Skip to site navigation (Press enter)

[webkit-changes] [93382] trunk

tkent Thu, 18 Aug 2011 19:44:33 -0700

Title: [93382] trunk

Revision: 93382
Author: [email protected]
Date: 2011-08-18 18:33:07 -0700 (Thu, 18 Aug 2011)

Log Message

REGRESSION(r90971): Null pointer dereference with placeholder and webkit-scrollbar-corner
https://bugs.webkit.org/show_bug.cgi?id=66453


Reviewed by Simon Fraser.

Source/WebCore:

Test: fast/forms/placeholder-crash-with-scrollbar-corner.html

* rendering/RenderObjectChildList.cpp:
(WebCore::RenderObjectChildList::removeChildNode): Add a NULL check for owner's layer.

LayoutTests:

* fast/forms/placeholder-crash-with-scrollbar-corner-expected.txt: Added.
* fast/forms/placeholder-crash-with-scrollbar-corner.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/rendering/RenderObjectChildList.cpp

Added Paths

trunk/LayoutTests/fast/forms/placeholder-crash-with-scrollbar-corner-expected.txt
trunk/LayoutTests/fast/forms/placeholder-crash-with-scrollbar-corner.html

Diff

Modified: trunk/LayoutTests/ChangeLog (93381 => 93382)


--- trunk/LayoutTests/ChangeLog	2011-08-19 01:17:22 UTC (rev 93381)
+++ trunk/LayoutTests/ChangeLog	2011-08-19 01:33:07 UTC (rev 93382)
@@ -1,3 +1,13 @@
+2011-08-18  Kent Tamura  <[email protected]>
+
+        REGRESSION(r90971): Null pointer dereference with placeholder and webkit-scrollbar-corner
+        https://bugs.webkit.org/show_bug.cgi?id=66453
+
+        Reviewed by Simon Fraser.
+
+        * fast/forms/placeholder-crash-with-scrollbar-corner-expected.txt: Added.
+        * fast/forms/placeholder-crash-with-scrollbar-corner.html: Added.
+
 2011-08-18  Tony Chang  <[email protected]>
 
         [chromium] Fix results.  Just copy over the platform independent results.

Added: trunk/LayoutTests/fast/forms/placeholder-crash-with-scrollbar-corner-expected.txt (0 => 93382)


--- trunk/LayoutTests/fast/forms/placeholder-crash-with-scrollbar-corner-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/forms/placeholder-crash-with-scrollbar-corner-expected.txt	2011-08-19 01:33:07 UTC (rev 93382)
@@ -0,0 +1,3 @@
+Focus on the input and hit Escape and see if the browser crashes.
+
+PASS (not crashed)

Added: trunk/LayoutTests/fast/forms/placeholder-crash-with-scrollbar-corner.html (0 => 93382)


--- trunk/LayoutTests/fast/forms/placeholder-crash-with-scrollbar-corner.html	                        (rev 0)
+++ trunk/LayoutTests/fast/forms/placeholder-crash-with-scrollbar-corner.html	2011-08-19 01:33:07 UTC (rev 93382)
@@ -0,0 +1,26 @@
+<style>
+::-webkit-scrollbar-corner {
+    color: Red;
+}
+</style>
+<p>Focus on the input and hit Escape and see if the browser crashes.</p>
+<input placeholder="foo" id=i>
+<div id=console></div>
+<script>
+document.getElementById('i').addEventListener("keydown", function() {
+    this.style.display = "none";
+    document.getElementById('console').innerText = 'PASS (not crashed)';
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+});
+
+if (window.layoutTestController && window.eventSender) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+    setTimeout(function() {
+        document.getElementById('i').focus();
+        eventSender.keyDown('a');
+    }, 0);
+}
+
+</script>

Modified: trunk/Source/WebCore/ChangeLog (93381 => 93382)


--- trunk/Source/WebCore/ChangeLog	2011-08-19 01:17:22 UTC (rev 93381)
+++ trunk/Source/WebCore/ChangeLog	2011-08-19 01:33:07 UTC (rev 93382)
@@ -1,3 +1,15 @@
+2011-08-18  Kent Tamura  <[email protected]>
+
+        REGRESSION(r90971): Null pointer dereference with placeholder and webkit-scrollbar-corner
+        https://bugs.webkit.org/show_bug.cgi?id=66453
+
+        Reviewed by Simon Fraser.
+
+        Test: fast/forms/placeholder-crash-with-scrollbar-corner.html
+
+        * rendering/RenderObjectChildList.cpp:
+        (WebCore::RenderObjectChildList::removeChildNode): Add a NULL check for owner's layer.
+
 2011-08-18  Jeffrey Pfau  <[email protected]>
 
         New XML parser: scripting support

Modified: trunk/Source/WebCore/rendering/RenderObjectChildList.cpp (93381 => 93382)


--- trunk/Source/WebCore/rendering/RenderObjectChildList.cpp	2011-08-19 01:17:22 UTC (rev 93381)
+++ trunk/Source/WebCore/rendering/RenderObjectChildList.cpp	2011-08-19 01:33:07 UTC (rev 93382)
@@ -85,8 +85,8 @@
         // if we remove visible child from an invisible parent, we don't know the layer visibility any more
         RenderLayer* layer = 0;
         if (owner->style()->visibility() != VISIBLE && oldChild->style()->visibility() == VISIBLE && !oldChild->hasLayer()) {
-            layer = owner->enclosingLayer();
-            layer->dirtyVisibleContentStatus();
+            if ((layer = owner->enclosingLayer()))
+                layer->dirtyVisibleContentStatus();
         }
 
          // Keep our layer hierarchy updated.

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes