Skip to site navigation (Press enter)

[webkit-changes] [164783] trunk

reni Thu, 27 Feb 2014 02:12:07 -0800

Title: [164783] trunk

Revision: 164783
Author: r...@webkit.org
Date: 2014-02-27 02:17:22 -0800 (Thu, 27 Feb 2014)

Log Message

Improving containing column block determination
https://bugs.webkit.org/show_bug.cgi?id=125449


Reviewed by Darin Adler.

Source/WebCore:

Making sure that the containing column block of any elements
can not be oneself.

Test: fast/css/crash-on-column-splitting.html

* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::containingColumnsBlock):
(WebCore::RenderBlock::splitFlow):

LayoutTests:

* fast/css/crash-on-column-splitting-expected.txt: Added.
* fast/css/crash-on-column-splitting.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/rendering/RenderBlock.cpp

Added Paths

trunk/LayoutTests/fast/css/crash-on-column-splitting-expected.txt
trunk/LayoutTests/fast/css/crash-on-column-splitting.html

Diff

Modified: trunk/LayoutTests/ChangeLog (164782 => 164783)


--- trunk/LayoutTests/ChangeLog	2014-02-27 09:16:18 UTC (rev 164782)
+++ trunk/LayoutTests/ChangeLog	2014-02-27 10:17:22 UTC (rev 164783)
@@ -1,3 +1,13 @@
+2014-02-27  Renata Hodovan  <rhodovan.u-sze...@partner.samsung.com>
+
+        Improving containing column block determination
+        https://bugs.webkit.org/show_bug.cgi?id=125449
+
+        Reviewed by Darin Adler.
+
+        * fast/css/crash-on-column-splitting-expected.txt: Added.
+        * fast/css/crash-on-column-splitting.html: Added.
+
 2014-02-27  Xabier Rodriguez Calvar  <calva...@igalia.com>
 
         [GTK] Improve _javascript_ multimedia controls

Added: trunk/LayoutTests/fast/css/crash-on-column-splitting-expected.txt (0 => 164783)


--- trunk/LayoutTests/fast/css/crash-on-column-splitting-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/css/crash-on-column-splitting-expected.txt	2014-02-27 10:17:22 UTC (rev 164783)
@@ -0,0 +1,7 @@
+layer at (0,0) size 800x600
+  RenderView at (0,0) size 800x600
+layer at (0,0) size 800x600
+  RenderBlock {HTML} at (0,0) size 800x600
+    RenderBody {BODY} at (8,8) size 784x584
+      RenderText {#text} at (0,0) size 273x17
+        text run at (0,0) width 273: "PASS if it does not crash. See bug 125449."

Added: trunk/LayoutTests/fast/css/crash-on-column-splitting.html (0 => 164783)


--- trunk/LayoutTests/fast/css/crash-on-column-splitting.html	                        (rev 0)
+++ trunk/LayoutTests/fast/css/crash-on-column-splitting.html	2014-02-27 10:17:22 UTC (rev 164783)
@@ -0,0 +1,24 @@
+<html>
+<head>
+	<style type="text/css">
+		.c1 { -webkit-column-width: 1px; }		
+	</style>
+	<script>
+		function afterload() {
+			document.getElementById("details").setAttribute('class', 'c1');
+			document.body.offsetTop;
+			document.getElementById("legend").style["color"] = "red";
+			document.body.innerHTML = "PASS if it does not crash. See bug 125449.";
+		}
+	</script>
+</head>
+<body _onload_="afterload()">
+	<b id="legend">
+		<div class="c1">
+			<details id="details" open>a
+				<summary id="summary" style="-webkit-column-span: all;"></summary>
+			</details>
+		</div>
+	</b>	
+</body>
+</html>
\ No newline at end of file

Modified: trunk/Source/WebCore/ChangeLog (164782 => 164783)


--- trunk/Source/WebCore/ChangeLog	2014-02-27 09:16:18 UTC (rev 164782)
+++ trunk/Source/WebCore/ChangeLog	2014-02-27 10:17:22 UTC (rev 164783)
@@ -1,3 +1,19 @@
+2014-02-27  Renata Hodovan  <rhodovan.u-sze...@partner.samsung.com>
+
+        Improving containing column block determination
+        https://bugs.webkit.org/show_bug.cgi?id=125449
+
+        Reviewed by Darin Adler.
+
+        Making sure that the containing column block of any elements
+        can not be oneself.
+
+        Test: fast/css/crash-on-column-splitting.html
+
+        * rendering/RenderBlock.cpp:
+        (WebCore::RenderBlock::containingColumnsBlock):
+        (WebCore::RenderBlock::splitFlow):
+
 2014-02-27  Xabier Rodriguez Calvar  <calva...@igalia.com>
 
         [GTK] Improve _javascript_ multimedia controls

Modified: trunk/Source/WebCore/rendering/RenderBlock.cpp (164782 => 164783)


--- trunk/Source/WebCore/rendering/RenderBlock.cpp	2014-02-27 09:16:18 UTC (rev 164782)
+++ trunk/Source/WebCore/rendering/RenderBlock.cpp	2014-02-27 10:17:22 UTC (rev 164783)
@@ -465,7 +465,7 @@
 RenderBlock* RenderBlock::containingColumnsBlock(bool allowAnonymousColumnBlock)
 {
     RenderBlock* firstChildIgnoringAnonymousWrappers = 0;
-    for (RenderElement* curr = this; curr; curr = curr->parent()) {
+    for (RenderElement* curr = parent(); curr; curr = curr->parent()) {
         if (!curr->isRenderBlock() || curr->isFloatingOrOutOfFlowPositioned() || curr->isTableCell() || curr->isRoot() || curr->isRenderView() || curr->hasOverflowClip()
             || curr->isInlineBlockOrInlineTable())
             return 0;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes