- fix http://bugzilla.opendarwin.org/show_bug.cgi?id=8469
CRASH: WebCore::CSSParser::parseDashboardRegions when attr() is passed
Test: fast/css/dashboard-regions-attr-crash.html
* css/cssparser.cpp:
(WebCore::CSSParser::parseDashboardRegions): Added null check for args.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@13969
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2006-04-19 Mitz Pettel <opendarwin.org@mitzpettel.com>
+
+ Reviewed by Eric, landed by ap.
+
+ - test for http://bugzilla.opendarwin.org/show_bug.cgi?id=8469
+ CRASH: WebCore::CSSParser::parseDashboardRegions when attr() is passed
+
+ * fast/css/dashboard-regions-attr-crash-expected.txt
+ * fast/css/dashboard-regions-attr-crash.html
+
2006-04-17 Rob Buis <buis@kde.org>
Reviewed by eseidel. Landed by eseidel.
--- /dev/null
+Test for http://bugzilla.opendarwin.org/show_bug.cgi?id=8469 CRASH: WebCore::CSSParser::parseDashboardRegions when attr() is passed.
+
+If the test passes it won't crash
+
+
+
--- /dev/null
+<html>
+<head>
+<script>
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+</script>
+</head>
+<body>
+<p>Test for <i><a href="http://bugzilla.opendarwin.org/show_bug.cgi?id=8469">http://bugzilla.opendarwin.org/show_bug.cgi?id=8469</a> CRASH: WebCore::CSSParser::parseDashboardRegions when attr() is passed</i>.</p>
+<p>If the test passes it won't crash</p>
+<br style="-webkit-dashboard-region: dashboard-region("a");">
+<table style="-webkit-dashboard-region: attr("a");">
+</body>
+</html>
+2006-04-19 Mitz Pettel <opendarwin.org@mitzpettel.com>
+
+ Reviewed by Eric, landed by ap.
+
+ - fix http://bugzilla.opendarwin.org/show_bug.cgi?id=8469
+ CRASH: WebCore::CSSParser::parseDashboardRegions when attr() is passed
+
+ Test: fast/css/dashboard-regions-attr-crash.html
+
+ * css/cssparser.cpp:
+ (WebCore::CSSParser::parseDashboardRegions): Added null check for args.
+
2006-04-18 Rob Buis <buis@kde.org>
Reviewed by eseidel & darin. Landed by eseidel.
// dashboard-region(label, type) or dashboard-region(label type)
// dashboard-region(label, type) or dashboard-region(label type)
ValueList* args = value->function->args;
- int numArgs = value->function->args->size();
- if ((numArgs != DASHBOARD_REGION_NUM_PARAMETERS && numArgs != (DASHBOARD_REGION_NUM_PARAMETERS*2-1)) &&
- (numArgs != DASHBOARD_REGION_SHORT_NUM_PARAMETERS && numArgs != (DASHBOARD_REGION_SHORT_NUM_PARAMETERS*2-1))){
+ String fname = domString(value->function->name).lower();
+ if (fname != "dashboard-region(" || !args) {
valid = false;
break;
}
- String fname = domString(value->function->name).lower();
- if (fname != "dashboard-region(") {
+ int numArgs = args->size();
+ if ((numArgs != DASHBOARD_REGION_NUM_PARAMETERS && numArgs != (DASHBOARD_REGION_NUM_PARAMETERS*2-1)) &&
+ (numArgs != DASHBOARD_REGION_SHORT_NUM_PARAMETERS && numArgs != (DASHBOARD_REGION_SHORT_NUM_PARAMETERS*2-1))){
valid = false;
break;
}
git://git.webkit.org / WebKit-https.git / commitdiff