Title: [114350] trunk
- Revision
- 114350
- Author
- commit-qu...@webkit.org
- Date
- 2012-04-16 23:26:53 -0700 (Mon, 16 Apr 2012)
Log Message
Stack overflow in CSS parser caused by recursive stylesheet import
https://bugs.webkit.org/show_bug.cgi?id=83545
Patch by David Barr <davidb...@chromium.org> on 2012-04-16
Reviewed by Ryosuke Niwa.
Source/WebCore:
Test: http/tests/css/css-imports-redirect-cycle.html
* css/CSSImportRule.cpp:
(WebCore::StyleRuleImport::requestStyleSheet):
LayoutTests:
* http/tests/css/css-imports-redirect-cycle-expected.txt: Added.
* http/tests/css/css-imports-redirect-cycle.css: Added.
* http/tests/css/css-imports-redirect-cycle.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (114349 => 114350)
--- trunk/LayoutTests/ChangeLog 2012-04-17 06:22:45 UTC (rev 114349)
+++ trunk/LayoutTests/ChangeLog 2012-04-17 06:26:53 UTC (rev 114350)
@@ -1,3 +1,14 @@
+2012-04-16 David Barr <davidb...@chromium.org>
+
+ Stack overflow in CSS parser caused by recursive stylesheet import
+ https://bugs.webkit.org/show_bug.cgi?id=83545
+
+ Reviewed by Ryosuke Niwa.
+
+ * http/tests/css/css-imports-redirect-cycle-expected.txt: Added.
+ * http/tests/css/css-imports-redirect-cycle.css: Added.
+ * http/tests/css/css-imports-redirect-cycle.html: Added.
+
2012-04-16 Takashi Toyoshima <toyos...@chromium.org>
Unreviewed, skip one more worker WebSocket test.
Added: trunk/LayoutTests/http/tests/css/css-imports-redirect-cycle-expected.txt (0 => 114350)
--- trunk/LayoutTests/http/tests/css/css-imports-redirect-cycle-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/css/css-imports-redirect-cycle-expected.txt 2012-04-17 06:26:53 UTC (rev 114350)
@@ -0,0 +1 @@
+
Added: trunk/LayoutTests/http/tests/css/css-imports-redirect-cycle.css (0 => 114350)
--- trunk/LayoutTests/http/tests/css/css-imports-redirect-cycle.css (rev 0)
+++ trunk/LayoutTests/http/tests/css/css-imports-redirect-cycle.css 2012-04-17 06:26:53 UTC (rev 114350)
@@ -0,0 +1 @@
+@import url("../resources/redirect.php?url=""
Added: trunk/LayoutTests/http/tests/css/css-imports-redirect-cycle.html (0 => 114350)
--- trunk/LayoutTests/http/tests/css/css-imports-redirect-cycle.html (rev 0)
+++ trunk/LayoutTests/http/tests/css/css-imports-redirect-cycle.html 2012-04-17 06:26:53 UTC (rev 114350)
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+</script>
+<link href="" rel="stylesheet">
+</head>
+<body></body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (114349 => 114350)
--- trunk/Source/WebCore/ChangeLog 2012-04-17 06:22:45 UTC (rev 114349)
+++ trunk/Source/WebCore/ChangeLog 2012-04-17 06:26:53 UTC (rev 114350)
@@ -1,3 +1,15 @@
+2012-04-16 David Barr <davidb...@chromium.org>
+
+ Stack overflow in CSS parser caused by recursive stylesheet import
+ https://bugs.webkit.org/show_bug.cgi?id=83545
+
+ Reviewed by Ryosuke Niwa.
+
+ Test: http/tests/css/css-imports-redirect-cycle.html
+
+ * css/CSSImportRule.cpp:
+ (WebCore::StyleRuleImport::requestStyleSheet):
+
2012-04-16 Kent Tamura <tk...@chromium.org>
Rename LocalizedNumberICU.h to ICULocale.h
Modified: trunk/Source/WebCore/css/CSSImportRule.cpp (114349 => 114350)
--- trunk/Source/WebCore/css/CSSImportRule.cpp 2012-04-17 06:22:45 UTC (rev 114349)
+++ trunk/Source/WebCore/css/CSSImportRule.cpp 2012-04-17 06:26:53 UTC (rev 114350)
@@ -137,7 +137,7 @@
StyleSheetInternal* rootSheet = m_parentStyleSheet;
for (StyleSheetInternal* sheet = m_parentStyleSheet; sheet; sheet = sheet->parentStyleSheet()) {
// FIXME: This is wrong if the finalURL was updated via document::updateBaseURL.
- if (absHref == sheet->finalURL().string())
+ if (absHref == sheet->finalURL().string() || absHref == sheet->originalURL())
return;
rootSheet = sheet;
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
