<rdar://problem/8478160> Null deref in InlineBox::height()
authormitz@apple.com <mitz@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 25 Sep 2010 17:34:01 +0000 (17:34 +0000)
committermitz@apple.com <mitz@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 25 Sep 2010 17:34:01 +0000 (17:34 +0000)
https://bugs.webkit.org/show_bug.cgi?id=45344

Reviewed by John Sullivan.

WebCore:

Test: fast/css/first-line-parent-style-different.html

* rendering/RenderObject.cpp:
(WebCore::RenderObject::firstLineStyleSlowCase): Set the pseudo style bit on the RenderStyle
which is going to supply the first-line style rather than on this object’s RenderStyle. The
styles may differ.

LayoutTests:

* fast/css/first-line-parent-style-different-expected.txt: Added.
* fast/css/first-line-parent-style-different.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@68335 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/css/first-line-parent-style-different-expected.txt [new file with mode: 0644]
LayoutTests/fast/css/first-line-parent-style-different.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/rendering/RenderObject.cpp

index 27851af..6c82566 100644 (file)
@@ -1,3 +1,13 @@
+2010-09-25  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by John Sullivan.
+
+        <rdar://problem/8478160> Null deref in InlineBox::height()
+        https://bugs.webkit.org/show_bug.cgi?id=45344
+
+        * fast/css/first-line-parent-style-different-expected.txt: Added.
+        * fast/css/first-line-parent-style-different.html: Added.
+
 2010-09-25  Andreas Kling  <andreas.kling@nokia.com>
 
         Unreviewed, Qt rebaseline after r68331 which fixed dash offset rendering.
diff --git a/LayoutTests/fast/css/first-line-parent-style-different-expected.txt b/LayoutTests/fast/css/first-line-parent-style-different-expected.txt
new file mode 100644 (file)
index 0000000..d898c3e
--- /dev/null
@@ -0,0 +1,7 @@
+Test for https://bugs.webkit.org/show_bug.cgi?id=45344 Null deref in InlineBox::height().
+
+This test should not crash.
+
+
+
+
diff --git a/LayoutTests/fast/css/first-line-parent-style-different.html b/LayoutTests/fast/css/first-line-parent-style-different.html
new file mode 100644 (file)
index 0000000..9907ba5
--- /dev/null
@@ -0,0 +1,20 @@
+<style>
+    #dummy:nth-child(3) { }
+    #container:first-line { color: blue; }
+</style>
+<p>
+    Test for <i><a href="https://bugs.webkit.org/show_bug.cgi?id=45344">https://bugs.webkit.org/show_bug.cgi?id=45344</a>
+    Null deref in InlineBox::height()</i>.
+</p>
+<p>
+    This test should not crash.
+</p>
+<div contentEditable>
+    <img id="dummy">
+    <div id="container"><span id="target"><br></span></div>
+</div>
+<script>
+    if (window.layoutTestController)
+        layoutTestController.dumpAsText();
+    document.getElementById("container").parentNode.focus();
+</script>
index 54d6310..b4a75aa 100644 (file)
@@ -2,6 +2,20 @@
 
         Reviewed by John Sullivan.
 
+        <rdar://problem/8478160> Null deref in InlineBox::height()
+        https://bugs.webkit.org/show_bug.cgi?id=45344
+
+        Test: fast/css/first-line-parent-style-different.html
+
+        * rendering/RenderObject.cpp:
+        (WebCore::RenderObject::firstLineStyleSlowCase): Set the pseudo style bit on the RenderStyle
+        which is going to supply the first-line style rather than on this object’s RenderStyle. The
+        styles may differ.
+
+2010-09-25  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by John Sullivan.
+
         <rdar://problem/8478182> Make canHyphenate() return false for unsupported locales
 
         No change in functionality, hence no new test.
index 9a60ea6..fd0b394 100644 (file)
@@ -2342,7 +2342,7 @@ RenderStyle* RenderObject::firstLineStyleSlowCase() const
         RenderStyle* parentStyle = renderer->parent()->firstLineStyle();
         if (parentStyle != renderer->parent()->style()) {
             // A first-line style is in effect. Cache a first-line style for ourselves.
-            style->setHasPseudoStyle(FIRST_LINE_INHERITED);
+            renderer->style()->setHasPseudoStyle(FIRST_LINE_INHERITED);
             style = renderer->getCachedPseudoStyle(FIRST_LINE_INHERITED, parentStyle);
         }
     }