https://bugs.webkit.org/show_bug.cgi?id=72354
authorantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 23 Nov 2011 18:33:59 +0000 (18:33 +0000)
committerantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 23 Nov 2011 18:33:59 +0000 (18:33 +0000)
commit9f079515462e4f43c755045f6d39290b76a05e1b
treeb48a1371e83cffb60f0e32137a4f1dfa9796fb2a
parent20d19bd3339c19da185b833dbff3f0339e5d2b37
https://bugs.webkit.org/show_bug.cgi?id=72354
Image pointer in FillLayer not cleared correctly

Reviewed by Dan Bernstein.

Source/WebCore:

Test: fast/css/fill-layer-crash.html

We should clear the image pointer too, not just the m_imageSet bit.

* rendering/style/FillLayer.h:
(WebCore::FillLayer::clearImage):

LayoutTests:

* fast/css/fill-layer-crash-expected.txt: Added.
* fast/css/fill-layer-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@101091 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/css/fill-layer-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/css/fill-layer-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/rendering/style/FillLayer.h