- Revision
- 115539
- Author
- [email protected]
- Date
- 2012-04-27 21:57:04 -0700 (Fri, 27 Apr 2012)
Log Message
Unreviewed, rolling out r115407.
http://trac.webkit.org/changeset/115407
https://bugs.webkit.org/show_bug.cgi?id=85126
Caused heap use after free (Requested by keishi_ on #webkit).
Patch by Sheriff Bot <[email protected]> on 2012-04-27
Source/WebCore:
* html/HTMLFormControlElement.cpp:
(WebCore::HTMLFormControlElement::HTMLFormControlElement):
(WebCore::HTMLFormControlElement::updateFieldSetAndLegendAncestor):
(WebCore::HTMLFormControlElement::insertedInto):
(WebCore::HTMLFormControlElement::removedFrom):
(WebCore::HTMLFormControlElement::disabled):
(WebCore::HTMLFormControlElement::recalcWillValidate):
(WebCore::HTMLFormControlElement::setNeedsWillValidateCheck):
* html/HTMLFormControlElement.h:
(HTMLFormControlElement):
LayoutTests:
* fast/forms/datalist/datalist-child-validation-expected.txt: Removed.
* fast/forms/datalist/datalist-child-validation.html: Removed.
Modified Paths
Removed Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (115538 => 115539)
--- trunk/LayoutTests/ChangeLog 2012-04-28 04:26:01 UTC (rev 115538)
+++ trunk/LayoutTests/ChangeLog 2012-04-28 04:57:04 UTC (rev 115539)
@@ -1,3 +1,14 @@
+2012-04-27 Sheriff Bot <[email protected]>
+
+ Unreviewed, rolling out r115407.
+ http://trac.webkit.org/changeset/115407
+ https://bugs.webkit.org/show_bug.cgi?id=85126
+
+ Caused heap use after free (Requested by keishi_ on #webkit).
+
+ * fast/forms/datalist/datalist-child-validation-expected.txt: Removed.
+ * fast/forms/datalist/datalist-child-validation.html: Removed.
+
2012-04-27 Kentaro Hara <[email protected]>
"Not enough arguments" error should be TypeError
Deleted: trunk/LayoutTests/fast/forms/datalist/datalist-child-validation-expected.txt (115538 => 115539)
--- trunk/LayoutTests/fast/forms/datalist/datalist-child-validation-expected.txt 2012-04-28 04:26:01 UTC (rev 115538)
+++ trunk/LayoutTests/fast/forms/datalist/datalist-child-validation-expected.txt 2012-04-28 04:57:04 UTC (rev 115539)
@@ -1,12 +0,0 @@
-Test for child elements of a datalist element.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS e.willValidate is false
-PASS e.willValidate is true
-PASS document.querySelector(":invalid") is e
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
Deleted: trunk/LayoutTests/fast/forms/datalist/datalist-child-validation.html (115538 => 115539)
--- trunk/LayoutTests/fast/forms/datalist/datalist-child-validation.html 2012-04-28 04:26:01 UTC (rev 115538)
+++ trunk/LayoutTests/fast/forms/datalist/datalist-child-validation.html 2012-04-28 04:57:04 UTC (rev 115539)
@@ -1,26 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<html>
-<head>
-<script src=""
-</head>
-<body>
-<p id="description"></p>
-<div id="console"></div>
-
-<datalist id="list">
- <input type=text id=e required>
-</datalist>
-
-<script>
-description('Test for child elements of a datalist element.');
-
-var e = document.getElementById('e');
-shouldBeFalse('e.willValidate');
-document.body.appendChild(e);
-shouldBeTrue('e.willValidate');
-shouldBe('document.querySelector(":invalid")', 'e');
-
-</script>
-<script src=""
-</body>
-</html>
Modified: trunk/Source/WebCore/ChangeLog (115538 => 115539)
--- trunk/Source/WebCore/ChangeLog 2012-04-28 04:26:01 UTC (rev 115538)
+++ trunk/Source/WebCore/ChangeLog 2012-04-28 04:57:04 UTC (rev 115539)
@@ -1,3 +1,22 @@
+2012-04-27 Sheriff Bot <[email protected]>
+
+ Unreviewed, rolling out r115407.
+ http://trac.webkit.org/changeset/115407
+ https://bugs.webkit.org/show_bug.cgi?id=85126
+
+ Caused heap use after free (Requested by keishi_ on #webkit).
