Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(71)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/css/StyleSheetContents.cpp

Issue 2459843002: Copy m_namespaceRules when copying StyleSheetContents to avoid crashing. (Closed)
Patch Set: Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/WebKit/LayoutTests/fast/css/access-namespace-rule-after-delete-rule-crash.html ('K') | « third_party/WebKit/Source/core/css/StyleRuleNamespace.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * (C) 1999-2003 Lars Knoll (knoll@kde.org) 2 * (C) 1999-2003 Lars Knoll (knoll@kde.org)
3 * Copyright (C) 2004, 2006, 2007, 2012 Apple Inc. All rights reserved. 3 * Copyright (C) 2004, 2006, 2007, 2012 Apple Inc. All rights reserved.
4 * 4 *
5 * This library is free software; you can redistribute it and/or 5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Library General Public 6 * modify it under the terms of the GNU Library General Public
7 * License as published by the Free Software Foundation; either 7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version. 8 * version 2 of the License, or (at your option) any later version.
9 * 9 *
10 * This library is distributed in the hope that it will be useful, 10 * This library is distributed in the hope that it will be useful,
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after
85 m_isMutable(false), 85 m_isMutable(false),
86 m_hasFontFaceRule(o.m_hasFontFaceRule), 86 m_hasFontFaceRule(o.m_hasFontFaceRule),
87 m_hasViewportRule(o.m_hasViewportRule), 87 m_hasViewportRule(o.m_hasViewportRule),
88 m_hasMediaQueries(o.m_hasMediaQueries), 88 m_hasMediaQueries(o.m_hasMediaQueries),
89 m_hasSingleOwnerDocument(true), 89 m_hasSingleOwnerDocument(true),
90 m_isUsedFromTextCache(false), 90 m_isUsedFromTextCache(false),
91 m_parserContext(o.m_parserContext) { 91 m_parserContext(o.m_parserContext) {
92 // FIXME: Copy import rules. 92 // FIXME: Copy import rules.
93 ASSERT(o.m_importRules.isEmpty()); 93 ASSERT(o.m_importRules.isEmpty());
94 94
95 for (unsigned i = 0; i < m_namespaceRules.size(); ++i) {
96 m_namespaceRules[i] =
97 static_cast<StyleRuleNamespace*>(o.m_namespaceRules[i]->copy());
98 }
99
95 for (unsigned i = 0; i < m_childRules.size(); ++i) 100 for (unsigned i = 0; i < m_childRules.size(); ++i)
96 m_childRules[i] = o.m_childRules[i]->copy(); 101 m_childRules[i] = o.m_childRules[i]->copy();
97 } 102 }
98 103
99 StyleSheetContents::~StyleSheetContents() {} 104 StyleSheetContents::~StyleSheetContents() {}
100 105
101 void StyleSheetContents::setHasSyntacticallyValidCSSHeader(bool isValidCss) { 106 void StyleSheetContents::setHasSyntacticallyValidCSSHeader(bool isValidCss) {
102 m_hasSyntacticallyValidCSSHeader = isValidCss; 107 m_hasSyntacticallyValidCSSHeader = isValidCss;
103 } 108 }
104 109
(...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after
267 index -= m_namespaceRules.size(); 272 index -= m_namespaceRules.size();
268 273
269 m_childRules.insert(index, rule); 274 m_childRules.insert(index, rule);
270 return true; 275 return true;
271 } 276 }
272 277
273 bool StyleSheetContents::wrapperDeleteRule(unsigned index) { 278 bool StyleSheetContents::wrapperDeleteRule(unsigned index) {
274 ASSERT(m_isMutable); 279 ASSERT(m_isMutable);
275 ASSERT_WITH_SECURITY_IMPLICATION(index < ruleCount()); 280 ASSERT_WITH_SECURITY_IMPLICATION(index < ruleCount());
276 281
282 StyleRuleNamespace* test;
283 test = m_namespaceRules[0].get();
rune 2016/10/28 07:41:16 What's this for?
meade_UTC10 2016/10/31 01:32:53 Oops, removed.
277 if (index < m_importRules.size()) { 284 if (index < m_importRules.size()) {
278 m_importRules[index]->clearParentStyleSheet(); 285 m_importRules[index]->clearParentStyleSheet();
279 if (m_importRules[index]->isFontFaceRule()) 286 if (m_importRules[index]->isFontFaceRule())
280 notifyRemoveFontFaceRule(toStyleRuleFontFace(m_importRules[index].get())); 287 notifyRemoveFontFaceRule(toStyleRuleFontFace(m_importRules[index].get()));
281 m_importRules.remove(index); 288 m_importRules.remove(index);
282 return true; 289 return true;
283 } 290 }
284 index -= m_importRules.size(); 291 index -= m_importRules.size();
285 292
286 if (index < m_namespaceRules.size()) { 293 if (index < m_namespaceRules.size()) {
(...skipping 379 matching lines...) Expand 10 before | Expand all | Expand 10 after
666 visitor->trace(m_importRules); 673 visitor->trace(m_importRules);
667 visitor->trace(m_namespaceRules); 674 visitor->trace(m_namespaceRules);
668 visitor->trace(m_childRules); 675 visitor->trace(m_childRules);
669 visitor->trace(m_loadingClients); 676 visitor->trace(m_loadingClients);
670 visitor->trace(m_completedClients); 677 visitor->trace(m_completedClients);
671 visitor->trace(m_ruleSet); 678 visitor->trace(m_ruleSet);
672 visitor->trace(m_referencedFromResource); 679 visitor->trace(m_referencedFromResource);
673 } 680 }
674 681
675 } // namespace blink 682 } // namespace blink
OLDNEW
« third_party/WebKit/LayoutTests/fast/css/access-namespace-rule-after-delete-rule-crash.html ('K') | « third_party/WebKit/Source/core/css/StyleRuleNamespace.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698