2011-06-10 Abhishek Arya <inferno@chromium.org>
authorAbhishek Arya <inferno@chromium.org>
Sat, 11 Jun 2011 16:37:59 +0000 (16:37 +0000)
committerAdemar de Souza Reis Jr <ademar.reis@openbossa.org>
Mon, 13 Jun 2011 17:16:13 +0000 (14:16 -0300)
commit196b505b1e941c19fea0cb78f3b3a8cfd4be7670
tree1230437e99708a4bf626083ad61ba645dbac20f0
parentad3c470c52d5c7153507e5d81979a3dac563c785
2011-06-10  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Simon Fraser.

        Null parent element sheet pointers in CSSMutableStyleDeclaration consumers
        when removed from document, set them when reinserted into document.
        https://bugs.webkit.org/show_bug.cgi?id=62230

        When a HTMLBodyElement, StyledElement are removed from document,
        we didn't clear out the parent pointers from their link, style declarations.
        These parent pointers pointed to the document's element sheet which will
        get removed when document is getting destroyed. It does make sense to
        clear out parent pointers when we are getting removed from document and
        readd them when we get inserted again.

        Tests: fast/dom/body-link-decl-parent-crash.html
               fast/dom/styled-inline-style-decl-parent-crash.html

        * dom/StyledElement.cpp:
        (WebCore::StyledElement::insertedIntoDocument):
        (WebCore::StyledElement::removedFromDocument):
        * dom/StyledElement.h:
        * html/HTMLBodyElement.cpp:
        (WebCore::HTMLBodyElement::parseMappedAttribute):
        (WebCore::HTMLBodyElement::insertedIntoDocument):
        (WebCore::HTMLBodyElement::removedFromDocument):
        (WebCore::HTMLBodyElement::didMoveToNewOwnerDocument):
        * html/HTMLBodyElement.h:
2011-06-10  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Simon Fraser.

        Tests that accessing the parent element sheet of an inline style, link
        declaration of styled, body elements which are removed from document,
        does not result in crash.
        https://bugs.webkit.org/show_bug.cgi?id=62230

        * fast/dom/body-link-decl-parent-crash-expected.txt: Added.
        * fast/dom/body-link-decl-parent-crash.html: Added.
        * fast/dom/styled-inline-style-decl-parent-crash-expected.txt: Added.
        * fast/dom/styled-inline-style-decl-parent-crash.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@88601 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/dom/body-link-decl-parent-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/dom/body-link-decl-parent-crash.html [new file with mode: 0644]
LayoutTests/fast/dom/styled-inline-style-decl-parent-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/dom/styled-inline-style-decl-parent-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/dom/StyledElement.cpp
Source/WebCore/dom/StyledElement.h
Source/WebCore/html/HTMLBodyElement.cpp
Source/WebCore/html/HTMLBodyElement.h