RenderQuote corrupts doubly linked list on insertion before head of list
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 11 Aug 2012 01:49:14 +0000 (01:49 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 11 Aug 2012 01:49:14 +0000 (01:49 +0000)
commit1ceb45647dec06b76027b89980c915e2d9de25ab
tree19259a77365ec28ad6902413ac9c798626c667bc
parent08d2c6c8ec2514603dc895da71903ae790f96a18
RenderQuote corrupts doubly linked list on insertion before head of list
https://bugs.webkit.org/show_bug.cgi?id=93750

Patch by Elliott Sprehn <esprehn@gmail.com> on 2012-08-10
Reviewed by Abhishek Arya.

Source/WebCore:

Fix bug where moving a RenderQuote instance before the first one in
the document would not update the m_previous pointer of the original
first RenderQuote to point back at the new one.

Test: fast/css-generated-content/quote-crash-93750.html

* rendering/RenderQuote.cpp:
(WebCore::RenderQuote::attachQuote):

LayoutTests:

Test for moving around RenderQuote nodes before each other in an
existing document to catch corruption in the linked list of RenderQuote.

* fast/css-generated-content/quote-crash-93750-expected.txt: Added.
* fast/css-generated-content/quote-crash-93750.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@125343 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/css-generated-content/quote-crash-93750-expected.txt [new file with mode: 0644]
LayoutTests/fast/css-generated-content/quote-crash-93750.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/rendering/RenderQuote.cpp