Title: [114677] trunk
- Revision
- 114677
- Author
- [email protected]
- Date
- 2012-04-19 15:00:09 -0700 (Thu, 19 Apr 2012)
Log Message
Fix null-pointer dereference in ApplyPropertyZoom::applyValue().
https://bugs.webkit.org/show_bug.cgi?id=84279
Reviewed by Simon Fraser.
Source/WebCore:
Test: fast/css/zoom-on-unattached.html
* css/CSSStyleApplyProperty.cpp:
(WebCore::ApplyPropertyZoom::applyValue):
LayoutTests:
* fast/css/zoom-on-unattached-expected.txt: Added.
* fast/css/zoom-on-unattached.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (114676 => 114677)
--- trunk/LayoutTests/ChangeLog 2012-04-19 21:56:59 UTC (rev 114676)
+++ trunk/LayoutTests/ChangeLog 2012-04-19 22:00:09 UTC (rev 114677)
@@ -1,3 +1,13 @@
+2012-04-19 Luke Macpherson <[email protected]>
+
+ Fix null-pointer dereference in ApplyPropertyZoom::applyValue().
+ https://bugs.webkit.org/show_bug.cgi?id=84279
+
+ Reviewed by Simon Fraser.
+
+ * fast/css/zoom-on-unattached-expected.txt: Added.
+ * fast/css/zoom-on-unattached.html: Added.
+
2012-04-19 Jer Noble <[email protected]>
REGRESSION (r114666): fast/ruby/floating-ruby-text.html, fast/ruby/positioned-ruby-text.html failing on Lion Release (Tests)
Added: trunk/LayoutTests/fast/css/zoom-on-unattached-expected.txt (0 => 114677)
--- trunk/LayoutTests/fast/css/zoom-on-unattached-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/css/zoom-on-unattached-expected.txt 2012-04-19 22:00:09 UTC (rev 114677)
@@ -0,0 +1 @@
+This test passes if it does not crash.
Added: trunk/LayoutTests/fast/css/zoom-on-unattached.html (0 => 114677)
--- trunk/LayoutTests/fast/css/zoom-on-unattached.html (rev 0)
+++ trunk/LayoutTests/fast/css/zoom-on-unattached.html 2012-04-19 22:00:09 UTC (rev 114677)
@@ -0,0 +1,15 @@
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+root = document.createElement("body");
+d = document.implementation.createDocument();
+d.adoptNode(root);
+node = document.createElement("title");
+root.appendChild(node);
+node.setAttribute("style", "zoom:document;")
+node.appendChild(node.cloneNode());
+</script>
+<body>
+This test passes if it does not crash.
+</body>
Modified: trunk/Source/WebCore/ChangeLog (114676 => 114677)
--- trunk/Source/WebCore/ChangeLog 2012-04-19 21:56:59 UTC (rev 114676)
+++ trunk/Source/WebCore/ChangeLog 2012-04-19 22:00:09 UTC (rev 114677)
@@ -1,5 +1,17 @@
2012-04-19 Luke Macpherson <[email protected]>
+ Fix null-pointer dereference in ApplyPropertyZoom::applyValue().
+ https://bugs.webkit.org/show_bug.cgi?id=84279
+
+ Reviewed by Simon Fraser.
+
+ Test: fast/css/zoom-on-unattached.html
+
+ * css/CSSStyleApplyProperty.cpp:
+ (WebCore::ApplyPropertyZoom::applyValue):
+
+2012-04-19 Luke Macpherson <[email protected]>
+
Clean up list iteration in MediaQueryExp constructor (avoid unnecessary calls to current()).
https://bugs.webkit.org/show_bug.cgi?id=84369
Modified: trunk/Source/WebCore/css/CSSStyleApplyProperty.cpp (114676 => 114677)
--- trunk/Source/WebCore/css/CSSStyleApplyProperty.cpp 2012-04-19 21:56:59 UTC (rev 114676)
+++ trunk/Source/WebCore/css/CSSStyleApplyProperty.cpp 2012-04-19 22:00:09 UTC (rev 114677)
@@ -1637,7 +1637,7 @@
selector->setEffectiveZoom(RenderStyle::initialZoom());
selector->setZoom(RenderStyle::initialZoom());
} else if (primitiveValue->getIdent() == CSSValueDocument) {
- float docZoom = selector->document()->renderer()->style()->zoom();
+ float docZoom = selector->rootElementStyle() ? selector->rootElementStyle()->zoom() : RenderStyle::initialZoom();
selector->setEffectiveZoom(docZoom);
selector->setZoom(docZoom);
} else if (primitiveValue->isPercentage()) {
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
