Skip to site navigation (Press enter)

[webkit-changes] [117283] releases/WebKitGTK/webkit-1.8

kov Wed, 16 May 2012 06:57:08 -0700

Title: [117283] releases/WebKitGTK/webkit-1.8

Revision: 117283
Author: [email protected]
Date: 2012-05-16 06:57:24 -0700 (Wed, 16 May 2012)

Log Message

Merge 113099 - Crash in SelectorChecker::checkOneSelector.
https://bugs.webkit.org/show_bug.cgi?id=83040


Reviewed by Antti Koivisto.

Source/WebCore:

Test: fast/css/css-set-selector-text-crash.html

Removing the early bail when we detect that our selector text
hasn't changed, and we don't notify the styleSelectorChanged.
In fact, when we adopt the new selector list, the old one will
get destroyed and the styleSelectorChanged call needs to be made.

* css/CSSStyleRule.cpp:
(WebCore::CSSStyleRule::setSelectorText):

LayoutTests:

* fast/css/css-set-selector-text-crash-expected.txt: Added.
* fast/css/css-set-selector-text-crash.html: Added.

Modified Paths

releases/WebKitGTK/webkit-1.8/LayoutTests/ChangeLog
releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-1.8/Source/WebCore/css/CSSStyleRule.cpp

Added Paths

releases/WebKitGTK/webkit-1.8/LayoutTests/fast/css/css-set-selector-text-crash-expected.txt
releases/WebKitGTK/webkit-1.8/LayoutTests/fast/css/css-set-selector-text-crash.html

Diff

Modified: releases/WebKitGTK/webkit-1.8/LayoutTests/ChangeLog (117282 => 117283)


--- releases/WebKitGTK/webkit-1.8/LayoutTests/ChangeLog	2012-05-16 13:57:05 UTC (rev 117282)
+++ releases/WebKitGTK/webkit-1.8/LayoutTests/ChangeLog	2012-05-16 13:57:24 UTC (rev 117283)
@@ -1,3 +1,13 @@
+2012-04-03  Abhishek Arya  <[email protected]>
+
+        Crash in SelectorChecker::checkOneSelector.
+        https://bugs.webkit.org/show_bug.cgi?id=83040
+
+        Reviewed by Antti Koivisto.
+
+        * fast/css/css-set-selector-text-crash-expected.txt: Added.
+        * fast/css/css-set-selector-text-crash.html: Added.
+
 2012-04-02  Abhishek Arya  <[email protected]>
 
         <select> shouldn't intrude as a run-in.

Added: releases/WebKitGTK/webkit-1.8/LayoutTests/fast/css/css-set-selector-text-crash-expected.txt (0 => 117283)


--- releases/WebKitGTK/webkit-1.8/LayoutTests/fast/css/css-set-selector-text-crash-expected.txt	                        (rev 0)
+++ releases/WebKitGTK/webkit-1.8/LayoutTests/fast/css/css-set-selector-text-crash-expected.txt	2012-05-16 13:57:24 UTC (rev 117283)
@@ -0,0 +1 @@
+Test passes if it does not crash.

Added: releases/WebKitGTK/webkit-1.8/LayoutTests/fast/css/css-set-selector-text-crash.html (0 => 117283)


--- releases/WebKitGTK/webkit-1.8/LayoutTests/fast/css/css-set-selector-text-crash.html	                        (rev 0)
+++ releases/WebKitGTK/webkit-1.8/LayoutTests/fast/css/css-set-selector-text-crash.html	2012-05-16 13:57:24 UTC (rev 117283)
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<style>
+:target { top: 0; }
+</style>
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+document.styleSheets[0].cssRules[0].selectorText = ':target';
+</script>
+Test passes if it does not crash.
+</html>
+
Property changes on: releases/WebKitGTK/webkit-1.8/LayoutTests/fast/css/css-set-selector-text-crash.html
___________________________________________________________________

Added: svn:executable

Modified: releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog (117282 => 117283)


--- releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog	2012-05-16 13:57:05 UTC (rev 117282)
+++ releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog	2012-05-16 13:57:24 UTC (rev 117283)
@@ -1,3 +1,20 @@
+2012-04-03  Abhishek Arya  <[email protected]>
+
+        Crash in SelectorChecker::checkOneSelector.
+        https://bugs.webkit.org/show_bug.cgi?id=83040
+
+        Reviewed by Antti Koivisto.
+
+        Test: fast/css/css-set-selector-text-crash.html
+
+        Removing the early bail when we detect that our selector text
+        hasn't changed, and we don't notify the styleSelectorChanged.
+        In fact, when we adopt the new selector list, the old one will
+        get destroyed and the styleSelectorChanged call needs to be made.
+
+        * css/CSSStyleRule.cpp:
+        (WebCore::CSSStyleRule::setSelectorText):
+
 2012-04-09  Abhishek Arya  <[email protected]>
 
         Crash due to floats not cleared before starting SVG <text> layout.

Modified: releases/WebKitGTK/webkit-1.8/Source/WebCore/css/CSSStyleRule.cpp (117282 => 117283)


--- releases/WebKitGTK/webkit-1.8/Source/WebCore/css/CSSStyleRule.cpp	2012-05-16 13:57:05 UTC (rev 117282)
+++ releases/WebKitGTK/webkit-1.8/Source/WebCore/css/CSSStyleRule.cpp	2012-05-16 13:57:24 UTC (rev 117283)
@@ -113,9 +113,6 @@
         selectorTextCache().set(this, generateSelectorText());
     }
 
-    if (this->selectorText() == oldSelectorText)
-        return;
-
     doc->styleSelectorChanged(DeferRecalcStyle);
 }

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes