[webkit-changes] [89595] trunk

[inferno]

Title: [89595] trunk

Revision

89595

Author

infe...@chromium.org

Date

2011-06-23 11:30:55 -0700 (Thu, 23 Jun 2011)

Log Message

2011-06-23  Abhishek Arya  <infe...@chromium.org>

        Reviewed by Adam Barth.

        Tests that we do not crash when doing a media query match.
        https://bugs.webkit.org/show_bug.cgi?id=63264

        * fast/css/media-query-evaluator-crash-expected.txt: Added.
        * fast/css/media-query-evaluator-crash.html: Added.
2011-06-23  Abhishek Arya  <infe...@chromium.org>

        Reviewed by Adam Barth.

        RefPtr m_style in MediaQueryEvaluator in case of callers like
        MediaQueryMatcher::prepareEvaluator that do not retain its reference.
        https://bugs.webkit.org/show_bug.cgi?id=63264

        Test: fast/css/media-query-evaluator-crash.html

        * css/MediaQueryEvaluator.cpp:
        (WebCore::MediaQueryEvaluator::eval):
        * css/MediaQueryEvaluator.h:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/css/MediaQueryEvaluator.cpp
• trunk/Source/WebCore/css/MediaQueryEvaluator.h

Added Paths

• trunk/LayoutTests/fast/css/media-query-evaluator-crash-expected.txt
• trunk/LayoutTests/fast/css/media-query-evaluator-crash.html

Diff

Modified: trunk/LayoutTests/ChangeLog (89594 => 89595)

--- trunk/LayoutTests/ChangeLog	2011-06-23 18:23:32 UTC (rev 89594)
+++ trunk/LayoutTests/ChangeLog	2011-06-23 18:30:55 UTC (rev 89595)
@@ -1,3 +1,13 @@
+2011-06-23  Abhishek Arya  <infe...@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Tests that we do not crash when doing a media query match.
+        https://bugs.webkit.org/show_bug.cgi?id=63264
+
+        * fast/css/media-query-evaluator-crash-expected.txt: Added.
+        * fast/css/media-query-evaluator-crash.html: Added.
+
 2011-06-23  Dan Bernstein  <m...@apple.com>
 
         Reviewed by Alexey Proskuryakov.

Added: trunk/LayoutTests/fast/css/media-query-evaluator-crash-expected.txt (0 => 89595)

--- trunk/LayoutTests/fast/css/media-query-evaluator-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/css/media-query-evaluator-crash-expected.txt	2011-06-23 18:30:55 UTC (rev 89595)
@@ -0,0 +1 @@
+Test passes if it does not crash. 

Added: trunk/LayoutTests/fast/css/media-query-evaluator-crash.html (0 => 89595)

--- trunk/LayoutTests/fast/css/media-query-evaluator-crash.html	                        (rev 0)
+++ trunk/LayoutTests/fast/css/media-query-evaluator-crash.html	2011-06-23 18:30:55 UTC (rev 89595)
@@ -0,0 +1,12 @@
+<html>
+Test passes if it does not crash.
+<iframe id="test"></iframe>
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+var iframe = document.getElementById("test");
+var obj = iframe.contentWindow.matchMedia("(min-width: 0em)");
+</script>
+</html>
+

Modified: trunk/Source/WebCore/ChangeLog (89594 => 89595)

--- trunk/Source/WebCore/ChangeLog	2011-06-23 18:23:32 UTC (rev 89594)
+++ trunk/Source/WebCore/ChangeLog	2011-06-23 18:30:55 UTC (rev 89595)
@@ -1,3 +1,17 @@
+2011-06-23  Abhishek Arya  <infe...@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        RefPtr m_style in MediaQueryEvaluator in case of callers like
+        MediaQueryMatcher::prepareEvaluator that do not retain its reference.
+        https://bugs.webkit.org/show_bug.cgi?id=63264
+
+        Test: fast/css/media-query-evaluator-crash.html
+
+        * css/MediaQueryEvaluator.cpp:
+        (WebCore::MediaQueryEvaluator::eval):
+        * css/MediaQueryEvaluator.h:
+
 2011-06-23  Jungshik Shin  <js...@chromium.org>
 
         Reviewed by Alexey Proskuryakov.

Modified: trunk/Source/WebCore/css/MediaQueryEvaluator.cpp (89594 => 89595)

--- trunk/Source/WebCore/css/MediaQueryEvaluator.cpp	2011-06-23 18:23:32 UTC (rev 89594)
+++ trunk/Source/WebCore/css/MediaQueryEvaluator.cpp	2011-06-23 18:30:55 UTC (rev 89595)
@@ -532,7 +532,7 @@
     // used
     EvalFunc func = gFunctionMap->get(expr->mediaFeature().impl());
     if (func)
-        return func(expr->value(), m_style, m_frame, NoPrefix);
+        return func(expr->value(), m_style.get(), m_frame, NoPrefix);
 
     return false;
 }

Modified: trunk/Source/WebCore/css/MediaQueryEvaluator.h (89594 => 89595)

--- trunk/Source/WebCore/css/MediaQueryEvaluator.h	2011-06-23 18:23:32 UTC (rev 89594)
+++ trunk/Source/WebCore/css/MediaQueryEvaluator.h	2011-06-23 18:30:55 UTC (rev 89595)
@@ -83,7 +83,7 @@
 private:
     String m_mediaType;
     Frame* m_frame; // not owned
-    RenderStyle* m_style; // not owned
+    RefPtr<RenderStyle> m_style;
     bool m_expResult;
 };
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes