[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677

darin darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:41:54 UTC 2009 

The following commit has been merged in the debian/unstable branch:
commit 6c14733e7842942d7bd98bfbc9a2824f06deb10b
Author: darin <darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue May 13 16:42:20 2003 +0000

            Reviewed by John.
    
    	- fixed 3228186 -- REGRESSION: crash walking parent tree at housingscc.org in DOM::StyleBaseImpl::stylesheet()
    
            * khtml/xml/dom_elementimpl.cpp:
            (ElementImpl::~ElementImpl): Unref the stylesheet with the style declaration in it
            when destroying the element.
            (ElementImpl::createDecl): Ref the stylesheet with the style declaration in it when
            making a style element for this. If we don't we could end up with a style declaration
            without a stylesheet, which can't be manipulated by the CSS parser.
    
            * khtml/html/html_elementimpl.cpp: (HTMLElementImpl::removeCSSProperty): Since this
            function has a side effect of changing the stylesheet for the style declaration, ref
            the new stylesheet and unref the old one.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@4359 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog-2003-10-25 b/WebCore/ChangeLog-2003-10-25
index 802c35b..417c023 100644
--- a/WebCore/ChangeLog-2003-10-25
+++ b/WebCore/ChangeLog-2003-10-25
@@ -1,3 +1,20 @@
+2003-05-13  Darin Adler  <darin at apple.com>
+
+        Reviewed by John.
+
+	- fixed 3228186 -- REGRESSION: crash walking parent tree at housingscc.org in DOM::StyleBaseImpl::stylesheet()
+
+        * khtml/xml/dom_elementimpl.cpp:
+        (ElementImpl::~ElementImpl): Unref the stylesheet with the style declaration in it
+        when destroying the element.
+        (ElementImpl::createDecl): Ref the stylesheet with the style declaration in it when
+        making a style element for this. If we don't we could end up with a style declaration
+        without a stylesheet, which can't be manipulated by the CSS parser.
+
+        * khtml/html/html_elementimpl.cpp: (HTMLElementImpl::removeCSSProperty): Since this
+        function has a side effect of changing the stylesheet for the style declaration, ref
+        the new stylesheet and unref the old one.
+
 2003-05-12  Richard Williamson  <rjw at apple.com>
 
         Fixed 3194614 and 3194751.  We avoid creating and render objects
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index 802c35b..417c023 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,20 @@
+2003-05-13  Darin Adler  <darin at apple.com>
+
+        Reviewed by John.
+
+	- fixed 3228186 -- REGRESSION: crash walking parent tree at housingscc.org in DOM::StyleBaseImpl::stylesheet()
+
+        * khtml/xml/dom_elementimpl.cpp:
+        (ElementImpl::~ElementImpl): Unref the stylesheet with the style declaration in it
+        when destroying the element.
+        (ElementImpl::createDecl): Ref the stylesheet with the style declaration in it when
+        making a style element for this. If we don't we could end up with a style declaration
+        without a stylesheet, which can't be manipulated by the CSS parser.
+
+        * khtml/html/html_elementimpl.cpp: (HTMLElementImpl::removeCSSProperty): Since this
+        function has a side effect of changing the stylesheet for the style declaration, ref
+        the new stylesheet and unref the old one.
+
 2003-05-12  Richard Williamson  <rjw at apple.com>
 
         Fixed 3194614 and 3194751.  We avoid creating and render objects
diff --git a/WebCore/khtml/html/html_elementimpl.cpp b/WebCore/khtml/html/html_elementimpl.cpp
index 09f8eae..1212518 100644
--- a/WebCore/khtml/html/html_elementimpl.cpp
+++ b/WebCore/khtml/html/html_elementimpl.cpp
@@ -345,7 +345,9 @@ void HTMLElementImpl::removeCSSProperty(int id)
 {
     if(!m_styleDecls)
         return;
+    m_styleDecls->parent()->deref();
     m_styleDecls->setParent(getDocument()->elementSheet());
+    m_styleDecls->parent()->ref();
     m_styleDecls->removeProperty(id);
     setChanged();
 }
diff --git a/WebCore/khtml/xml/dom_elementimpl.cpp b/WebCore/khtml/xml/dom_elementimpl.cpp
index 142e591..c79fc8c 100644
--- a/WebCore/khtml/xml/dom_elementimpl.cpp
+++ b/WebCore/khtml/xml/dom_elementimpl.cpp
@@ -173,6 +173,7 @@ ElementImpl::~ElementImpl()
 
     if (m_styleDecls) {
         m_styleDecls->setNode(0);
+        m_styleDecls->parent()->deref();
         m_styleDecls->setParent(0);
         m_styleDecls->deref();
     }
@@ -437,6 +438,7 @@ void ElementImpl::createDecl( )
     m_styleDecls = new CSSStyleDeclarationImpl(0);
     m_styleDecls->ref();
     m_styleDecls->setParent(getDocument()->elementSheet());
+    m_styleDecls->parent()->ref();
     m_styleDecls->setNode(this);
     m_styleDecls->setStrictParsing( !getDocument()->inCompatMode() );
 }

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list