https://bugs.webkit.org/show_bug.cgi?id=109728
Source/WebCore:
See also https://code.google.com/p/chromium/issues/detail?id=175535
This bug can be reproduced on
http://dramalink.net/tudou.y/?xink=
162601060
Patch by Christian Biesinger <cbiesinger@chromium.org> on 2013-02-13
Reviewed by Eric Seidel.
Test: fast/css/resize-object-crash.html
* rendering/RenderWidget.cpp:
(WebCore::RenderWidget::paint):
Only call paintResizer() if we have a layer and canResize() is true
LayoutTests:
See also https://code.google.com/p/chromium/issues/detail?id=175535
Patch by Christian Biesinger <cbiesinger@chromium.org> on 2013-02-13
Reviewed by Eric Seidel.
* fast/css/resize-object-crash-expected.txt: Added.
* fast/css/resize-object-crash.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@142788
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2013-02-13 Christian Biesinger <cbiesinger@chromium.org>
+
+ Crash when encountering <object style="resize:both;">
+ https://bugs.webkit.org/show_bug.cgi?id=109728
+
+ See also https://code.google.com/p/chromium/issues/detail?id=175535
+
+ Reviewed by Eric Seidel.
+
+ * fast/css/resize-object-crash-expected.txt: Added.
+ * fast/css/resize-object-crash.html: Added.
+
2013-02-13 Kondapally Kalyan <kalyan.kondapally@intel.com>
[WebGL][EFL][GTK][Qt]Add support for OES_vertex_array_object.
--- /dev/null
+<html>
+<head>
+ <title></title>
+ <script>
+ if (window.testRunner) {
+ testRunner.dumpAsText();
+ }
+ </script>
+ <style>
+ object {
+ resize: both !important;
+ }
+ </style>
+</head>
+<body>
+ <!--
+ Test for https://crbug.com/175535 - Crash with <object style="resize:both">
+ -->
+ <object></object><br>
+ PASS
+</body>
+2013-02-13 Christian Biesinger <cbiesinger@chromium.org>
+
+ Crash when encountering <object style="resize:both;">
+ https://bugs.webkit.org/show_bug.cgi?id=109728
+
+ See also https://code.google.com/p/chromium/issues/detail?id=175535
+ This bug can be reproduced on
+ http://dramalink.net/tudou.y/?xink=162601060
+
+ Reviewed by Eric Seidel.
+
+ Test: fast/css/resize-object-crash.html
+
+ * rendering/RenderWidget.cpp:
+ (WebCore::RenderWidget::paint):
+ Only call paintResizer() if we have a layer and canResize() is true
+
2013-02-13 Arko Saha <arko@motorola.com>
[Microdata] HTMLPropertiesCollection code cleanup
paintInfo.context->fillRect(pixelSnappedIntRect(selectionRect()), selectionBackgroundColor(), style()->colorSpace());
}
- if (style()->resize() != RESIZE_NONE)
+ if (hasLayer() && layer()->canResize())
layer()->paintResizer(paintInfo.context, roundedIntPoint(adjustedPaintOffset), paintInfo.rect);
}
git://git.webkit.org / WebKit-https.git / commitdiff