Crash when encountering <object style="resize:both;">
[WebKit-https.git] / Source / WebCore / ChangeLog
index cca06deeb90215c6e2998f633cbc8f83411278ee..1fb8d4bb4c1b1559fbdb750e0ef7912a9c2028b1 100644 (file)
@@ -1,3 +1,20 @@
+2013-02-13  Christian Biesinger  <cbiesinger@chromium.org>
+
+        Crash when encountering <object style="resize:both;">
+        https://bugs.webkit.org/show_bug.cgi?id=109728
+
+        See also https://code.google.com/p/chromium/issues/detail?id=175535
+        This bug can be reproduced on
+        http://dramalink.net/tudou.y/?xink=162601060
+
+        Reviewed by Eric Seidel.
+
+        Test: fast/css/resize-object-crash.html
+
+        * rendering/RenderWidget.cpp:
+        (WebCore::RenderWidget::paint):
+        Only call paintResizer() if we have a layer and canResize() is true
+
 2013-02-13  Arko Saha  <arko@motorola.com>
 
         [Microdata] HTMLPropertiesCollection code cleanup