[webkit-changes] [101272] trunk

[commit-queue]

Title: [101272] trunk

Revision

101272

Author

commit-qu...@webkit.org

Date

2011-11-28 12:09:04 -0800 (Mon, 28 Nov 2011)

Log Message

Crash due to bidi style in isolated run
https://bugs.webkit.org/show_bug.cgi?id=72978

Patch by Ken Buchanan <ke...@chromium.org> on 2011-11-28
Reviewed by Eric Seidel.

Source/WebCore:

Prevent the UBA from changing the embedding level when inside an isolated run.

* rendering/InlineIterator.h:
(WebCore::notifyObserverEnteredObject):
(WebCore::notifyObserverWillExitObject):

LayoutTests:

Test to verify fix for crashing bug.

* fast/text/international/embed-bidi-style-in-isolate-crash.html: Added
* fast/text/international/embed-bidi-style-in-isolate-crash-expected.txt: Added

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/rendering/InlineIterator.h

Added Paths

• trunk/LayoutTests/fast/text/international/embed-bidi-style-in-isolate-crash-expected.txt
• trunk/LayoutTests/fast/text/international/embed-bidi-style-in-isolate-crash.html

Property Changed

• trunk/LayoutTests/ChangeLog
• trunk/Source/WebCore/ChangeLog

Diff

Modified: trunk/LayoutTests/ChangeLog (101271 => 101272)

--- trunk/LayoutTests/ChangeLog	2011-11-28 20:05:27 UTC (rev 101271)
+++ trunk/LayoutTests/ChangeLog	2011-11-28 20:09:04 UTC (rev 101272)
@@ -1,3 +1,15 @@
+2011-11-28  Ken Buchanan  <ke...@chromium.org>
+
+        Crash due to bidi style in isolated run
+        https://bugs.webkit.org/show_bug.cgi?id=72978
+
+        Reviewed by Eric Seidel.
+
+        Test to verify fix for crashing bug.
+
+        * fast/text/international/embed-bidi-style-in-isolate-crash.html: Added
+        * fast/text/international/embed-bidi-style-in-isolate-crash-expected.txt: Added
+
 2011-11-24  Ryosuke Niwa  <rn...@webkit.org>
 
         dir=auto should imply unicode-bidi:isolate by default
Property changes on: trunk/LayoutTests/ChangeLog
___________________________________________________________________

Added: svn:executable

Added: trunk/LayoutTests/fast/text/international/embed-bidi-style-in-isolate-crash-expected.txt (0 => 101272)

--- trunk/LayoutTests/fast/text/international/embed-bidi-style-in-isolate-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/text/international/embed-bidi-style-in-isolate-crash-expected.txt	2011-11-28 20:09:04 UTC (rev 101272)
@@ -0,0 +1 @@
+     PASS, if no exception or crash in debug                               
Property changes on: trunk/LayoutTests/fast/text/international/embed-bidi-style-in-isolate-crash-expected.txt
___________________________________________________________________

Added: svn:executable

Added: trunk/LayoutTests/fast/text/international/embed-bidi-style-in-isolate-crash.html (0 => 101272)

--- trunk/LayoutTests/fast/text/international/embed-bidi-style-in-isolate-crash.html	                        (rev 0)
+++ trunk/LayoutTests/fast/text/international/embed-bidi-style-in-isolate-crash.html	2011-11-28 20:09:04 UTC (rev 101272)
@@ -0,0 +1,11 @@
+<bdi>
+    <ruby>PASS, if no exception or crash in debug</ruby>
+    <em  dir="ltr">
+        <embed></embed>
+        <audio _onerror_="open()" src=""
+    </em>
+</bdi>
+<script>
+    if (window.layoutTestController)
+        layoutTestController.dumpAsText();
+</script>
Property changes on: trunk/LayoutTests/fast/text/international/embed-bidi-style-in-isolate-crash.html
___________________________________________________________________

Added: svn:executable

Modified: trunk/Source/WebCore/ChangeLog (101271 => 101272)

--- trunk/Source/WebCore/ChangeLog	2011-11-28 20:05:27 UTC (rev 101271)
+++ trunk/Source/WebCore/ChangeLog	2011-11-28 20:09:04 UTC (rev 101272)
@@ -1,3 +1,16 @@
+2011-11-28  Ken Buchanan  <ke...@chromium.org>
+
+        Crash due to bidi style in isolated run
+        https://bugs.webkit.org/show_bug.cgi?id=72978
+
+        Reviewed by Eric Seidel.
+
+        Prevent the UBA from changing the embedding level when inside an isolated run.
+
+        * rendering/InlineIterator.h:
+        (WebCore::notifyObserverEnteredObject):
+        (WebCore::notifyObserverWillExitObject):
+
 2011-11-28  Martin Robinson  <mrobin...@igalia.com>
 
         Fix 'make dist' by adding two missing files to source list.
Property changes on: trunk/Source/WebCore/ChangeLog
___________________________________________________________________

Added: svn:executable

Modified: trunk/Source/WebCore/rendering/InlineIterator.h (101271 => 101272)

--- trunk/Source/WebCore/rendering/InlineIterator.h	2011-11-28 20:05:27 UTC (rev 101271)
+++ trunk/Source/WebCore/rendering/InlineIterator.h	2011-11-28 20:09:04 UTC (rev 101272)
@@ -139,7 +139,8 @@
     }
 
     // FIXME: Should unicode-bidi: plaintext really be embedding override/embed characters here?
-    observer->embed(embedCharFromDirection(style->direction(), unicodeBidi), FromStyleOrDOM);
+    if (!observer->inIsolate())
+        observer->embed(embedCharFromDirection(style->direction(), unicodeBidi), FromStyleOrDOM);
 }
 
 template <class Observer>
@@ -157,7 +158,8 @@
     }
 
     // Otherwise we pop any embed/override character we added when we opened this tag.
-    observer->embed(WTF::Unicode::PopDirectionalFormat, FromStyleOrDOM);
+    if (!observer->inIsolate())
+        observer->embed(WTF::Unicode::PopDirectionalFormat, FromStyleOrDOM);
 }
 
 static inline bool isIteratorTarget(RenderObject* object)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes