Skip to site navigation (Press enter)

[webkit-changes] [158155] branches/safari-537.73-branch

lforschler Mon, 28 Oct 2013 19:07:11 -0700

Title: [158155] branches/safari-537.73-branch

Revision: 158155
Author: [email protected]
Date: 2013-10-28 19:07:53 -0700 (Mon, 28 Oct 2013)

Log Message

Merged r156222.  <rdar://problem/15168254>


Modified Paths

branches/safari-537.73-branch/LayoutTests/ChangeLog
branches/safari-537.73-branch/Source/WebCore/ChangeLog
branches/safari-537.73-branch/Source/WebCore/css/CSSParser.cpp


Added Paths

branches/safari-537.73-branch/LayoutTests/fast/css/crash-inherit-value-font-family-expected.txt
branches/safari-537.73-branch/LayoutTests/fast/css/crash-inherit-value-font-family.html

Diff

Modified: branches/safari-537.73-branch/LayoutTests/ChangeLog (158154 => 158155)


--- branches/safari-537.73-branch/LayoutTests/ChangeLog	2013-10-29 02:05:02 UTC (rev 158154)
+++ branches/safari-537.73-branch/LayoutTests/ChangeLog	2013-10-29 02:07:53 UTC (rev 158155)
@@ -1,5 +1,22 @@
 2013-10-28  Lucas Forschler  <[email protected]>
 
+        Merge r156222
+
+    2013-09-20  Ryosuke Niwa  <[email protected]>
+
+            Bad cast from CSSInitialValue to CSSValueList
+            https://bugs.webkit.org/show_bug.cgi?id=121729
+
+            Reviewed by Beth Dakin.
+
+            Add a regression test. This is not a merge since the test in the Blink change involves
+            superfluous execCommand calls.
+
+            * fast/css/crash-inherit-value-font-family-expected.txt: Added.
+            * fast/css/crash-inherit-value-font-family.html: Added.
+
+2013-10-28  Lucas Forschler  <[email protected]>
+
         Merge r157231
 
     2013-10-09  Chris Fleizach  <[email protected]>

Copied: branches/safari-537.73-branch/LayoutTests/fast/css/crash-inherit-value-font-family-expected.txt (from rev 156222, trunk/LayoutTests/fast/css/crash-inherit-value-font-family-expected.txt) (0 => 158155)


--- branches/safari-537.73-branch/LayoutTests/fast/css/crash-inherit-value-font-family-expected.txt	                        (rev 0)
+++ branches/safari-537.73-branch/LayoutTests/fast/css/crash-inherit-value-font-family-expected.txt	2013-10-29 02:07:53 UTC (rev 158155)
@@ -0,0 +1,3 @@
+WebKit shouldn't crash on font face values "initial" and "inherit". You should see PASS below.
+
+PASS

Copied: branches/safari-537.73-branch/LayoutTests/fast/css/crash-inherit-value-font-family.html (from rev 156222, trunk/LayoutTests/fast/css/crash-inherit-value-font-family.html) (0 => 158155)


--- branches/safari-537.73-branch/LayoutTests/fast/css/crash-inherit-value-font-family.html	                        (rev 0)
+++ branches/safari-537.73-branch/LayoutTests/fast/css/crash-inherit-value-font-family.html	2013-10-29 02:07:53 UTC (rev 158155)
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<body>
+<p>WebKit shouldn't crash on font face values "initial" and "inherit". You should see PASS below.</p>
+<font face="inherit"></font>
+<font face="initial"></font>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+document.write('PASS');
+</script>
+</body>
+</html>

Modified: branches/safari-537.73-branch/Source/WebCore/ChangeLog (158154 => 158155)


--- branches/safari-537.73-branch/Source/WebCore/ChangeLog	2013-10-29 02:05:02 UTC (rev 158154)
+++ branches/safari-537.73-branch/Source/WebCore/ChangeLog	2013-10-29 02:07:53 UTC (rev 158155)
@@ -1,5 +1,27 @@
 2013-10-28  Lucas Forschler  <[email protected]>
 
+        Merge r156222
+
+    2013-09-20  Ryosuke Niwa  <[email protected]>
+
+            Bad cast from CSSInitialValue to CSSValueList
+            https://bugs.webkit.org/show_bug.cgi?id=121729
+
+            Reviewed by Beth Dakin.
+
+            Merge https://chromium.googlesource.com/chromium/blink/+/fcfaa51f9207b32cffe751c1a1380a921e464cbb
+
+            The issue was that we would cast to CSSValueList without checking
+            the type of the CSSValue. After this change, we use the ASSERT'ing
+            cast and explicitly check the type of the CSSValue before the cast.
+
+            Test: fast/css/crash-inherit-value-font-family.html
+
+            * css/CSSParser.cpp:
+            (WebCore::CSSParser::parseFontFaceValue):
+
+2013-10-28  Lucas Forschler  <[email protected]>
+
         Merge r157231
 
     2013-10-09  Chris Fleizach  <[email protected]>

Modified: branches/safari-537.73-branch/Source/WebCore/css/CSSParser.cpp (158154 => 158155)


--- branches/safari-537.73-branch/Source/WebCore/css/CSSParser.cpp	2013-10-29 02:05:02 UTC (rev 158154)
+++ branches/safari-537.73-branch/Source/WebCore/css/CSSParser.cpp	2013-10-29 02:07:53 UTC (rev 158155)
@@ -1288,7 +1288,11 @@
     RefPtr<MutableStylePropertySet> dummyStyle = MutableStylePropertySet::create();
     if (!parseValue(dummyStyle.get(), CSSPropertyFontFamily, string, false, CSSQuirksMode, 0))
         return 0;
-    return static_pointer_cast<CSSValueList>(dummyStyle->getPropertyCSSValue(CSSPropertyFontFamily));
+
+    RefPtr<CSSValue> fontFamily = dummyStyle->getPropertyCSSValue(CSSPropertyFontFamily);
+    if (!fontFamily->isValueList())
+        return 0; // FIXME: "initial" and "inherit" should be parsed as font names in the face attribute.
+    return static_pointer_cast<CSSValueList>(fontFamily.release());
 }
 
 #if ENABLE(CSS_VARIABLES)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes