Title: [148450] branches/safari-536.30-branch
- Revision
- 148450
- Author
- roger_f...@apple.com
- Date
- 2013-04-15 10:59:50 -0700 (Mon, 15 Apr 2013)
Log Message
Merge r142922, <rdar://problem/13334860>
Modified Paths
Added Paths
Diff
Modified: branches/safari-536.30-branch/LayoutTests/ChangeLog (148449 => 148450)
--- branches/safari-536.30-branch/LayoutTests/ChangeLog 2013-04-15 17:52:01 UTC (rev 148449)
+++ branches/safari-536.30-branch/LayoutTests/ChangeLog 2013-04-15 17:59:50 UTC (rev 148450)
@@ -1,5 +1,19 @@
2013-04-15 Roger Fong <roger_f...@apple.com>
+ Merge r142922.
+
+ 2013-02-14 Abhishek Arya <infe...@chromium.org>
+
+ Bad cast in RenderBlock::splitBlocks.
+ https://bugs.webkit.org/show_bug.cgi?id=108691
+
+ Reviewed by Levi Weintraub.
+
+ * fast/multicol/remove-child-split-flow-crash-expected.txt: Added.
+ * fast/multicol/remove-child-split-flow-crash.html: Added.
+
+2013-04-15 Roger Fong <roger_f...@apple.com>
+
Merge r138988.
2013-01-07 Abhishek Arya <infe...@chromium.org>
@@ -1087,10 +1101,10 @@
2013-02-06 Lucas Forschler <lforsch...@apple.com>
- <rdar://problem/12967921>
- Update test results.
-
- Reviewed by Enrica Casucci.
+ <rdar://problem/12967921>
+ Update test results.
+
+ Reviewed by Enrica Casucci.
* editing/pasteboard/paste-noscript-xhtml-expected.txt:
Added: branches/safari-536.30-branch/LayoutTests/fast/multicol/remove-child-split-flow-crash-expected.txt (0 => 148450)
--- branches/safari-536.30-branch/LayoutTests/fast/multicol/remove-child-split-flow-crash-expected.txt (rev 0)
+++ branches/safari-536.30-branch/LayoutTests/fast/multicol/remove-child-split-flow-crash-expected.txt 2013-04-15 17:59:50 UTC (rev 148450)
@@ -0,0 +1,2 @@
+Test passes if it does not crash.
+
Added: branches/safari-536.30-branch/LayoutTests/fast/multicol/remove-child-split-flow-crash.html (0 => 148450)
--- branches/safari-536.30-branch/LayoutTests/fast/multicol/remove-child-split-flow-crash.html (rev 0)
+++ branches/safari-536.30-branch/LayoutTests/fast/multicol/remove-child-split-flow-crash.html 2013-04-15 17:59:50 UTC (rev 148450)
@@ -0,0 +1,38 @@
+<!DOCTYPE html>
+<html>
+Test passes if it does not crash.
+<style>
+.class1 { -webkit-column-span: all; }
+.class2 { -webkit-column-width: 1px; }
+.class3 { display: inline-block; }
+.class4 { section; -webkit-column-span: all; }
+</style>
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+
+function crash() {
+ i1 = document.createElement('i');
+ document.documentElement.appendChild(i1);
+ i2 = document.createElement('i');
+ i1.appendChild(i2);
+ div1 = document.createElement('div');
+ div2 = document.createElement('div');
+ div2.setAttribute('class', 'class3');
+ i3 = document.createElement('i');
+ div3 = document.createElement('div');
+ div3.setAttribute('class', 'class1');
+ div4 = document.createElement('div');
+ div4.setAttribute('class', 'class4');
+ i2.appendChild(div2);
+ div2.appendChild(div1);
+ div1.appendChild(div4);
+ document.documentElement.offsetTop;
+ div1.setAttribute('class', 'class2');
+ div4.appendChild(div3);
+ document.documentElement.offsetTop;
+ i3.appendChild(div3);
+}
+window._onload_ = crash;
+</script>
+</html>
Modified: branches/safari-536.30-branch/Source/WebCore/ChangeLog (148449 => 148450)
--- branches/safari-536.30-branch/Source/WebCore/ChangeLog 2013-04-15 17:52:01 UTC (rev 148449)
+++ branches/safari-536.30-branch/Source/WebCore/ChangeLog 2013-04-15 17:59:50 UTC (rev 148450)
@@ -1,5 +1,25 @@
2013-04-15 Roger Fong <roger_f...@apple.com>
+ Merge r142922.
+
+ 2013-02-14 Abhishek Arya <infe...@chromium.org>
+
+ Bad cast in RenderBlock::splitBlocks.
+ https://bugs.webkit.org/show_bug.cgi?id=108691
+
+ Reviewed by Levi Weintraub.
+
+ Test: fast/multicol/remove-child-split-flow-crash.html
+
+ * rendering/RenderBlock.cpp:
+ (WebCore):
+ (WebCore::RenderBlock::addChildIgnoringAnonymousColumnBlocks): rename gIsInColumnFlowSplit to gColumnFlowSplitEnabled
+ and use it to decide when to do the column flow split or not.
+ (WebCore::RenderBlock::removeChild): Do not allow column flow split inside removeChild
+ since we might be merging anonymous blocks.
+
+2013-04-15 Roger Fong <roger_f...@apple.com>
+
Merge r138988.
2013-01-07 Abhishek Arya <infe...@chromium.org>
Modified: branches/safari-536.30-branch/Source/WebCore/rendering/RenderBlock.cpp (148449 => 148450)
--- branches/safari-536.30-branch/Source/WebCore/rendering/RenderBlock.cpp 2013-04-15 17:52:01 UTC (rev 148449)
+++ branches/safari-536.30-branch/Source/WebCore/rendering/RenderBlock.cpp 2013-04-15 17:59:50 UTC (rev 148450)
@@ -108,7 +108,7 @@
static int gDelayUpdateScrollInfo = 0;
static DelayedUpdateScrollInfoSet* gDelayedUpdateScrollInfoSet = 0;
-static bool gIsInColumnFlowSplit = false;
+static bool gColumnFlowSplitEnabled = true;
// We only create "generated" renderers like one for first-letter and
// before/after pseudo elements if:
@@ -854,10 +854,10 @@
beforeChild = beforeChild->nextSibling();
// Check for a spanning element in columns.
- if (!gIsInColumnFlowSplit) {
+ if (gColumnFlowSplitEnabled) {
RenderBlock* columnsBlockAncestor = columnsBlockForSpanningElement(newChild);
if (columnsBlockAncestor) {
- TemporaryChange<bool> isInColumnFlowSplit(gIsInColumnFlowSplit, true);
+ TemporaryChange<bool> columnFlowSplitEnabled(gColumnFlowSplitEnabled, false);
// We are placing a column-span element inside a block.
RenderBlock* newBox = createAnonymousColumnSpanBlock();
@@ -1157,6 +1157,9 @@
return;
}
+ // This protects against column split flows when anonymous blocks are getting merged.
+ TemporaryChange<bool> columnFlowSplitEnabled(gColumnFlowSplitEnabled, false);
+
// If this child is a block, and if our previous and next siblings are
// both anonymous blocks with inline content, then we can go ahead and
// fold the inline content back together.
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
