Title: [124066] branches/safari-536.26-branch
- Revision
- 124066
- Author
- lforsch...@apple.com
- Date
- 2012-07-30 11:46:58 -0700 (Mon, 30 Jul 2012)
Log Message
Merged r117304. <rdar://problem/11942070>
Modified Paths
Added Paths
Diff
Modified: branches/safari-536.26-branch/LayoutTests/ChangeLog (124065 => 124066)
--- branches/safari-536.26-branch/LayoutTests/ChangeLog 2012-07-30 18:44:44 UTC (rev 124065)
+++ branches/safari-536.26-branch/LayoutTests/ChangeLog 2012-07-30 18:46:58 UTC (rev 124066)
@@ -1,5 +1,19 @@
2012-07-30 Lucas Forschler <lforsch...@apple.com>
+ Merge 117304
+
+ 2012-05-16 Abhishek Arya <infe...@chromium.org>
+
+ Missing RenderApplet cast check in HTMLAppletElement::renderWidgetForJSBindings.
+ https://bugs.webkit.org/show_bug.cgi?id=86627
+
+ Reviewed by Andreas Kling.
+
+ * java/inline-applet-crash-expected.txt: Added.
+ * java/inline-applet-crash.html: Added.
+
+2012-07-30 Lucas Forschler <lforsch...@apple.com>
+
Merge 117289
2012-05-16 Rob Buis <rb...@rim.com>
Copied: branches/safari-536.26-branch/LayoutTests/java/inline-applet-crash-expected.txt (from rev 117304, trunk/LayoutTests/java/inline-applet-crash-expected.txt) (0 => 124066)
--- branches/safari-536.26-branch/LayoutTests/java/inline-applet-crash-expected.txt (rev 0)
+++ branches/safari-536.26-branch/LayoutTests/java/inline-applet-crash-expected.txt 2012-07-30 18:46:58 UTC (rev 124066)
@@ -0,0 +1 @@
+Test passes if it does not crash.
Copied: branches/safari-536.26-branch/LayoutTests/java/inline-applet-crash.html (from rev 117304, trunk/LayoutTests/java/inline-applet-crash.html) (0 => 124066)
--- branches/safari-536.26-branch/LayoutTests/java/inline-applet-crash.html (rev 0)
+++ branches/safari-536.26-branch/LayoutTests/java/inline-applet-crash.html 2012-07-30 18:46:58 UTC (rev 124066)
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+Test passes if it does not crash.
+<applet code=doesnotexist.class></applet>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.overridePreference("WebKitJavaEnabled", "1");
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function walk(arr, currentPrefix, index, domNode) {
+ if (!domNode)
+ return;
+
+ newPrefix = currentPrefix + "_" + index;
+ walk(arr, currentPrefix, index + 1, domNode.nextSibling);
+ walk(arr, newPrefix, 0, domNode.firstChild);
+}
+
+function crash() {
+ var temp = new Array();
+ walk(temp, "", 0, document.documentElement);
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+
+setTimeout("crash();", 0);
+</script>
+</html>
Modified: branches/safari-536.26-branch/Source/WebCore/ChangeLog (124065 => 124066)
--- branches/safari-536.26-branch/Source/WebCore/ChangeLog 2012-07-30 18:44:44 UTC (rev 124065)
+++ branches/safari-536.26-branch/Source/WebCore/ChangeLog 2012-07-30 18:46:58 UTC (rev 124066)
@@ -1,5 +1,21 @@
2012-07-30 Lucas Forschler <lforsch...@apple.com>
+ Merge 117304
+
+ 2012-05-16 Abhishek Arya <infe...@chromium.org>
+
+ Missing RenderApplet cast check in HTMLAppletElement::renderWidgetForJSBindings.
+ https://bugs.webkit.org/show_bug.cgi?id=86627
+
+ Reviewed by Andreas Kling.
+
+ Test: java/inline-applet-crash.html
+
+ * html/HTMLAppletElement.cpp:
+ (WebCore::HTMLAppletElement::renderWidgetForJSBindings):
+
+2012-07-30 Lucas Forschler <lforsch...@apple.com>
+
Merge 117289
2012-05-16 Rob Buis <rb...@rim.com>
Modified: branches/safari-536.26-branch/Source/WebCore/html/HTMLAppletElement.cpp (124065 => 124066)
--- branches/safari-536.26-branch/Source/WebCore/html/HTMLAppletElement.cpp 2012-07-30 18:44:44 UTC (rev 124065)
+++ branches/safari-536.26-branch/Source/WebCore/html/HTMLAppletElement.cpp 2012-07-30 18:46:58 UTC (rev 124066)
@@ -115,10 +115,11 @@
if (!canEmbedJava())
return 0;
+ if (!renderer() || !renderer()->isApplet())
+ return 0;
+
RenderApplet* applet = toRenderApplet(renderer());
- if (applet)
- applet->createWidgetIfNecessary();
-
+ applet->createWidgetIfNecessary();
return applet;
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes
