Image should not be re-registered if m_form already exists. This leads to an assertio...
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 6 Jan 2016 00:00:33 +0000 (00:00 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 6 Jan 2016 00:00:33 +0000 (00:00 +0000)
https://bugs.webkit.org/show_bug.cgi?id=152741
<rdar://problem/24030778>

Patch by Pranjal Jumde <pjumde@apple.com> on 2016-01-05
Reviewed by Brent Fulgham.

Source/WebCore:

* Source/WebCore/html/HTMLImageElement.cpp:
  Node::InsertionNotificationRequest HTMLImageElement::insertedInto(ContainerNode& insertionPoint)

LayoutTests:

* LayoutTests/fast/html/form-registerimg-multiple-crash-expected.txt: Added.
* LayoutTests/fast/html/form-registerimg-multiple-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@194617 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/html/form-registerimg-multiple-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/html/form-registerimg-multiple-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/html/HTMLImageElement.cpp

index e9376c6..4ab458d 100644 (file)
@@ -1,3 +1,14 @@
+2016-01-05  Pranjal Jumde  <pjumde@apple.com>
+
+        Image should not be re-registered if m_form already exists. This leads to an assertion failure.
+        https://bugs.webkit.org/show_bug.cgi?id=152741
+        <rdar://problem/24030778>
+
+        Reviewed by Brent Fulgham.
+
+        * LayoutTests/fast/html/form-registerimg-multiple-crash-expected.txt: Added.
+        * LayoutTests/fast/html/form-registerimg-multiple-crash.html: Added.
+
 2016-01-05  Commit Queue  <commit-queue@webkit.org>
 
         Unreviewed, rolling out r194603.
diff --git a/LayoutTests/fast/html/form-registerimg-multiple-crash-expected.txt b/LayoutTests/fast/html/form-registerimg-multiple-crash-expected.txt
new file mode 100644 (file)
index 0000000..6aecf68
--- /dev/null
@@ -0,0 +1,3 @@
+
+
+Test passes if no crash on ASSERT.
diff --git a/LayoutTests/fast/html/form-registerimg-multiple-crash.html b/LayoutTests/fast/html/form-registerimg-multiple-crash.html
new file mode 100644 (file)
index 0000000..62e8cd8
--- /dev/null
@@ -0,0 +1,12 @@
+<form id="w">
+    <img src="x">
+</form>
+Test passes if no crash on ASSERT.
+<script>
+if (window.testRunner)
+       testRunner.dumpAsText();
+
+var form = document.getElementById("w");
+clone = form.cloneNode(true);
+form.appendChild(clone);
+</script>
index 952cf21..84e24fa 100644 (file)
@@ -1,3 +1,14 @@
+2016-01-05  Pranjal Jumde  <pjumde@apple.com>
+
+        Image should not be re-registered if m_form already exists. This leads to an assertion failure.
+        https://bugs.webkit.org/show_bug.cgi?id=152741
+        <rdar://problem/24030778>
+
+        Reviewed by Brent Fulgham.
+
+        * Source/WebCore/html/HTMLImageElement.cpp:
+          Node::InsertionNotificationRequest HTMLImageElement::insertedInto(ContainerNode& insertionPoint)
+
 2016-01-05  Simon Fraser  <simon.fraser@apple.com>
 
         Adjust tile coverage with margin tiles, and tidy up the indicator
index 7fb893e..b611f07 100644 (file)
@@ -298,14 +298,14 @@ Node::InsertionNotificationRequest HTMLImageElement::insertedInto(ContainerNode&
     if (m_formSetByParser) {
         m_form = m_formSetByParser;
         m_formSetByParser = nullptr;
+        m_form->registerImgElement(this);
     }
 
-    if (!m_form)
+    if (!m_form) {
         m_form = HTMLFormElement::findClosestFormAncestor(*this);
-
-    if (m_form)
-        m_form->registerImgElement(this);
-
+        if (m_form)
+            m_form->registerImgElement(this);
+    }
     // Insert needs to complete first, before we start updating the loader. Loader dispatches events which could result
     // in callbacks back to this node.
     Node::InsertionNotificationRequest insertNotificationRequest = HTMLElement::insertedInto(insertionPoint);