From 2e9f1a919230f619ab97370d0943d1306a9008bf Mon Sep 17 00:00:00 2001 From: "apavlov@chromium.org" Date: Tue, 3 Jul 2012 14:44:19 +0000 Subject: [PATCH] [REGRESSION] Crash when copying a StyleRuleMedia with a NULL m_mediaQueries https://bugs.webkit.org/show_bug.cgi?id=90459 Reviewed by Andreas Kling. Source/WebCore: Create StyleRuleMedia with a non-NULL MediaQuerySet. The respective NULL checks for it were all over the code, except the copy constructor. Added the check, just in case. * css/CSSParser.cpp: (WebCore::CSSParser::createMediaRule): * css/StyleRule.cpp: (WebCore::StyleRuleMedia::StyleRuleMedia): LayoutTests: * inspector/styles/get-set-stylesheet-text-expected.txt: * inspector/styles/resources/get-set-stylesheet-text.css: (@media): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121764 268f45cc-cd09-0410-ab3c-d52691b4dbfc --- LayoutTests/ChangeLog | 11 +++++++++++ .../inspector/styles/get-set-stylesheet-text-expected.txt | 4 ++++ .../styles/resources/get-set-stylesheet-text.css | 4 ++++ Source/WebCore/ChangeLog | 15 +++++++++++++++ Source/WebCore/css/CSSParser.cpp | 4 ++-- Source/WebCore/css/StyleRule.cpp | 3 ++- 6 files changed, 38 insertions(+), 3 deletions(-) diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog index f23cdda..7df831e 100644 --- a/LayoutTests/ChangeLog +++ b/LayoutTests/ChangeLog @@ -1,3 +1,14 @@ +2012-07-03 Alexander Pavlov + + [REGRESSION] Crash when copying a StyleRuleMedia with a NULL m_mediaQueries + https://bugs.webkit.org/show_bug.cgi?id=90459 + + Reviewed by Andreas Kling. + + * inspector/styles/get-set-stylesheet-text-expected.txt: + * inspector/styles/resources/get-set-stylesheet-text.css: + (@media): + 2012-07-03 Andrey Kosyakov Web Inspector: display time intervals measured with console.time() and console.timeEnd() in Timeline diff --git a/LayoutTests/inspector/styles/get-set-stylesheet-text-expected.txt b/LayoutTests/inspector/styles/get-set-stylesheet-text-expected.txt index a8136de..be52d0d 100644 --- a/LayoutTests/inspector/styles/get-set-stylesheet-text-expected.txt +++ b/LayoutTests/inspector/styles/get-set-stylesheet-text-expected.txt @@ -16,6 +16,10 @@ body { color: "badcolor" ! important /* good property with strange value */; } +@media { + /* @media rule with an empty media list */ +} + /* comment before selector */body.main1/* comment after selector */{/* comment */color: #F00BAA;zoo:moo /* not an !important unrecognized property */}/* comment */ body.main2{background: green /* value !important comment */ !important /* no semicolon, very !important */} diff --git a/LayoutTests/inspector/styles/resources/get-set-stylesheet-text.css b/LayoutTests/inspector/styles/resources/get-set-stylesheet-text.css index 45210e3..ee26de8 100644 --- a/LayoutTests/inspector/styles/resources/get-set-stylesheet-text.css +++ b/LayoutTests/inspector/styles/resources/get-set-stylesheet-text.css @@ -9,6 +9,10 @@ body { color: "badcolor" ! important /* good property with strange value */; } +@media { + /* @media rule with an empty media list */ +} + /* comment before selector */body.main1/* comment after selector */{/* comment */color: #F00BAA;zoo:moo /* not an !important unrecognized property */}/* comment */ body.main2{background: green /* value !important comment */ !important /* no semicolon, very !important */} diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog index ea9b4bb..6593018 100644 --- a/Source/WebCore/ChangeLog +++ b/Source/WebCore/ChangeLog @@ -1,3 +1,18 @@ +2012-07-03 Alexander Pavlov + + [REGRESSION] Crash when copying a StyleRuleMedia with a NULL m_mediaQueries + https://bugs.webkit.org/show_bug.cgi?id=90459 + + Reviewed by Andreas Kling. + + Create StyleRuleMedia with a non-NULL MediaQuerySet. The respective NULL checks for it were all over the code, + except the copy constructor. Added the check, just in case. + + * css/CSSParser.cpp: + (WebCore::CSSParser::createMediaRule): + * css/StyleRule.cpp: + (WebCore::StyleRuleMedia::StyleRuleMedia): + 2012-07-03 Andrey Kosyakov Web Inspector: display time intervals measured with console.time() and console.timeEnd() in Timeline diff --git a/Source/WebCore/css/CSSParser.cpp b/Source/WebCore/css/CSSParser.cpp index ba1c658..5060331 100644 --- a/Source/WebCore/css/CSSParser.cpp +++ b/Source/WebCore/css/CSSParser.cpp @@ -9401,10 +9401,10 @@ StyleRuleBase* CSSParser::createMediaRule(MediaQuerySet* media, RuleList* rules) m_allowImportRules = m_allowNamespaceDeclarations = false; RefPtr rule; if (rules) - rule = StyleRuleMedia::create(media, *rules); + rule = StyleRuleMedia::create(media ? media : MediaQuerySet::create(), *rules); else { RuleList emptyRules; - rule = StyleRuleMedia::create(media, emptyRules); + rule = StyleRuleMedia::create(media ? media : MediaQuerySet::create(), emptyRules); } StyleRuleMedia* result = rule.get(); m_parsedRules.append(rule.release()); diff --git a/Source/WebCore/css/StyleRule.cpp b/Source/WebCore/css/StyleRule.cpp index 20b2905..3427f05 100644 --- a/Source/WebCore/css/StyleRule.cpp +++ b/Source/WebCore/css/StyleRule.cpp @@ -285,8 +285,9 @@ StyleRuleMedia::StyleRuleMedia(PassRefPtr media, Vectorcopy()) { + if (o.m_mediaQueries) + m_mediaQueries = o.m_mediaQueries->copy(); } StyleRuleRegion::StyleRuleRegion(Vector >* selectors, Vector >& adoptRules) -- 2.7.4