-
bweinstein@apple.com authored
https://bugs.webkit.org/show_bug.cgi?id=34182 <rdar://7087757> Reviewed by Jon Honeycutt. Added bounds checks in RenderMenuList to make sure we are not making an out of bounds check in a vector once an option element has been deleted. If we are out of bounds, we fall back to a default value and return early, and in the case of itemStyle, we use a previous option's style, if it is available. * manual-tests/select-delete-item.html: Added. * rendering/RenderMenuList.cpp: (WebCore::RenderMenuList::itemText): If out of bounds check, return early. (WebCore::RenderMenuList::itemToolTip): Ditto. (WebCore::RenderMenuList::itemIsEnabled): Ditto. (WebCore::RenderMenuList::itemStyle): If out of bounds check, try using the 0th index option style, then fall back to the select's style if that option doesn't exist. (WebCore::RenderMenuList::itemBackgroundColor): If out of bounds check, return early. (WebCore::RenderMenuList::itemIsSeparator): Ditto. (WebCore::RenderMenuList::itemIsLabel): Ditto. (WebCore::RenderMenuList::itemIsSelected): Ditto. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53867 268f45cc-cd09-0410-ab3c-d52691b4dbfc
d3515ddf
