Source/WebCore: Crash in Document::recalcStyleSelector
authorAdemar de Souza Reis Jr <ademar.reis@openbossa.org>
Thu, 18 Aug 2011 18:45:59 +0000 (15:45 -0300)
committerAdemar de Souza Reis Jr <ademar.reis@openbossa.org>
Thu, 18 Aug 2011 19:19:02 +0000 (16:19 -0300)
commit964b7e9738b9770e0a6bffd4aa4b9514169f5a21
treeb8feabf04738ace2cd912f4c6a89f47070a59e3c
parent4277f8277b1daf3ec33c996f5a760ccd1113af4b
Source/WebCore: Crash in Document::recalcStyleSelector
https://bugs.webkit.org/show_bug.cgi?id=66335

Author: Abhishek Arya <inferno@chromium.org>
Reviewed by Simon Fraser.

When node is getting destroyed and its removedFromDocument
is not called due to entire document structure torn down(using
removeAllChildren), make sure to clear out the stylesheet
candidate node from document's structures in its destructor.

Test: svg/dom/stylesheet-candidate-node-crash-main.html

* dom/ProcessingInstruction.cpp:
(WebCore::ProcessingInstruction::~ProcessingInstruction):
* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::~HTMLLinkElement):
* html/HTMLStyleElement.cpp:
(WebCore::HTMLStyleElement::~HTMLStyleElement):
* svg/SVGStyleElement.cpp:
(WebCore::SVGStyleElement::~SVGStyleElement):

LayoutTests: Tests that we do not crash when iterating through stylesheet
candidate list hashset.
https://bugs.webkit.org/show_bug.cgi?id=66335

Reviewed by Simon Fraser.

* svg/dom/resources/stylesheet-candidate-node-crash.svg: Added.
* svg/dom/stylesheet-candidate-node-crash-main-expected.txt: Added.
* svg/dom/stylesheet-candidate-node-crash-main.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93227 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Conflicts:

Source/WebCore/html/HTMLLinkElement.cpp
LayoutTests/ChangeLog
LayoutTests/svg/dom/resources/stylesheet-candidate-node-crash.svg [new file with mode: 0644]
LayoutTests/svg/dom/stylesheet-candidate-node-crash-main-expected.txt [new file with mode: 0644]
LayoutTests/svg/dom/stylesheet-candidate-node-crash-main.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/dom/ProcessingInstruction.cpp
Source/WebCore/dom/StyleElement.cpp
Source/WebCore/dom/StyleElement.h
Source/WebCore/html/HTMLLinkElement.cpp
Source/WebCore/html/HTMLStyleElement.cpp
Source/WebCore/svg/SVGStyleElement.cpp