WebCore:
authorggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 21 Feb 2008 18:09:48 +0000 (18:09 +0000)
committerggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 21 Feb 2008 18:09:48 +0000 (18:09 +0000)
        Reviewed by David Harrison.

        Fixed <rdar://problem/5756125> REGRESSION: A crash occurs at
        WebCore::Frame::scriptProxy() when completing a search with Package Tracker widget

        Test: fast/dom/script-element-without-frame-crash.html

        * html/HTMLTokenizer.cpp:
        (WebCore::HTMLTokenizer::parseTag): Added back a NULL check that was
        accidentally removed in r30325.

LayoutTests:

        Reviewed by David Harrison.

        Test for <rdar://problem/5756125> REGRESSION: A crash occurs at
        WebCore::Frame::scriptProxy() when completing a search with Package Tracker widget

        * fast/dom/script-element-without-frame-crash-expected.txt: Added.
        * fast/dom/script-element-without-frame-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@30458 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/dom/script-element-without-frame-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/dom/script-element-without-frame-crash.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/html/HTMLTokenizer.cpp

index 15e4450d4548b7bd88c43e2c38b3d86ab2e2710f..a965dd3fcc800021c9418f3041ba89da8c1e3c11 100644 (file)
@@ -1,3 +1,13 @@
+2008-02-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by David Harrison.
+        
+        Test for <rdar://problem/5756125> REGRESSION: A crash occurs at
+        WebCore::Frame::scriptProxy() when completing a search with Package Tracker widget
+
+        * fast/dom/script-element-without-frame-crash-expected.txt: Added.
+        * fast/dom/script-element-without-frame-crash.html: Added.
+
 2008-02-20  Sam Weinig  <sam@webkit.org>
 
         Rubber-stamped by Dan Bernstein.
diff --git a/LayoutTests/fast/dom/script-element-without-frame-crash-expected.txt b/LayoutTests/fast/dom/script-element-without-frame-crash-expected.txt
new file mode 100644 (file)
index 0000000..f439245
--- /dev/null
@@ -0,0 +1,3 @@
+This page tests for a crash in the HTML tokenizer when adding a <script> element to a document without a frame.
+
+PASS: You didn't crash.
diff --git a/LayoutTests/fast/dom/script-element-without-frame-crash.html b/LayoutTests/fast/dom/script-element-without-frame-crash.html
new file mode 100644 (file)
index 0000000..a6edbba
--- /dev/null
@@ -0,0 +1,14 @@
+<p>
+This page tests for a crash in the HTML tokenizer when adding a &lt;script&gt;
+element to a document without a frame.
+</p>
+
+<pre>PASS: You didn't crash.</pre>
+
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+    
+var doc = document.implementation.createHTMLDocument("");
+doc.write("<\script src=''>;<\/script>");
+</script>
index afac2514bb3204769b66c77ac72d9f2d412e0ce8..65ade540de274caf2c112e199b7e6a783153a6ca 100644 (file)
@@ -1,3 +1,16 @@
+2008-02-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by David Harrison.
+        
+        Fixed <rdar://problem/5756125> REGRESSION: A crash occurs at 
+        WebCore::Frame::scriptProxy() when completing a search with Package Tracker widget
+
+        Test: fast/dom/script-element-without-frame-crash.html
+
+        * html/HTMLTokenizer.cpp:
+        (WebCore::HTMLTokenizer::parseTag): Added back a NULL check that was
+        accidentally removed in r30325.
+
 2008-02-21  Rodney Dawes  <dobey@wayofthemonkey.com>
 
         GTK+ build fix. s/domString()/string()/
index 5101cce32ee43dd10282bdede9eb201ad17601a5..31e09599f0001b373c0bbf541a0658518132c384 100644 (file)
@@ -1445,7 +1445,7 @@ HTMLTokenizer::State HTMLTokenizer::parseTag(SegmentedString &src, State state)
                 scriptSrc = String();
                 scriptSrcCharset = String();
                 if (currToken.attrs && !m_fragment) {
-                    if (m_doc->frame()->scriptProxy()->isEnabled()) {
+                    if (m_doc->frame() && m_doc->frame()->scriptProxy()->isEnabled()) {
                         if ((a = currToken.attrs->getAttributeItem(srcAttr)))
                             scriptSrc = m_doc->completeURL(parseURL(a->value())).string();
                         if ((a = currToken.attrs->getAttributeItem(charsetAttr)))