+
+ * html/HTMLFormControlElement.cpp:
+ (WebCore::HTMLFormControlElement::HTMLFormControlElement):
+ (WebCore::HTMLFormControlElement::updateFieldSetAndLegendAncestor):
+ (WebCore::HTMLFormControlElement::insertedInto):
+ (WebCore::HTMLFormControlElement::removedFrom):
+ (WebCore::HTMLFormControlElement::disabled):
+ (WebCore::HTMLFormControlElement::recalcWillValidate):
+ (WebCore::HTMLFormControlElement::setNeedsWillValidateCheck):
+ * html/HTMLFormControlElement.h:
+ (HTMLFormControlElement):
+
2012-04-27 Kentaro Hara <[email protected]>
[JSC] Implement a helper method createNotEnoughArgumentsError()
Modified: trunk/Source/WebCore/html/HTMLFormControlElement.cpp (115538 => 115539)
--- trunk/Source/WebCore/html/HTMLFormControlElement.cpp 2012-04-28 04:26:01 UTC (rev 115538)
+++ trunk/Source/WebCore/html/HTMLFormControlElement.cpp 2012-04-28 04:57:04 UTC (rev 115539)
@@ -50,7 +50,7 @@
: LabelableElement(tagName, document)
, m_fieldSetAncestor(0)
, m_legendAncestor(0)
- , m_ancestorsValid(false)
+ , m_fieldSetAncestorValid(false)
, m_disabled(false)
, m_readOnly(false)
, m_required(false)
@@ -60,7 +60,6 @@
, m_isValid(true)
, m_wasChangedSinceLastFormControlChangeEvent(false)
, m_hasAutofocused(false)
- , m_hasDataListAncestor(false)
{
setForm(form ? form : findFormAncestor());
setHasCustomWillOrDidRecalcStyle();
@@ -101,22 +100,19 @@
return fastHasAttribute(formnovalidateAttr);
}
-void HTMLFormControlElement::updateAncestors() const
+void HTMLFormControlElement::updateFieldSetAndLegendAncestor() const
{
- m_hasDataListAncestor = false;
m_fieldSetAncestor = 0;
m_legendAncestor = 0;
for (ContainerNode* ancestor = parentNode(); ancestor; ancestor = ancestor->parentNode()) {
- if (!m_hasDataListAncestor && ancestor->hasTagName(datalistTag))
- m_hasDataListAncestor = true;
if (!m_legendAncestor && ancestor->hasTagName(legendTag))
m_legendAncestor = static_cast<HTMLLegendElement*>(ancestor);
- if (!m_fieldSetAncestor && ancestor->hasTagName(fieldsetTag))
+ if (ancestor->hasTagName(fieldsetTag)) {
m_fieldSetAncestor = static_cast<HTMLFieldSetElement*>(ancestor);
- if (m_hasDataListAncestor && m_fieldSetAncestor)
break;
+ }
}
- m_ancestorsValid = true;
+ m_fieldSetAncestorValid = true;
}
void HTMLFormControlElement::parseAttribute(Attribute* attr)
@@ -227,8 +223,6 @@
Node::InsertionNotificationRequest HTMLFormControlElement::insertedInto(Node* insertionPoint)
{
- m_ancestorsValid = false;
- setNeedsWillValidateCheck();
HTMLElement::insertedInto(insertionPoint);
FormAssociatedElement::insertedInto(insertionPoint);
return InsertionDone;
@@ -236,8 +230,7 @@
void HTMLFormControlElement::removedFrom(Node* insertionPoint)
{
- m_ancestorsValid = false;
- setNeedsWillValidateCheck();
+ m_fieldSetAncestorValid = false;
HTMLElement::removedFrom(insertionPoint);
FormAssociatedElement::removedFrom(insertionPoint);
}
@@ -280,8 +273,8 @@
if (m_disabled)
return true;
- if (!m_ancestorsValid)
- updateAncestors();
+ if (!m_fieldSetAncestorValid)
+ updateFieldSetAndLegendAncestor();
// Form controls in the first legend element inside a fieldset are not affected by fieldset.disabled.
if (m_fieldSetAncestor && m_fieldSetAncestor->disabled())
@@ -362,7 +355,7 @@
{
// FIXME: Should return false if this element has a datalist element as an
// ancestor. See HTML5 4.10.10 'The datalist element.'
- return !m_hasDataListAncestor && !m_disabled && !m_readOnly;
+ return !m_disabled && !m_readOnly;
}
bool HTMLFormControlElement::willValidate() const
@@ -381,9 +374,6 @@
void HTMLFormControlElement::setNeedsWillValidateCheck()
{
- if (!m_ancestorsValid)
- updateAncestors();
-
// We need to recalculate willValidate immediately because willValidate change can causes style change.
bool newWillValidate = recalcWillValidate();
if (m_willValidateInitialized && m_willValidate == newWillValidate)
Modified: trunk/Source/WebCore/html/HTMLFormControlElement.h (115538 => 115539)
--- trunk/Source/WebCore/html/HTMLFormControlElement.h 2012-04-28 04:26:01 UTC (rev 115538)
+++ trunk/Source/WebCore/html/HTMLFormControlElement.h 2012-04-28 04:57:04 UTC (rev 115539)
@@ -51,7 +51,7 @@
void setFormMethod(const String&);
bool formNoValidate() const;
- void updateAncestors() const;
+ void updateFieldSetAndLegendAncestor() const;
virtual void reset() { }
@@ -153,7 +153,7 @@
mutable HTMLFieldSetElement* m_fieldSetAncestor;
mutable HTMLLegendElement* m_legendAncestor;
OwnPtr<ValidationMessage> m_validationMessage;
- mutable bool m_ancestorsValid : 1;
+ mutable bool m_fieldSetAncestorValid : 1;
bool m_disabled : 1;
bool m_readOnly : 1;
bool m_required : 1;
@@ -172,7 +172,6 @@
bool m_wasChangedSinceLastFormControlChangeEvent : 1;
bool m_hasAutofocused : 1;
- mutable bool m_hasDataListAncestor : 1;
};
} // namespace
