Null dereference loading Blink layout test fast/css/background-repeat-null-y-crash...
authorjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 3 Nov 2015 05:35:35 +0000 (05:35 +0000)
committerjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 3 Nov 2015 05:35:35 +0000 (05:35 +0000)
commit9d832f4bcfeb4b0fcc7ddb821e7cae80e27a4e39
treec0a2df92043a81bc37ae8c26e411cf8a3d32bfa2
parentb40f9982a985c51e826785d0b99a6f8e63c5d9af
Null dereference loading Blink layout test fast/css/background-repeat-null-y-crash.html
https://bugs.webkit.org/show_bug.cgi?id=150211
<rdar://problem/23137321>

Reviewed by Alex Christensen.

Source/WebCore:

This is a merge of Blink r188842:
https://codereview.chromium.org/846933002

By setting the backgroundRepeatY property to null it can
happen that accessing that CSS value returns a null pointer.
In that case simply bail out early.

Test: fast/css/background-repeat-null-y-crash.html

* css/StyleProperties.cpp:
(WebCore::StyleProperties::getLayeredShorthandValue):

LayoutTests:

* fast/css/background-repeat-null-y-crash-expected.txt: Added.
* fast/css/background-repeat-null-y-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@191938 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/css/background-repeat-null-y-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/css/background-repeat-null-y-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/css/StyleProperties.cpp