Diff
Modified: branches/safari-537.76-branch/Source/WebCore/ChangeLog (168101 => 168102)
--- branches/safari-537.76-branch/Source/WebCore/ChangeLog 2014-05-01 15:48:05 UTC (rev 168101)
+++ branches/safari-537.76-branch/Source/WebCore/ChangeLog 2014-05-01 15:55:00 UTC (rev 168102)
@@ -1,5 +1,24 @@
2014-05-01 Matthew Hanson <matthew_han...@apple.com>
+ Merge r167524.
+
+ 2014-04-18 Jon Honeycutt <jhoneyc...@apple.com>
+
+ Harden RenderInline::inlineElementContinuation()
+
+ <https://bugs.webkit.org/show_bug.cgi?id=131858>
+
+ Reviewed by Sam Weinig.
+
+ No new tests, as there are no known cases of this happening.
+
+ * rendering/RenderInline.cpp:
+ (WebCore::RenderInline::inlineElementContinuation):
+ Return nullptr if the continuation is neither a RenderInline nor a
+ RenderBlock.
+
+2014-05-01 Matthew Hanson <matthew_han...@apple.com>
+
Merge r167672.
2014-04-22 Brent Fulgham <bfulg...@apple.com>
Modified: branches/safari-537.76-branch/Source/WebCore/rendering/RenderInline.cpp (168101 => 168102)
--- branches/safari-537.76-branch/Source/WebCore/rendering/RenderInline.cpp 2014-05-01 15:48:05 UTC (rev 168101)
+++ branches/safari-537.76-branch/Source/WebCore/rendering/RenderInline.cpp 2014-05-01 15:55:00 UTC (rev 168102)
@@ -121,9 +121,13 @@
RenderInline* RenderInline::inlineElementContinuation() const
{
RenderBoxModelObject* continuation = this->continuation();
- if (!continuation || continuation->isRenderInline())
+ if (!continuation)
+ return nullptr;
+
+ if (continuation->isRenderInline())
return toRenderInline(continuation);
- return toRenderBlock(continuation)->inlineElementContinuation();
+
+ return continuation->isRenderBlock() ? toRenderBlock(continuation)->inlineElementContinuation() : nullptr;
}
void RenderInline::updateFromStyle()
_______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
