-
commit-queue@webkit.org authored
https://bugs.webkit.org/show_bug.cgi?id=94587 Patch by Elliott Sprehn <esprehn@chromium.org> on 2012-09-06 Reviewed by Julien Chaffraix. Source/WebCore: Adds several methods to CounterDirectives and an accessor method to RenderStyle for getting the CounterDirectives by idenfitier and uses those methods to clean up the code in StyleBuilder and RenderCounter. This also switches to using AtomicString directly instead of AtomicStringImpl and calling get() everywhere. The refactor fixes the unitialized read in WKBug 94642. Test: fast/css/counters/counter-reset-inherit-bug-94642.html * css/CSSComputedStyleDeclaration.cpp: (WebCore::counterToCSSValue): Use new accessors. * css/StyleBuilder.cpp: (WebCore::ApplyPropertyCounter::applyInheritValue): Use new inherit methods. (WebCore::ApplyPropertyCounter::applyValue): Use new setters. * rendering/RenderCounter.cpp: (WebCore): (WebCore::planCounter): (WebCore::makeCounterNode): (WebCore::destroyCounterNodeWithoutMapRemoval): (WebCore::RenderCounter::destroyCounterNodes): (WebCore::RenderCounter::destroyCounterNode): (WebCore::updateCounters): (WebCore::RenderCounter::rendererStyleChanged): (showCounterRendererTree): * rendering/style/CounterDirectives.cpp: (WebCore::operator==): * rendering/style/CounterDirectives.h: Added new accessors and switched to using AtomicString directly. (CounterDirectives): (WebCore::CounterDirectives::CounterDirectives): (WebCore::CounterDirectives::isReset): (WebCore::CounterDirectives::resetValue): (WebCore::CounterDirectives::setResetValue): (WebCore::CounterDirectives::clearReset): (WebCore::CounterDirectives::inheritReset): (WebCore::CounterDirectives::isIncrement): (WebCore::CounterDirectives::incrementValue): (WebCore::CounterDirectives::addIncrementValue): (WebCore::CounterDirectives::clearIncrement): (WebCore::CounterDirectives::inheritIncrement): (WebCore::CounterDirectives::isDefined): If either reset or increment is used. (WebCore::CounterDirectives::combinedValue): Combined local value of the counter. (WebCore): * rendering/style/RenderStyle.cpp: (WebCore::RenderStyle::getCounterDirectives): New method which always returns a CounterDirectives instance by identifier. (WebCore): * rendering/style/RenderStyle.h: LayoutTests: Tests for bug 94642 exposing an unitialized read when using counter-reset and counter-increment: inherit. * fast/css/counters/counter-reset-inherit-bug-94642-expected.html: Added. * fast/css/counters/counter-reset-inherit-bug-94642.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127826 268f45cc-cd09-0410-ab3c-d52691b4dbfc
commit-queue@webkit.org authoredhttps://bugs.webkit.org/show_bug.cgi?id=94587 Patch by Elliott Sprehn <esprehn@chromium.org> on 2012-09-06 Reviewed by Julien Chaffraix. Source/WebCore: Adds several methods to CounterDirectives and an accessor method to RenderStyle for getting the CounterDirectives by idenfitier and uses those methods to clean up the code in StyleBuilder and RenderCounter. This also switches to using AtomicString directly instead of AtomicStringImpl and calling get() everywhere. The refactor fixes the unitialized read in WKBug 94642. Test: fast/css/counters/counter-reset-inherit-bug-94642.html * css/CSSComputedStyleDeclaration.cpp: (WebCore::counterToCSSValue): Use new accessors. * css/StyleBuilder.cpp: (WebCore::ApplyPropertyCounter::applyInheritValue): Use new inherit methods. (WebCore::ApplyPropertyCounter::applyValue): Use new setters. * rendering/RenderCounter.cpp: (WebCore): (WebCore::planCounter): (WebCore::makeCounterNode): (WebCore::destroyCounterNodeWithoutMapRemoval): (WebCore::RenderCounter::destroyCounterNodes): (WebCore::RenderCounter::destroyCounterNode): (WebCore::updateCounters): (WebCore::RenderCounter::rendererStyleChanged): (showCounterRendererTree): * rendering/style/CounterDirectives.cpp: (WebCore::operator==): * rendering/style/CounterDirectives.h: Added new accessors and switched to using AtomicString directly. (CounterDirectives): (WebCore::CounterDirectives::CounterDirectives): (WebCore::CounterDirectives::isReset): (WebCore::CounterDirectives::resetValue): (WebCore::CounterDirectives::setResetValue): (WebCore::CounterDirectives::clearReset): (WebCore::CounterDirectives::inheritReset): (WebCore::CounterDirectives::isIncrement): (WebCore::CounterDirectives::incrementValue): (WebCore::CounterDirectives::addIncrementValue): (WebCore::CounterDirectives::clearIncrement): (WebCore::CounterDirectives::inheritIncrement): (WebCore::CounterDirectives::isDefined): If either reset or increment is used. (WebCore::CounterDirectives::combinedValue): Combined local value of the counter. (WebCore): * rendering/style/RenderStyle.cpp: (WebCore::RenderStyle::getCounterDirectives): New method which always returns a CounterDirectives instance by identifier. (WebCore): * rendering/style/RenderStyle.h: LayoutTests: Tests for bug 94642 exposing an unitialized read when using counter-reset and counter-increment: inherit. * fast/css/counters/counter-reset-inherit-bug-94642-expected.html: Added. * fast/css/counters/counter-reset-inherit-bug-94642.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127826 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Loading