RESOLVED FIXED 90240
DOMHTMLCollection::item may return a wrong element after namedItem is called 
https://bugs.webkit.org/show_bug.cgi?id=90240
Summary DOMHTMLCollection::item may return a wrong element after namedItem is called
Ryosuke Niwa
Reported 2012-06-28 20:19:49 PDT
DOMHTMLCollection::item may return a wrong element after namedItem is called
Attachments
Fixes the bug (15.71 KB, patch)
2012-06-28 20:22 PDT, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
Fixed the bug (16.01 KB, patch)
2012-06-28 23:20 PDT, Ryosuke Niwa 		koivisto: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2012-06-28 20:22:20 PDT
Created attachment 150071 [details] Fixes the bug
Ryosuke Niwa
Comment 2 2012-06-28 20:45:35 PDT
Comment on attachment 150071 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=150071&action=review > Source/WebCore/html/HTMLCollection.cpp:285 > m_cache.current = 0; I guess I should have removed this line as well (it'll degrade the performance to some extent and needs to be removed in the bug 90118 but doesn't introduce any incorrect behavior).
Antti Koivisto
Comment 3 2012-06-28 22:33:23 PDT
Comment on attachment 150071 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=150071&action=review > Source/WebCore/html/HTMLCollection.cpp:275 > + unsigned i = 0; > for (Element* e = itemAfter(0); e; e = itemAfter(e)) { > if (checkForNameMatch(e, /* checkName */ false, name)) { > m_cache.current = e; > + m_cache.position = i; > return e; > } > } > > + i = 0; You are not incrementing i.
Ryosuke Niwa
Comment 4 2012-06-28 23:20:06 PDT
Created attachment 150089 [details] Fixed the bug
Antti Koivisto
Comment 5 2012-06-28 23:25:55 PDT
Comment on attachment 150089 [details] Fixed the bug r=me. nice API test!
Ryosuke Niwa
Comment 6 2012-06-28 23:38:46 PDT
Committed r121521: <http://trac.webkit.org/changeset/121521>
Alexey Proskuryakov
Comment 7 2012-06-29 00:00:25 PDT
Nice!
Note You need to log in before you can comment on or make changes to this bug.