Changeset 59950 in webkit


Ignore:
Timestamp:
May 21, 2010, 12:53:29 PM (15 years ago)
Author:
Beth Dakin
Message:

WebCore: Fix for <rdar://problem/8009118> Crash in WebCore::toAlphabetic()
while running MangleMe
-and corresponding-
https://bugs.webkit.org/show_bug.cgi?id=39508

Reviewed by Darin Adler.

The math was slightly off here, and we wound up trying to access an
array at index -1 in some cases. We need to decrement numberShadow
rather than subtracting one from the result of the modulo
operation.

  • rendering/RenderListMarker.cpp:

(WebCore::toAlphabeticOrNumeric):

LayoutTests: Test for <rdar://problem/8009118> Crash in WebCore::toAlphabetic()
while running MangleMe
-and corresponding-
https://bugs.webkit.org/show_bug.cgi?id=39508

Reviewed by Darin Adler.

  • fast/lists/alpha-boundary-values.html: Added.
  • platform/mac/fast/lists/alpha-boundary-values-expected.checksum: Added.
  • platform/mac/fast/lists/alpha-boundary-values-expected.png: Added.
  • platform/mac/fast/lists/alpha-boundary-values-expected.txt: Added.
Location:
trunk
Files:
4 added
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r59941 r59950  
     12010-05-21  Beth Dakin  <bdakin@apple.com>
     2
     3        Reviewed by Darin Adler.
     4
     5        Test for <rdar://problem/8009118> Crash in WebCore::toAlphabetic()
     6        while running MangleMe
     7        -and corresponding-
     8        https://bugs.webkit.org/show_bug.cgi?id=39508
     9
     10        * fast/lists/alpha-boundary-values.html: Added.
     11        * platform/mac/fast/lists/alpha-boundary-values-expected.checksum: Added.
     12        * platform/mac/fast/lists/alpha-boundary-values-expected.png: Added.
     13        * platform/mac/fast/lists/alpha-boundary-values-expected.txt: Added.
     14
    1152010-05-21  Oliver Hunt  <oliver@apple.com>
    216
  • trunk/WebCore/ChangeLog

    r59949 r59950  
     12010-05-21  Beth Dakin  <bdakin@apple.com>
     2
     3        Reviewed by Darin Adler.
     4
     5        Fix for <rdar://problem/8009118> Crash in WebCore::toAlphabetic()
     6        while running MangleMe
     7        -and corresponding-
     8        https://bugs.webkit.org/show_bug.cgi?id=39508
     9
     10        The math was slightly off here, and we wound up trying to access an
     11        array at index -1 in some cases. We need to decrement numberShadow
     12        rather than subtracting one from the result of the modulo
     13        operation.
     14
     15        * rendering/RenderListMarker.cpp:
     16        (WebCore::toAlphabeticOrNumeric):
     17
    1182010-05-21  Oliver Hunt  <oliver@apple.com>
    219
  • trunk/WebCore/rendering/RenderListMarker.cpp

    r54472 r59950  
    102102
    103103    if (type == AlphabeticSequence) {
    104         while ((numberShadow /= sequenceSize) > 0)
    105             letters[lettersSize - ++length] = sequence[numberShadow % sequenceSize - 1];
     104        while ((numberShadow /= sequenceSize) > 0) {
     105            --numberShadow;
     106            letters[lettersSize - ++length] = sequence[numberShadow % sequenceSize];
     107        }
    106108    } else {
    107109        while ((numberShadow /= sequenceSize) > 0)
Note: See TracChangeset for help on using the changeset viewer.