git://git.webkit.org / WebKit-https.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a9ee566) | patch
Bad cast from CSSInitialValue to CSSValueList
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 21 Sep 2013 04:13:52 +0000 (04:13 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 21 Sep 2013 04:13:52 +0000 (04:13 +0000)
commit1b97c5ced92f6e5922ed42460de95d02182817d3
tree0b9766e11b0d36a676ff6359bf81d75d4ae16ab1tree | snapshot
parenta9ee566edd00fa2149474b2d7d5dd6bce2ebcd75commit | diff
Bad cast from CSSInitialValue to CSSValueList
https://bugs.webkit.org/show_bug.cgi?id=121729

Source/WebCore:

Reviewed by Beth Dakin.

Merge https://chromium.googlesource.com/chromium/blink/+/fcfaa51f9207b32cffe751c1a1380a921e464cbb

The issue was that we would cast to CSSValueList without checking
the type of the CSSValue. After this change, we use the ASSERT'ing
cast and explicitly check the type of the CSSValue before the cast.

Test: fast/css/crash-inherit-value-font-family.html

* css/CSSParser.cpp:
(WebCore::CSSParser::parseFontFaceValue):

LayoutTests:

Reviewed by Beth Dakin.

Add a regression test. This is not a merge since the test in the Blink change involves
superfluous execCommand calls.

* fast/css/crash-inherit-value-font-family-expected.txt: Added.
* fast/css/crash-inherit-value-font-family.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@156222 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog diff | blob | history
LayoutTests/fast/css/crash-inherit-value-font-family-expected.txt [new file with mode: 0644] blob
LayoutTests/fast/css/crash-inherit-value-font-family.html [new file with mode: 0644] blob
Source/WebCore/ChangeLog diff | blob | history
Source/WebCore/css/CSSParser.cpp diff | blob | history
Mirror of the WebKit open source project from svn.webkit.org.