review.tizen.org Git - profile/ivi/webkit-efl.git/commit

Crash in -webkit-calc
https://bugs.webkit.org/show_bug.cgi?id=86954

Reviewed by Abhishek Arya.

Source/WebCore:

Ensure that both ends of a blend are checked for being Calculated. The current
check did not cover the case where the 'from' end was Calculated and nonzero,
and the 'to' end was zero and not Calculated.

Blending doesn't work with calculated expressions and is being tracked in
bug http://webkit.org/b/86160

Tests: css3/calc/transition-crash3.html
css3/calc/transition-crash4.html

* platform/Length.h:
(WebCore::Length::blend):

LayoutTests:

* css3/calc/transition-crash3-expected.txt: Added.
* css3/calc/transition-crash3.html: Added.
* css3/calc/transition-crash4-expected.txt: Added.
* css3/calc/transition-crash4.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@117748 268f45cc-cd09-0410-ab3c-d52691b4dbfc

author	mikelawther@chromium.org <mikelawther@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Mon, 21 May 2012 08:49:27 +0000 (08:49 +0000)
committer	mikelawther@chromium.org <mikelawther@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Mon, 21 May 2012 08:49:27 +0000 (08:49 +0000)
commit	b0f779c1496a5148c2c616b528d37a124a3f8155
tree	2a6b342403de9c94490d27bc2db9e74a9ff8e7b7	tree \| snapshot
parent	fea23878aa73d8ba5be86671bb100a6f51758436	commit \| diff

LayoutTests/ChangeLog		diff \| blob \| history
LayoutTests/css3/calc/transition-crash3-expected.txt	[new file with mode: 0644]	blob
LayoutTests/css3/calc/transition-crash3.html	[new file with mode: 0644]	blob
LayoutTests/css3/calc/transition-crash4-expected.txt	[new file with mode: 0644]	blob
LayoutTests/css3/calc/transition-crash4.html	[new file with mode: 0644]	blob
Source/WebCore/ChangeLog		diff \| blob \| history
Source/WebCore/platform/Length.h		diff \| blob \| history