diff options
author | Simon Hausmann <simon.hausmann@nokia.com> | 2009-06-16 12:20:08 (GMT) |
---|---|---|
committer | Simon Hausmann <simon.hausmann@nokia.com> | 2009-06-16 12:20:08 (GMT) |
commit | dd1e63d850682947bcbb4b78efa08f8e9318dcf0 (patch) | |
tree | 44b6da30e5e3501be8450997023a79f3dddc476b | |
parent | 858c70f768eeb2d65cefd4115f4e9089b588b2d0 (diff) | |
download | Qt-dd1e63d850682947bcbb4b78efa08f8e9318dcf0.zip Qt-dd1e63d850682947bcbb4b78efa08f8e9318dcf0.tar.gz Qt-dd1e63d850682947bcbb4b78efa08f8e9318dcf0.tar.bz2 |
Backported WebKit SVG revisions (r43590, r43795) from the trunk
Reviewed-by: Ariya
-rw-r--r-- | dist/changes-4.5.2 | 1 | ||||
-rw-r--r-- | src/3rdparty/webkit/VERSION | 2 | ||||
-rw-r--r-- | src/3rdparty/webkit/WebCore/ChangeLog | 28 | ||||
-rw-r--r-- | src/3rdparty/webkit/WebCore/svg/SVGList.h | 6 |
4 files changed, 35 insertions, 2 deletions
diff --git a/dist/changes-4.5.2 b/dist/changes-4.5.2 index 8363917..91a7bef 100644 --- a/dist/changes-4.5.2 +++ b/dist/changes-4.5.2 @@ -54,6 +54,7 @@ General Improvements Network (r41664, r42516, r42747) Plugins (r41346, r43550, r43915, r43917, r43923) Clipboard (r41360) + SVG (r43590, r43795) - QAbstractItemView * [250754] Changing the font of the view did not update the size of the diff --git a/src/3rdparty/webkit/VERSION b/src/3rdparty/webkit/VERSION index 7d5d1c5..2be6d53 100644 --- a/src/3rdparty/webkit/VERSION +++ b/src/3rdparty/webkit/VERSION @@ -8,4 +8,4 @@ The commit imported was from the and has the sha1 checksum - 4ee8af9348b3f57d3c0f3575ae0a58336cf07a92 + 44bbcef18007e00c6cfee294640c5cfc9e464aa4 diff --git a/src/3rdparty/webkit/WebCore/ChangeLog b/src/3rdparty/webkit/WebCore/ChangeLog index 072beee..fb31572 100644 --- a/src/3rdparty/webkit/WebCore/ChangeLog +++ b/src/3rdparty/webkit/WebCore/ChangeLog @@ -1,3 +1,31 @@ +2009-05-15 Adam Barth <abarth@webkit.org> + + Reviewed by Oliver Hunt. + + https://bugs.webkit.org/show_bug.cgi?id=25741 + + Append instead of throwing when insertItemBefore gets an out-of-bound + index. + + Test: svg/dom/svglist-insertItemBefore-appends.html + + * svg/SVGList.h: + (WebCore::SVGList::insertItemBefore): + +2009-03-19 Oliver Hunt <oliver@apple.com> + + Reviewed by Darin Adler. + + <rdar://problem/6702386> Incorrect bound check in SVGList::insertItemBefore + + SVGList::insertItemBefore would not perform a bounds check on the + index it was provided, potentially leading to a buffer overflow. + + Test: svg/dom/svglist-exception-on-out-bounds-error.html + + * svg/SVGList.h: + (WebCore::SVGList::insertItemBefore): + 2009-05-19 Kenneth Rohde Christiansen <kenneth.christiansen@openbossa.org> Reviewed by Simon Hausmann. diff --git a/src/3rdparty/webkit/WebCore/svg/SVGList.h b/src/3rdparty/webkit/WebCore/svg/SVGList.h index d4f7641..5381598 100644 --- a/src/3rdparty/webkit/WebCore/svg/SVGList.h +++ b/src/3rdparty/webkit/WebCore/svg/SVGList.h @@ -96,7 +96,11 @@ namespace WebCore { Item insertItemBefore(Item newItem, unsigned int index, ExceptionCode&) { - m_vector.insert(index, newItem); + if (index < m_vector.size()) { + m_vector.insert(index, newItem); + } else { + m_vector.append(newItem); + } return newItem; } |