-
macpherson@chromium.org authored
Fix null pointer dereference when CSSParser::sinkFloatingValueList() returns null and is passed to storeVariableDeclaration(). https://bugs.webkit.org/show_bug.cgi?id=92461 Reviewed by Eric Seidel. Source/WebCore: Invalid variable lists could cause CSSGrammar.y to pass null as value to storeVariableDeclaration, so we now check for null. Test: fast/css/variables/invalid-value-list-crash.html * css/CSSParser.cpp: (WebCore::CSSParser::storeVariableDeclaration): LayoutTests: Test case that causes CSSParser::storeVariableDeclaration to be passed a null value. * fast/css/variables/invalid-value-list-crash-expected.txt: Added. * fast/css/variables/invalid-value-list-crash.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@124723 268f45cc-cd09-0410-ab3c-d52691b4dbfc
5b9fee66