Changeset 77834 in webkit
- Timestamp:
- Feb 7, 2011 12:08:47 PM (13 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r77831 r77834 1 2011-02-07 Antti Koivisto <antti@apple.com> 2 3 Reviewed by Andreas Kling. 4 5 REGRESSION(r77740): CSSStyleSelector accessing deleted memory for svg/dom/use-transform.svg 6 https://bugs.webkit.org/show_bug.cgi?id=53900 7 8 Ignore link elements in shadow trees. 9 10 * dom/Element.cpp: 11 (WebCore::StyleSelectorParentPusher::StyleSelectorParentPusher): 12 (WebCore::StyleSelectorParentPusher::~StyleSelectorParentPusher): 13 14 Some asserts to catch cases like this. 15 16 (WebCore::Element::attach): 17 (WebCore::Element::recalcStyle): 18 * html/HTMLLinkElement.cpp: 19 (WebCore::HTMLLinkElement::HTMLLinkElement): 20 (WebCore::HTMLLinkElement::process): 21 (WebCore::HTMLLinkElement::insertedIntoDocument): 22 (WebCore::HTMLLinkElement::removedFromDocument): 23 * html/HTMLLinkElement.h: 24 1 25 2011-02-07 Darin Adler <darin@apple.com> 2 26 -
trunk/Source/WebCore/dom/Element.cpp
r77740 r77834 71 71 class StyleSelectorParentPusher { 72 72 public: 73 StyleSelectorParentPusher(CSSStyleSelector* styleSelector, Element* parent) 74 : m_styleSelector(styleSelector) 75 , m_parent(parent) 76 , m_didPush(false) 73 StyleSelectorParentPusher(Element* parent) 74 : m_parent(parent) 75 , m_pushedStyleSelector(0) 77 76 { 78 77 } 79 78 void push() 80 79 { 81 if (m_ didPush)80 if (m_pushedStyleSelector) 82 81 return; 83 m_ styleSelector->pushParent(m_parent);84 m_ didPush = true;82 m_pushedStyleSelector = m_parent->document()->styleSelector(); 83 m_pushedStyleSelector->pushParent(m_parent); 85 84 } 86 85 ~StyleSelectorParentPusher() 87 86 { 88 if (m_didPush) 89 m_styleSelector->popParent(m_parent); 87 88 if (!m_pushedStyleSelector) 89 return; 90 ASSERT(m_pushedStyleSelector == m_parent->document()->styleSelector()); 91 m_pushedStyleSelector->popParent(m_parent); 90 92 } 91 93 92 94 private: 93 CSSStyleSelector* m_styleSelector;94 95 Element* m_parent; 95 bool m_didPush;96 CSSStyleSelector* m_pushedStyleSelector; 96 97 }; 97 98 98 99 PassRefPtr<Element> Element::create(const QualifiedName& tagName, Document* document) 99 100 { … … 946 947 createRendererIfNeeded(); 947 948 948 StyleSelectorParentPusher parentPusher( document()->styleSelector(),this);949 StyleSelectorParentPusher parentPusher(this); 949 950 if (firstChild()) 950 951 parentPusher.push(); … … 1093 1094 } 1094 1095 } 1095 StyleSelectorParentPusher parentPusher( document()->styleSelector(),this);1096 StyleSelectorParentPusher parentPusher(this); 1096 1097 // FIXME: This check is good enough for :hover + foo, but it is not good enough for :hover + foo + bar. 1097 1098 // For now we will just worry about the common case, since it's a lot trickier to get the second case right -
trunk/Source/WebCore/html/HTMLLinkElement.cpp
r77750 r77834 57 57 , m_loading(false) 58 58 , m_createdByParser(createdByParser) 59 , m_isInShadowTree(false) 59 60 , m_pendingSheetType(None) 60 61 { … … 195 196 void HTMLLinkElement::process() 196 197 { 197 if (!inDocument() ) {198 if (!inDocument() || m_isInShadowTree) { 198 199 ASSERT(!m_sheet); 199 200 return; … … 281 282 { 282 283 HTMLElement::insertedIntoDocument(); 284 285 m_isInShadowTree = isInShadowTree(); 286 if (m_isInShadowTree) 287 return; 288 283 289 document()->addStyleSheetCandidateNode(this, m_createdByParser); 284 290 … … 290 296 HTMLElement::removedFromDocument(); 291 297 298 if (m_isInShadowTree) { 299 ASSERT(!m_sheet); 300 return; 301 } 292 302 document()->removeStyleSheetCandidateNode(this); 293 303 -
trunk/Source/WebCore/html/HTMLLinkElement.h
r74476 r77834 136 136 bool m_loading; 137 137 bool m_createdByParser; 138 bool m_isInShadowTree; 138 139 139 140 PendingSheetType m_pendingSheetType;
Note: See TracChangeset
for help on using the changeset viewer.