Changeset 67441 in webkit


Ignore:
Timestamp:
Sep 13, 2010 9:18:26 PM (14 years ago)
Author:
rniwa@webkit.org
Message:

2010-09-13 Ryosuke Niwa <rniwa@webkit.org>

Reviewed by Darin Adler.

REGRESSION: In Gmail, a crash occurs at getDoubleValue() when applying a text color to a new line
https://bugs.webkit.org/show_bug.cgi?id=45632

Test: editing/execCommand/query-font-size-with-typing-style.html

The crash was caused by selectionStartCSSPropertyValue's deleting nodeToRemove before
retrieving the font-size property. Fixed the bug by moving the removal code to the end of the function.

  • editing/Editor.cpp: (WebCore::Editor::selectionStartCSSPropertyValue):

2010-09-13 Ryosuke Niwa <rniwa@webkit.org>

Reviewed by Darin Adler.

REGRESSION: In Gmail, a crash occurs at getDoubleValue() when applying a text color to a new line
https://bugs.webkit.org/show_bug.cgi?id=45632

Added a test to ensure WebKit does not crash when querying font size even if there is a typing style.

  • editing/execCommand/query-font-size-with-typing-style-expected.txt: Added.
  • editing/execCommand/query-font-size-with-typing-style.html: Added.
Location:
trunk
Files:
2 added
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r67432 r67441  
     12010-09-13  Ryosuke Niwa  <rniwa@webkit.org>
     2
     3        Reviewed by Darin Adler.
     4
     5        REGRESSION: In Gmail, a crash occurs at getDoubleValue() when applying a text color to a new line
     6        https://bugs.webkit.org/show_bug.cgi?id=45632
     7
     8        Added a test to ensure WebKit does not crash when querying font size even if there is a typing style.
     9
     10        * editing/execCommand/query-font-size-with-typing-style-expected.txt: Added.
     11        * editing/execCommand/query-font-size-with-typing-style.html: Added.
     12
    1132010-09-13  Eric Carlson  <eric.carlson@apple.com>
    214
  • trunk/WebCore/ChangeLog

    r67438 r67441  
     12010-09-13  Ryosuke Niwa  <rniwa@webkit.org>
     2
     3        Reviewed by Darin Adler.
     4
     5        REGRESSION: In Gmail, a crash occurs at getDoubleValue() when applying a text color to a new line
     6        https://bugs.webkit.org/show_bug.cgi?id=45632
     7
     8        Test: editing/execCommand/query-font-size-with-typing-style.html
     9
     10        The crash was caused by selectionStartCSSPropertyValue's deleting nodeToRemove before
     11        retrieving the font-size property. Fixed the bug by moving the removal code to the end of the function.
     12
     13        * editing/Editor.cpp:
     14        (WebCore::Editor::selectionStartCSSPropertyValue):
     15
    1162010-09-13  Kwang Yul Seo  <skyul@company100.net>
    217
  • trunk/WebCore/editing/Editor.cpp

    r67403 r67441  
    952952    String value = selectionStyle->getPropertyValue(propertyID);
    953953
    954     if (nodeToRemove) {
    955         ExceptionCode ec = 0;
    956         nodeToRemove->remove(ec);
    957         ASSERT(!ec);
    958     }
    959 
    960954    // If background color is transparent, traverse parent nodes until we hit a different value or document root
    961955    // Also, if the selection is a range, ignore the background color at the start of selection,
     
    974968
    975969    if (propertyID == CSSPropertyFontSize) {
    976         RefPtr<CSSValue> value = selectionStyle->getPropertyCSSValue(CSSPropertyFontSize);
    977         ASSERT(value->isPrimitiveValue());
    978         int fontPixelSize = static_cast<CSSPrimitiveValue*>(value.get())->getIntValue(CSSPrimitiveValue::CSS_PX);
     970        RefPtr<CSSValue> cssValue = selectionStyle->getPropertyCSSValue(CSSPropertyFontSize);
     971        ASSERT(cssValue->isPrimitiveValue());
     972        int fontPixelSize = static_cast<CSSPrimitiveValue*>(cssValue.get())->getIntValue(CSSPrimitiveValue::CSS_PX);
    979973        int size = CSSStyleSelector::legacyFontSize(m_frame->document(), fontPixelSize, selectionStyle->useFixedFontDefaultSize());
    980         return String::number(size);
     974        value = String::number(size);
     975    }
     976
     977    if (nodeToRemove) {
     978        ExceptionCode ec = 0;
     979        nodeToRemove->remove(ec);
     980        ASSERT(!ec);
    981981    }
    982982
Note: See TracChangeset for help on using the changeset viewer.