Added: trunk/LayoutTests/fast/text/crash-complex-text-surrogate.html (0 => 185095)
--- trunk/LayoutTests/fast/text/crash-complex-text-surrogate.html (rev 0)
+++ trunk/LayoutTests/fast/text/crash-complex-text-surrogate.html 2015-06-02 02:10:05 UTC (rev 185095)
@@ -0,0 +1,88 @@
+<!DOCTYPE html>
+<html id="webtest0">
+<head id="webtest1">
+<script id="webtest2" type="text/_javascript_">
+
+function boom()
+{
+ var y = document.createTextNode('Y');
+ document.body.insertBefore(y, document.getElementById("v").nextSibling);
+}
+
+</script>
+</head>
+
+<body class="wf_class0" id="webtest3" _onload_="boom();" style="-moz-column-count: 2; width: 10ch; letter-spacing: 1px; font-family: monospace;">
+This test passes if you can open the file without a crash.
+<div class="wf_class0" style="background: lightblue; float: right; height: 14em; width: 1ch;" id="v"></div>a bcd<span id="webtest4">‫X</span>
+</body>
+<script>
+function webtest_fn_1() {
+try {
+delete document.scripts[3].toString();
+} catch(e) {
+ document.write("Errlog webtest_fn_1: " + e.name + ": " + e.message + "<br><acronym></acronym>");
+}
+}
+webtest_fn_1();
+</script>
+<script>
+function webtest_fn_2() {
+var s = "{,}\ua888{0}\P{P}\\7H\\8";
+var f = "gi";
+document.write("s is: " +s + "<br> f is: " + f + "<br>");
+var r = new RegExp(s, f);
+document.forms[0].outerHTML.search(r);
+r.compile(s, f);
+document.getElementById("webtest1").outerHTML.match(r);
+document.styleSheets[3].outerHTML.replace(r, "replacement");
+r.test(s);
+r.exec(s);
+}
+webtest_fn_2();
+</script>
+<script>
+function webtest_fn_3() {
+try {
+var head = document.getElementsByTagName("head")[0];
+var style = document.createElement("style");
+style.innerHTML="#wf_class0 { \n\
+-webkit-animation-name: name1; \n\
+-webkit-animation-duration: 1s; \n\
+-webkit-animation: none; \n\
+-webkit-animation-delay: now; \n\
+} \n\
+@-webkit-keyframes name1 { \n\
+ from { \n\
+ -webkit-mask-size: -4096%; \n\
+ background-image: -webkit-cross-fade(url(VèUṒˣ빭ˇl⋄¹ʡdzÁǜʓ’ʘ޻뾮ű4ɍČŮIJǖ˙ñǿ˵ʱ㦦ȮLJɏ“.õȡ鉶Ť⨵­ˍ˜¯šƕƎ), url(text), 99%); \n\
+ } \n\
+ to { \n\
+ -webkit-mask-size: 32767in; \n\
+ background-image: none; \n\
+ } \n\
+} \n\
+";
+head.appendChild(style);
+} catch(e) {
+ document.write("Errlog webtest_fn_3: " + e.name + ": " + e.message + "<br><sub/>");
+}
+}
+webtest_fn_3();
+</script>
+<script>
+function webtest_fn_4() {
+try {
+var scroll_81 = document.createElement("bdo");
+scroll_81.setAttribute("id", "webtest8");
+document.querySelector("plaintext:first-of-type ~ *|:out-of-range").insertBefore(scroll_81, document.querySelector("plaintext:first-of-type ~ *|:out-of-range").childNodes[9]);
+scroll_81.setAttribute("style", "overflow: scroll");
+scroll_81.scrollLeft = 0;
+scroll_81.scrolltop = 0xffffffff;
+} catch(e) {
+ document.write("Errlog webtest_fn_4: " + e.name + ": " + e.message + "<br>");
+}
+}
+webtest_fn_4();
+</script>
+</html>
Added: trunk/LayoutTests/platform/mac/fast/text/crash-complex-text-surrogate-expected.txt (0 => 185095)
--- trunk/LayoutTests/platform/mac/fast/text/crash-complex-text-surrogate-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/mac/fast/text/crash-complex-text-surrogate-expected.txt 2015-06-02 02:10:05 UTC (rev 185095)
@@ -0,0 +1,60 @@
+CONSOLE MESSAGE: line 35: TypeError: undefined is not an object (evaluating 'document.forms[0].outerHTML')
+layer at (0,0) size 785x693
+ RenderView at (0,0) size 785x600
+layer at (0,0) size 785x693
+ RenderBlock {HTML} at (0,0) size 785x693
+ RenderBody {BODY} at (8,8) size 78x677
+ RenderText {#text} at (0,0) size 71x120
+ text run at (0,0) width 36: "This"
+ text run at (0,15) width 36: "test"
+ text run at (0,30) width 53: "passes"
+ text run at (0,45) width 53: "if you"
+ text run at (0,60) width 71: "can open"
+ text run at (0,75) width 71: "the file"
+ text run at (0,90) width 62: "without"
+ text run at (0,105) width 71: "a crash."
+ RenderBlock (floating) {DIV} at (70,120) size 8x182 [bgcolor=#ADD8E6]
+ RenderText {#text} at (0,120) size 9x15
+ text run at (0,120) width 9: "Y"
+ RenderText {#text} at (8,120) size 45x15
+ text run at (8,120) width 45: "a bcd"
+ RenderInline {SPAN} at (0,0) size 10x15
+ RenderText {#text} at (52,120) size 10x15
+ text run at (52,120) width 10: "\x{202B}X"
+ RenderText {#text} at (0,0) size 0x0
+ RenderText {#text} at (0,135) size 273x287
+ text run at (0,135) width 53: "Errlog"
+ text run at (0,302) width 115: "webtest_fn_1:"
+ text run at (0,317) width 89: "TypeError:"
+ text run at (0,332) width 80: "undefined"
+ text run at (0,347) width 53: "is not"
+ text run at (0,362) width 18: "an"
+ text run at (0,377) width 53: "object"
+ text run at (0,392) width 97: "(evaluating"
+ text run at (0,407) width 273: "'document.scripts[3].toString')"
+ RenderBR {BR} at (0,0) size 0x0
+ RenderInline {ACRONYM} at (0,0) size 0x0
+ RenderText {#text} at (0,0) size 0x0
+ RenderText {#text} at (0,422) size 115x45
+ text run at (0,422) width 45: "s is:"
+ text run at (0,437) width 27: "{,}"
+ text run at (0,452) width 115: "\x{A888}{0}P{P}\\7H\\8"
+ RenderBR {BR} at (0,0) size 0x0
+ RenderText {#text} at (0,467) size 71x15
+ text run at (0,467) width 71: "f is: gi"
+ RenderBR {BR} at (70,467) size 1x15
+ RenderText {#text} at (0,482) size 361x195
+ text run at (0,482) width 53: "Errlog"
+ text run at (0,497) width 115: "webtest_fn_4:"
+ text run at (0,512) width 89: "TypeError:"
+ text run at (0,527) width 62: "null is"
+ text run at (0,542) width 53: "not an"
+ text run at (0,557) width 53: "object"
+ text run at (0,572) width 97: "(evaluating"
+ text run at (0,587) width 361: "'document.querySelector(\"plaintext:first-"
+ text run at (0,602) width 62: "of-type"
+ text run at (0,617) width 9: "~"
+ text run at (0,632) width 62: "*|:out-"
+ text run at (0,647) width 27: "of-"
+ text run at (0,662) width 194: "range\").insertBefore')"
+ RenderBR {BR} at (0,0) size 0x0
