2008-03-03 Mark Rowe <mrowe@apple.com>
authormrowe@apple.com <mrowe@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 3 Mar 2008 22:43:57 +0000 (22:43 +0000)
committermrowe@apple.com <mrowe@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 3 Mar 2008 22:43:57 +0000 (22:43 +0000)
commitce7178a7db08ffaa064272d98f2f319adb38cf32
treea95082c9bfe75d7679662692317b5dc45fbfd9f5
parent7e48fa183375453863415f5c9fece2bdfb4a4b89
2008-03-03  Mark Rowe  <mrowe@apple.com>

        Reviewed by Dan Bernstein.

        Fix http://bugs.webkit.org/show_bug.cgi?id=17313
        Bug 17313: querySelectorAll() causing crashes when called via dojo.query() wrapper

        Node::querySelector and SelectorNodeList were not sufficiently initializing the CSSStyleSelector
        before using it to resolve styles, which lead to it having a stale m_style member in some situations.
        This stale m_style member resulted in a wild store that would write over whatever object now resided
        at the location m_style pointed to.

        Test: fast/dom/SelectorAPI/bug-17313.html

        * dom/Node.cpp:
        (WebCore::Node::querySelector): Call initForStyleResolve to further initialize the CSSStyleSelector.
        * dom/SelectorNodeList.cpp:
        (WebCore::SelectorNodeList::SelectorNodeList): Ditto.

2008-03-03  Mark Rowe  <mrowe@apple.com>

        Reviewed by Dan Bernstein.

        Test for http://bugs.webkit.org/show_bug.cgi?id=17313
        Bug 17313: querySelectorAll() causing crashes when called via dojo.query() wrapper

        * fast/dom/SelectorAPI/bug-17313-expected.txt: Added.
        * fast/dom/SelectorAPI/bug-17313.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@30722 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/dom/SelectorAPI/bug-17313-expected.txt [new file with mode: 0644]
LayoutTests/fast/dom/SelectorAPI/bug-17313.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/dom/Node.cpp
WebCore/dom/SelectorNodeList.cpp