Context Navigation

← Previous Changeset
Next Changeset →

Changeset 106251 in webkit

Timestamp:

Jan 30, 2012 9:31:52 AM (12 years ago)

Author:

commit-queue@webkit.org

Message:

REGRESSION (r82580): Reproducible crash in CSSPrimitiveValue::computeLengthDouble
https://bugs.webkit.org/show_bug.cgi?id=61989

Patch by Parag Radke <nrqv63@motorola.com> on 2012-01-30
Reviewed by Simon Fraser.

Source/WebCore:

According to css3 specs when font-size is specified in 'rems' for an element implies the font-size
of the root element. In this case as HTML element has a property 'display:none' and hence renderer
is NULL causes this crash.

Test: fast/css/fontsize-unit-rems-crash.html

css/CSSPrimitiveValue.cpp:

(WebCore::CSSPrimitiveValue::computeLengthDouble):
Added a null check for the root element's RenderStyle as it can be null in case of html has a property
hidden or display:none.

LayoutTests:

Added a test case to check rems unit (css3) with html property display:none.

fast/css/fontsize-unit-rems-crash-expected.txt: Added.
fast/css/fontsize-unit-rems-crash.html: Added.

Location:

trunk

Files:

: 2 added
: 3 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/fast/css/fontsize-unit-rems-crash-expected.txt (added)
LayoutTests/fast/css/fontsize-unit-rems-crash.html (added)
Source/WebCore/ChangeLog (modified) (1 diff)
Source/WebCore/css/CSSPrimitiveValue.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r106250
+                      r106251
+-01-30  Parag Radke  <nrqv63@motorola.com>
+        REGRESSION (r82580): Reproducible crash in CSSPrimitiveValue::computeLengthDouble
+        https://bugs.webkit.org/show_bug.cgi?id=61989
+        Reviewed by Simon Fraser.
+        Added a test case to check rems unit (css3) with html property display:none.
+        * fast/css/fontsize-unit-rems-crash-expected.txt: Added.
+        * fast/css/fontsize-unit-rems-crash.html: Added.
 -01-26  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>

trunk/Source/WebCore/ChangeLog

-                      r106250
+                      r106251
+-01-30  Parag Radke  <nrqv63@motorola.com>
+        REGRESSION (r82580): Reproducible crash in CSSPrimitiveValue::computeLengthDouble
+        https://bugs.webkit.org/show_bug.cgi?id=61989
+        Reviewed by Simon Fraser.
+        According to css3 specs when font-size is specified in 'rems' for an element implies the font-size
+        of the root element. In this case as HTML element has a property 'display:none' and hence renderer
+        is NULL causes this crash.
+        Test: fast/css/fontsize-unit-rems-crash.html
+        * css/CSSPrimitiveValue.cpp:
+        (WebCore::CSSPrimitiveValue::computeLengthDouble):
+        Added a null check for the root element's RenderStyle as it can be null in case of html has a property
+        hidden or display:none.
 -01-26  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>

trunk/Source/WebCore/css/CSSPrimitiveValue.cpp

-                      r105678
+                      r106251
         case CSS_REMS:
             applyZoomMultiplier = false;
+            factor = computingFontSize ? rootStyle->fontDescription().specifiedSize() : rootStyle->fontDescription().computedSize();
+            if (rootStyle)
+                factor = computingFontSize ? rootStyle->fontDescription().specifiedSize() : rootStyle->fontDescription().computedSize();
             break;
         case CSS_PX:

Note: See TracChangeset for help on using the changeset viewer.