxslt.cpp:
+ (WebCore::XSLStyleSheet::compileStyleSheet):
+ Return early if the compilation has failed before. After compiling the
+ style sheet, if we failed, set m_compilationFailed to true.
+
+2015-10-13 Matthew Hanson <matthew_han...@apple.com>
+
Merge r190097. rdar://problem/23075540
2015-09-21 Ryosuke Niwa <rn...@webkit.org>
Modified: branches/safari-601-branch/Source/WebCore/xml/XSLStyleSheet.h (191054 => 191055)
--- branches/safari-601-branch/Source/WebCore/xml/XSLStyleSheet.h 2015-10-14 18:49:36 UTC (rev 191054)
+++ branches/safari-601-branch/Source/WebCore/xml/XSLStyleSheet.h 2015-10-14 18:49:39 UTC (rev 191055)
@@ -116,7 +116,8 @@
xmlDocPtr m_stylesheetDoc;
bool m_stylesheetDocTaken;
-
+ bool m_compilationFailed = false;
+
XSLStyleSheet* m_parentStyleSheet;
};
Modified: branches/safari-601-branch/Source/WebCore/xml/XSLStyleSheetLibxslt.cpp (191054 => 191055)
--- branches/safari-601-branch/Source/WebCore/xml/XSLStyleSheetLibxslt.cpp 2015-10-14 18:49:36 UTC (rev 191054)
+++ branches/safari-601-branch/Source/WebCore/xml/XSLStyleSheetLibxslt.cpp 2015-10-14 18:49:39 UTC (rev 191055)
@@ -245,12 +245,19 @@
if (m_embedded)
return xsltLoadStylesheetPI(document());
+ // Certain libxslt versions are corrupting the xmlDoc on compilation
+ // failures - hence attempting to recompile after a failure is unsafe.
+ if (m_compilationFailed)
+ return 0;
+
// xsltParseStylesheetDoc makes the document part of the stylesheet
// so we have to release our pointer to it.
ASSERT(!m_stylesheetDocTaken);
xsltStylesheetPtr result = xsltParseStylesheetDoc(m_stylesheetDoc);
if (result)
m_stylesheetDocTaken = true;
+ else
+ m_compilationFailed = true;
return result;
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes