segfault in requiresLineBox at rendering/RenderBlockLineLayout.cpp (#891464)

2013-01-04 07:13:36 -06:00 · 2013-01-04 07:13:36 -06:00 · bea731c670
parent e9d5930dd1
commit bea731c670
2 changed files with 51 additions and 1 deletions
--- a/qtwebkit-webkit72285.patch
+++ b/qtwebkit-webkit72285.patch
@ -0,0 +1,43 @@
+Index: trunk/LayoutTests/fast/inline/inline-destroy-dirty-lines-crash-expected.txt
+===================================================================
+--- trunk/LayoutTests/fast/inline/inline-destroy-dirty-lines-crash-expected.txt	(revision 86060)
+++ trunk/LayoutTests/fast/inline/inline-destroy-dirty-lines-crash-expected.txt	(revision 86060)
+@@ -0,0 +1,2 @@
+Test passes it it does not crash. 
+
+Index: trunk/LayoutTests/fast/inline/inline-destroy-dirty-lines-crash.html
+===================================================================
+--- trunk/LayoutTests/fast/inline/inline-destroy-dirty-lines-crash.html	(revision 86060)
+++ trunk/LayoutTests/fast/inline/inline-destroy-dirty-lines-crash.html	(revision 86060)
+@@ -0,0 +1,19 @@
+<html>
+<body onload="runTest()">
+Test passes it it does not crash.
+<script>
+    if (window.layoutTestController)
+        layoutTestController.dumpAsText();
+
+    function runTest()
+    {
+        document.body.offsetTop;
+        child = document.getElementById('test');
+        child.parentNode.removeChild(child);
+    }
+</script>
+<br>
+<span id="test"></span>
+</body>
+</html>
+
+Index: trunk/Source/WebCore/rendering/RenderInline.cpp
+===================================================================
+--- trunk/Source/WebCore/rendering/RenderInline.cpp	(revision 86059)
+++ trunk/Source/WebCore/rendering/RenderInline.cpp	(revision 86060)
+@@ -100,5 +100,6 @@
+                     box->remove();
+             }
+-        }
+        } else if (parent()) 
+            parent()->dirtyLinesFromChangedChild(this);
+     }
+ 
--- a/qtwebkit.spec
+++ b/qtwebkit.spec
@ -1,7 +1,7 @@

 Name: qtwebkit
 Version: 2.2.2
-Release: 4%{?dist}
+Release: 5%{?dist}
 Summary: Qt WebKit bindings
 Group: System Environment/Libraries
 License: LGPLv2 with exceptions or GPLv3 with exceptions
@ -39,6 +39,9 @@ Patch7: webkit-qtwebkit-ld.gold.patch
 Patch8: qtwebkit-svg_infinite_loop.patch

 ## upstream patches
+# https://bugzilla.redhat.com/891464
+# https://bugs.webkit.org/show_bug.cgi?id=72285
+Patch100: qtwebkit-webkit72285.patch
 Patch102: 0002-JSString-resolveRope-should-report-extra-memory-cost.patch
 Patch103: 0003-Fix-build-with-GLib-2.31.patch
 Patch105: 0005-Fix-build-on-linux-i386-where-gcc-would-produce-warn.patch
@ -94,6 +97,7 @@ Provides:  qt4-webkit-devel%{?_isa} = 2:%{version}-%{release}
 #patch5 -p1 -b .qt46
 %patch7 -p1 -b .ld.gold
 %patch8 -p1 -b .svn_infinite_loop
+%patch100 -p1 -b .webkit72285
 %patch102 -p1 -b .0002
 %patch103 -p1 -b .0003
 %patch105 -p1 -b .0005
@ -149,6 +153,9 @@ rm -rf %{buildroot}


 %changelog
+* Fri Jan 04 2013 Rex Dieter <rdieter@fedoraproject.org> 2.2.2-5
+- segfault in requiresLineBox at rendering/RenderBlockLineLayout.cpp (#891464)
+
 * Mon Dec 24 2012 Rex Dieter <rdieter@fedoraproject.org> 2.2.2-4
 - switch to upstream versions of some patches