Changeset 30722 in webkit
- Timestamp:
- Mar 3, 2008 2:43:57 PM (16 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r30715 r30722 1 2008-03-03 Mark Rowe <mrowe@apple.com> 2 3 Reviewed by Dan Bernstein. 4 5 Test for http://bugs.webkit.org/show_bug.cgi?id=17313 6 Bug 17313: querySelectorAll() causing crashes when called via dojo.query() wrapper 7 8 * fast/dom/SelectorAPI/bug-17313-expected.txt: Added. 9 * fast/dom/SelectorAPI/bug-17313.html: Added. 10 1 11 2008-03-03 David D. Kilzer <ddkilzer@webkit.org> 2 12 -
trunk/WebCore/ChangeLog
r30720 r30722 1 2008-03-03 Mark Rowe <mrowe@apple.com> 2 3 Reviewed by Dan Bernstein. 4 5 Fix http://bugs.webkit.org/show_bug.cgi?id=17313 6 Bug 17313: querySelectorAll() causing crashes when called via dojo.query() wrapper 7 8 Node::querySelector and SelectorNodeList were not sufficiently initializing the CSSStyleSelector 9 before using it to resolve styles, which lead to it having a stale m_style member in some situations. 10 This stale m_style member resulted in a wild store that would write over whatever object now resided 11 at the location m_style pointed to. 12 13 Test: fast/dom/SelectorAPI/bug-17313.html 14 15 * dom/Node.cpp: 16 (WebCore::Node::querySelector): Call initForStyleResolve to further initialize the CSSStyleSelector. 17 * dom/SelectorNodeList.cpp: 18 (WebCore::SelectorNodeList::SelectorNodeList): Ditto. 19 1 20 2008-03-03 Anders Carlsson <andersca@apple.com> 2 21 -
trunk/WebCore/dom/Node.cpp
r30431 r30722 1223 1223 Element* element = static_cast<Element*>(n); 1224 1224 styleSelector->initElementAndPseudoState(element); 1225 styleSelector->initForStyleResolve(element, 0); 1225 1226 for (CSSSelector* selector = querySelector; selector; selector = selector->next()) { 1226 1227 if (styleSelector->checkSelector(selector)) -
trunk/WebCore/dom/SelectorNodeList.cpp
r30096 r30722 44 44 for (Node* n = rootNode->firstChild(); n; n = n->traverseNextNode(rootNode.get())) { 45 45 if (n->isElementNode()) { 46 styleSelector->initElementAndPseudoState(static_cast<Element*>(n)); 46 Element* element = static_cast<Element*>(n); 47 styleSelector->initElementAndPseudoState(element); 48 styleSelector->initForStyleResolve(element, 0); 47 49 for (CSSSelector* selector = querySelector; selector; selector = selector->next()) { 48 50 if (styleSelector->checkSelector(selector)) {
Note: See TracChangeset
for help on using the changeset viewer.