Google Git
Sign in
webkit / WebKit / 05fa0d538694178adadaf58bb3e25b3fa8cf9d4b
commit05fa0d538694178adadaf58bb3e25b3fa8cf9d4b[log] [tgz]
authorjoone.hur@intel.com <joone.hur@intel.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Tue Oct 22 00:29:46 2013 +0000
committerjoone.hur@intel.com <joone.hur@intel.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Tue Oct 22 00:29:46 2013 +0000
tree3e1976a77d415c5c440d5cb841783e103da7b53c
parent167e177f936376a402e2d7966a879d83d24bc6f0 [diff]
Bad cast with toRenderBoxModelObject in RenderBlock::updateFirstLetter()
https://bugs.webkit.org/show_bug.cgi?id=123013

Reviewed by Andreas Kling.

No new tests because this was reported by Google ClusterFuzz.
https://codereview.chromium.org/25713009/

There is a case that toRenderBoxModelObject causes a crash in RenderBlock::updateFirstLetter()
due to bad cast, so we need to check whether the RenderObject is a RenderBoxModelObject
by running isBoxModelObject() before calling toRenderBoxModelObject.

* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::updateFirstLetter):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157768 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2 files changed
tree: 3e1976a77d415c5c440d5cb841783e103da7b53c
  1. Examples/
  2. LayoutTests/
  3. ManualTests/
  4. PerformanceTests/
  5. Source/
  6. Tools/
  7. WebKit.xcworkspace/
  8. WebKitLibraries/
  9. Websites/
  10. .dir-locals.el
  11. .gitattributes
  12. .gitignore
  13. autogen.sh
  14. ChangeLog
  15. ChangeLog-2012-05-22
  16. CMakeLists.txt
  17. configure.ac
  18. GNUmakefile.am
  19. Makefile
  20. Makefile.shared