[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
hyatt
hyatt at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:47:47 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit 3aadc73bbeda72099f094464044c44a361883029
Author: hyatt <hyatt at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Jul 17 19:49:39 2003 +0000
Fix for 3300362, crash on myuhc.com. The residual style code
was messing up and inserting nodes in the wrong place (and also
updating the current member variable when it wasn't supposed to).
Fix for 3331793, nil deref because (astoundingly) someone was
using text-shadow and exposed a bug with the color handling
of the shadow.
Reviewed by darin
* khtml/html/htmlparser.cpp:
* khtml/html/htmlparser.h
(KHTMLParser::reopenResidualStyleTags):
(KHTMLParser::popBlock):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@4667 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog-2003-10-25 b/WebCore/ChangeLog-2003-10-25
index 6da8775..0169ea1 100644
--- a/WebCore/ChangeLog-2003-10-25
+++ b/WebCore/ChangeLog-2003-10-25
@@ -1,3 +1,20 @@
+2003-07-15 Dave Hyatt <hyatt at apple.com>
+
+ Fix for 3300362, crash on myuhc.com. The residual style code
+ was messing up and inserting nodes in the wrong place (and also
+ updating the current member variable when it wasn't supposed to).
+
+ Fix for 3331793, nil deref because (astoundingly) someone was
+ using text-shadow and exposed a bug with the color handling
+ of the shadow.
+
+ Reviewed by darin
+
+ * khtml/html/htmlparser.cpp:
+ * khtml/html/htmlparser.h
+ (KHTMLParser::reopenResidualStyleTags):
+ (KHTMLParser::popBlock):
+
2003-07-17 Maciej Stachowiak <mjs at apple.com>
Reviewed by John.
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index 6da8775..0169ea1 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,20 @@
+2003-07-15 Dave Hyatt <hyatt at apple.com>
+
+ Fix for 3300362, crash on myuhc.com. The residual style code
+ was messing up and inserting nodes in the wrong place (and also
+ updating the current member variable when it wasn't supposed to).
+
+ Fix for 3331793, nil deref because (astoundingly) someone was
+ using text-shadow and exposed a bug with the color handling
+ of the shadow.
+
+ Reviewed by darin
+
+ * khtml/html/htmlparser.cpp:
+ * khtml/html/htmlparser.h
+ (KHTMLParser::reopenResidualStyleTags):
+ (KHTMLParser::popBlock):
+
2003-07-17 Maciej Stachowiak <mjs at apple.com>
Reviewed by John.
diff --git a/WebCore/khtml/css/cssstyleselector.cpp b/WebCore/khtml/css/cssstyleselector.cpp
index ecccacf..1cf3bcd 100644
--- a/WebCore/khtml/css/cssstyleselector.cpp
+++ b/WebCore/khtml/css/cssstyleselector.cpp
@@ -3131,7 +3131,7 @@ void CSSStyleSelector::applyRule( int id, DOM::CSSValueImpl *value )
if (ident)
col = colorForCSSValue( ident );
else if (item->color->primitiveType() == CSSPrimitiveValue::CSS_RGBCOLOR)
- col.setRgb(primitiveValue->getRGBColorValue());
+ col.setRgb(item->color->getRGBColorValue());
}
ShadowData* shadowData = new ShadowData(x, y, blur, col);
style->setTextShadow(shadowData, i != 0);
diff --git a/WebCore/khtml/html/htmlparser.cpp b/WebCore/khtml/html/htmlparser.cpp
index 219ac3d..54688b2 100644
--- a/WebCore/khtml/html/htmlparser.cpp
+++ b/WebCore/khtml/html/htmlparser.cpp
@@ -1364,31 +1364,38 @@ void KHTMLParser::handleResidualStyleCloseTagAcrossBlocks(HTMLStackElem* elem)
curr = blockStack;
}
- reopenResidualStyleTags(residualStyleStack, false); // FIXME: Deal with stray table content some day
- // if it becomes necessary to do so.
+ reopenResidualStyleTags(residualStyleStack, 0); // FIXME: Deal with stray table content some day
+ // if it becomes necessary to do so.
