Bug 21011

Summary:

Need to clean up fix in PropertyWrapperGetter::equals a bit (and add test case)

Product:

WebKit

Reporter:

Chris Marrin <cmarrin>

Component:

CSS

Assignee:

Chris Marrin <cmarrin>

Status:

RESOLVED FIXED

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

Mac

OS:

OS X 10.5

Attachments:

Description	Flags
Patch, including LayoutTest file	eric: review+

Chris Marrin

Reported 2008-09-22 16:24:19 PDT

The fix in changelist 36703 has one remaining problem. The test: if ((!a || !b) && b != a) will fall through in the case where both a and b are null, causing a crash in the deref on the next line. There is no evidence that it is possible for this to happen, but I think the patch I have submitted is a bit safer. The patch also includes a testcase for the crash.

Attachments
Patch, including LayoutTest file (5.03 KB, patch) 2008-09-22 16:27 PDT, Chris Marrin	eric: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Chris Marrin

Comment 1 2008-09-22 16:27:39 PDT

Created attachment 23681 [details] Patch, including LayoutTest file

Eric Seidel (no email)

Comment 2 2008-09-24 15:33:55 PDT

Comment on attachment 23681 [details] Patch, including LayoutTest file if (!a && !b || a == b) is redundant. if (!a && !b) should be sufficient. Another way to write this woudl be: if (!a || !b) return (a == b); but I think the two ifs as you've written it is more clear (After removing the redundancy).

Simon Fraser (smfr)

Comment 3 2008-09-29 14:25:01 PDT

Committed r37076 M WebCore/ChangeLog M WebCore/page/animation/CompositeAnimation.cpp M WebCore/page/animation/AnimationBase.cpp M LayoutTests/ChangeLog A LayoutTests/transitions/override-transition-crash-expected.txt A LayoutTests/transitions/override-transition-crash.html r37076 = ff91302a8b84e30eec65022e68b48301e3dac305 (trunk)

Note You need to log in before you can comment on or make changes to this bug.