[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.2.2-27-g91dab87

Gustavo Noronha Silva gns at gnome.org
Thu Jul 15 21:13:39 UTC 2010 

The following commit has been merged in the webkit-1.2 branch:
commit 2fd25ce463505fcbc4f99f8734e9015f840c82c5
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri May 14 22:14:46 2010 +0000

    2010-05-14  Abhishek Arya  <inferno at chromium.org>
    
            Reviewed by David Hyatt.
    
            Tests that large colspan in a fixed table layout does not result in crash.
            https://bugs.webkit.org/show_bug.cgi?id=38261
    
            * fast/table/fixed-table-layout-large-colspan-crash-expected.txt: Added.
            * fast/table/fixed-table-layout-large-colspan-crash.html: Added.
    2010-05-14  Abhishek Arya  <inferno at chromium.org>
    
            Reviewed by David Hyatt.
    
            Move the m_width(Length) and m_columns(RenderTable::ColumnStruct)
            vector out-of-bounds check out of the ASSERT into the main code.
            https://bugs.webkit.org/show_bug.cgi?id=38261
    
            Test: fast/table/fixed-table-layout-large-colspan-crash.html
    
            * rendering/FixedTableLayout.cpp:
            (WebCore::FixedTableLayout::calcWidthArray):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@59495 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index ac5177c..e0f769e 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-05-14  Abhishek Arya  <inferno at chromium.org>
+
+        Reviewed by David Hyatt.
+
+        Tests that large colspan in a fixed table layout does not result in crash.
+        https://bugs.webkit.org/show_bug.cgi?id=38261
+
+        * fast/table/fixed-table-layout-large-colspan-crash-expected.txt: Added.
+        * fast/table/fixed-table-layout-large-colspan-crash.html: Added.
+
 2010-05-21  Beth Dakin  <bdakin at apple.com>
 
         Reviewed by Darin Adler.
diff --git a/LayoutTests/fast/table/fixed-table-layout-large-colspan-crash-expected.txt b/LayoutTests/fast/table/fixed-table-layout-large-colspan-crash-expected.txt
new file mode 100644
index 0000000..aaf5825
--- /dev/null
+++ b/LayoutTests/fast/table/fixed-table-layout-large-colspan-crash-expected.txt
@@ -0,0 +1,4 @@
+Tests that large colspan in a fixed table layout does not result in crash.
+
+PASS
+
diff --git a/LayoutTests/fast/table/fixed-table-layout-large-colspan-crash.html b/LayoutTests/fast/table/fixed-table-layout-large-colspan-crash.html
new file mode 100644
index 0000000..855dd85
--- /dev/null
+++ b/LayoutTests/fast/table/fixed-table-layout-large-colspan-crash.html
@@ -0,0 +1,26 @@
+<html>
+<head>
+<style type="text/css">
+table {
+    table-layout: fixed;
+    width: 15px;
+}
+</style>
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+function finish() {
+    document.getElementById("result").innerHTML = "PASS";
+}
+</script>
+</head>
+<body onload="finish()">
+<p>Tests that large colspan in a fixed table layout does not result in crash.</p>
+<div id=result></div>
+<table>
+<td colspan="1923138113">
+</td>
+</table>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 08afadb..19a01a2 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,16 @@
+2010-05-14  Abhishek Arya  <inferno at chromium.org>
+
+        Reviewed by David Hyatt.
+
+        Move the m_width(Length) and m_columns(RenderTable::ColumnStruct)
+        vector out-of-bounds check out of the ASSERT into the main code.
+        https://bugs.webkit.org/show_bug.cgi?id=38261
+
+        Test: fast/table/fixed-table-layout-large-colspan-crash.html
+
+        * rendering/FixedTableLayout.cpp:
+        (WebCore::FixedTableLayout::calcWidthArray):
+
 2010-05-21  Beth Dakin  <bdakin at apple.com>
 
         Reviewed by Darin Adler.
diff --git a/WebCore/rendering/FixedTableLayout.cpp b/WebCore/rendering/FixedTableLayout.cpp
index 09af518..4d6b88c 100644
--- a/WebCore/rendering/FixedTableLayout.cpp
+++ b/WebCore/rendering/FixedTableLayout.cpp
@@ -166,8 +166,7 @@ int FixedTableLayout::calcWidthArray(int)
                 
                 int usedSpan = 0;
                 int i = 0;
-                while (usedSpan < span) {
-                    ASSERT(cCol + i < nEffCols);
+                while (usedSpan < span && cCol + i < nEffCols) {
                     int eSpan = m_table->spanOfEffCol(cCol + i);
                     // Only set if no col element has already set it.
                     if (m_width[cCol + i].isAuto() && w.type() != Auto) {

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list