}
-void KHTMLParser::reopenResidualStyleTags(HTMLStackElem* elem, bool inMalformedTable)
+void KHTMLParser::reopenResidualStyleTags(HTMLStackElem* elem, DOM::NodeImpl* malformedTableParent)
{
// Loop for each tag that needs to be reopened.
while (elem) {
// Create a shallow clone of the DOM node for this element.
NodeImpl* newNode = elem->node->cloneNode(false);
- // Append the new node.
+ // Append the new node. In the malformed table case, we need to insert before the table,
+ // which will be the last child.
int exceptionCode = 0;
- current->appendChild(newNode, exceptionCode);
- // FIXME: Is it really OK to ignore the exception here?
+ if (malformedTableParent)
+ malformedTableParent->insertBefore(newNode, malformedTableParent->lastChild(), exceptionCode);
+ else
+ current->appendChild(newNode, exceptionCode);
+ // FIXME: Is it really OK to ignore the exceptions here?
// Now push a new stack element for this node we just created.
pushBlock(elem->id, elem->level);
// Set our strayTableContent boolean if needed, so that the reopened tag also knows
// that it is inside a malformed table.
- blockStack->strayTableContent = !inStrayTableContent && inMalformedTable;
+ blockStack->strayTableContent = !inStrayTableContent && malformedTableParent;
if (blockStack->strayTableContent)
inStrayTableContent = true;
-
+
+ // Clear our malformed table parent variable.
+ malformedTableParent = 0;
+
// Update |current| manually to point to the new node.
current = newNode;
@@ -1444,25 +1451,24 @@ void KHTMLParser::popBlock( int _id )
bool isAffectedByStyle = isAffectedByResidualStyle(Elem->id);
HTMLStackElem* residualStyleStack = 0;
-
- bool residualStyleInMalformedTable = false;
+ NodeImpl* malformedTableParent = 0;
+
Elem = blockStack;
while (Elem)
{
if (Elem->id == _id)
{
bool strayTable = inStrayTableContent;
- NodeImpl* shiftedContentParent = current ? current->parentNode() : 0;
popOneBlock();
Elem = 0;
- // This element was the root of some malformed content just inside a <table>. If
- // we end up needing to reopen residual style tags, the root of the reopened chain
- // must also know that it is the root of malformed content inside a <table>.
- if (strayTable && !inStrayTableContent && residualStyleStack) {
- residualStyleInMalformedTable = true;
- current = shiftedContentParent;
- }
+ // This element was the root of some malformed content just inside an implicit or
+ // explicit <tbody>.
+ // If we end up needing to reopen residual style tags, the root of the reopened chain
+ // must also know that it is the root of malformed content inside a <tbody>.
+ if (strayTable && !inStrayTableContent && residualStyleStack)
+ malformedTableParent = current && current->parentNode() ?
+ current->parentNode()->parentNode() : 0;
}
else
{
@@ -1498,7 +1504,7 @@ void KHTMLParser::popBlock( int _id )
}
}
- reopenResidualStyleTags(residualStyleStack, residualStyleInMalformedTable);
+ reopenResidualStyleTags(residualStyleStack, malformedTableParent);
}
void KHTMLParser::popOneBlock(bool delBlock)
diff --git a/WebCore/khtml/html/htmlparser.h b/WebCore/khtml/html/htmlparser.h
index 4f2a113..76dec7a 100644
--- a/WebCore/khtml/html/htmlparser.h
+++ b/WebCore/khtml/html/htmlparser.h
@@ -130,7 +130,7 @@ protected:
bool isResidualStyleTag(int _id);
bool isAffectedByResidualStyle(int _id);
void handleResidualStyleCloseTagAcrossBlocks(HTMLStackElem* elem);
- void reopenResidualStyleTags(HTMLStackElem* elem, bool inMalformedTable);
+ void reopenResidualStyleTags(HTMLStackElem* elem, DOM::NodeImpl* malformedTableParent);
bool allowNestedRedundantTag(int _id);
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list