Diff
Modified: branches/safari-601.1.46-branch/Source/WebCore/ChangeLog (200756 => 200757)
--- branches/safari-601.1.46-branch/Source/WebCore/ChangeLog 2016-05-12 09:12:15 UTC (rev 200756)
+++ branches/safari-601.1.46-branch/Source/WebCore/ChangeLog 2016-05-12 09:12:18 UTC (rev 200757)
@@ -1,5 +1,44 @@
2016-05-12 Matthew Hanson <matthew_han...@apple.com>
+ Merge r200738. rdar://problem/26228887
+
+ 2016-05-11 Matthew Hanson <matthew_han...@apple.com>
+
+ Merge r198701. rdar://problem/26228577
+
+ 2016-03-25 Zalan Bujtas <za...@apple.com>
+
+ RenderImage::repaintOrMarkForLayout fails when the renderer is detached.
+ https://bugs.webkit.org/show_bug.cgi?id=155885
+ <rdar://problem/25359164>
+
+ Reviewed by Simon Fraser.
+
+ Making containingBlockFor* functions standalone ensures that we don't
+ call them on an invalid object.
+
+ Covered by existing tests.
+
+ * dom/Element.cpp:
+ (WebCore::layoutOverflowRectContainsAllDescendants):
+ * rendering/LogicalSelectionOffsetCaches.h:
+ (WebCore::LogicalSelectionOffsetCaches::LogicalSelectionOffsetCaches):
+ * rendering/RenderElement.cpp:
+ (WebCore::containingBlockForFixedPosition):
+ (WebCore::containingBlockForAbsolutePosition):
+ (WebCore::containingBlockForObjectInFlow):
+ (WebCore::RenderElement::containingBlockForFixedPosition): Deleted.
+ (WebCore::RenderElement::containingBlockForAbsolutePosition): Deleted.
+ (WebCore::isNonRenderBlockInline): Deleted.
+ (WebCore::RenderElement::containingBlockForObjectInFlow): Deleted.
+ * rendering/RenderElement.h:
+ * rendering/RenderInline.cpp:
+ (WebCore::RenderInline::styleWillChange):
+ * rendering/RenderObject.cpp:
+ (WebCore::RenderObject::containingBlock):
+
+2016-05-12 Matthew Hanson <matthew_han...@apple.com>
+
Merge r200735. rdar://problem/26228904
2016-05-11 Matthew Hanson <matthew_han...@apple.com>
Modified: branches/safari-601.1.46-branch/Source/WebCore/dom/Element.cpp (200756 => 200757)
--- branches/safari-601.1.46-branch/Source/WebCore/dom/Element.cpp 2016-05-12 09:12:15 UTC (rev 200756)
+++ branches/safari-601.1.46-branch/Source/WebCore/dom/Element.cpp 2016-05-12 09:12:18 UTC (rev 200757)
@@ -948,7 +948,7 @@
}
// This renderer may have positioned descendants whose containing block is some ancestor.
- if (auto containingBlock = renderer.containingBlockForAbsolutePosition()) {
+ if (auto containingBlock = containingBlockForAbsolutePosition(&renderer)) {
if (auto positionedObjects = containingBlock->positionedObjects()) {
for (RenderBox* it : *positionedObjects) {
if (it != &renderer && renderer.element()->contains(it->element()))
Modified: branches/safari-601.1.46-branch/Source/WebCore/rendering/LogicalSelectionOffsetCaches.h (200756 => 200757)
--- branches/safari-601.1.46-branch/Source/WebCore/rendering/LogicalSelectionOffsetCaches.h 2016-05-12 09:12:15 UTC (rev 200756)
+++ branches/safari-601.1.46-branch/Source/WebCore/rendering/LogicalSelectionOffsetCaches.h 2016-05-12 09:12:18 UTC (rev 200757)
@@ -91,9 +91,9 @@
auto parent = rootBlock.parent();
// LogicalSelectionOffsetCaches should not be used on an orphaned tree.
- m_containingBlockForFixedPosition.setBlock(parent->containingBlockForFixedPosition(), nullptr);
- m_containingBlockForAbsolutePosition.setBlock(parent->containingBlockForAbsolutePosition(), nullptr);
- m_containingBlockForInflowPosition.setBlock(parent->containingBlockForObjectInFlow(), nullptr);
+ m_containingBlockForFixedPosition.setBlock(containingBlockForFixedPosition(parent), nullptr);
+ m_containingBlockForAbsolutePosition.setBlock(containingBlockForAbsolutePosition(parent), nullptr);
+ m_containingBlockForInflowPosition.setBlock(containingBlockForObjectInFlow(parent), nullptr);
}
LogicalSelectionOffsetCaches(RenderBlock& block, const LogicalSelectionOffsetCaches& cache)
Modified: branches/safari-601.1.46-branch/Source/WebCore/rendering/RenderElement.cpp (200756 => 200757)
--- branches/safari-601.1.46-branch/Source/WebCore/rendering/RenderElement.cpp 2016-05-12 09:12:15 UTC (rev 200756)
+++ branches/safari-601.1.46-branch/Source/WebCore/rendering/RenderElement.cpp 2016-05-12 09:12:18 UTC (rev 200757)
@@ -1515,48 +1515,6 @@
return document().ensureStyleResolver().pseudoStyleForElement(element(), pseudoStyleRequest, parentStyle);
}
-RenderBlock* RenderElement::containingBlockForFixedPosition() const
-{
- const RenderElement* object = this;
- while (object && !object->canContainFixedPositionObjects())
- object = object->parent();
-
- ASSERT(!object || !object->isAnonymousBlock());
- return const_cast<RenderBlock*>(downcast<RenderBlock>(object));
-}
-
-RenderBlock* RenderElement::containingBlockForAbsolutePosition() const
-{
- const RenderElement* object = this;
- while (object && !object->canContainAbsolutelyPositionedObjects())
- object = object->parent();
-
- // For a relatively positioned inline, return its nearest non-anonymous containing block,
- // not the inline itself, to avoid having a positioned objects list in all RenderInlines
- // and use RenderBlock* as RenderElement::containingBlock's return type.
- // Use RenderBlock::container() to obtain the inline.
- if (object && !is<RenderBlock>(*object))
- object = object->containingBlock();
-
- while (object && object->isAnonymousBlock())
- object = object->containingBlock();
-
- return const_cast<RenderBlock*>(downcast<RenderBlock>(object));
-}
-
-static inline bool isNonRenderBlockInline(const RenderElement& object)
-{
- return (object.isInline() && !object.isReplaced()) || !object.isRenderBlock();
-}
-
-RenderBlock* RenderElement::containingBlockForObjectInFlow() const
-{
- const RenderElement* object = this;
- while (object && isNonRenderBlockInline(*object))
- object = object->parent();
- return const_cast<RenderBlock*>(downcast<RenderBlock>(object));
-}
-
Color RenderElement::selectionColor(int colorProperty) const
{
// If the element is unselectable, or we are only painting the selection,
@@ -1741,7 +1699,7 @@
return current;
if (!current->isRenderInline() || current->isRubyText())
return nullptr;
-
+
const RenderStyle& styleToUse = firstLine ? current->firstLineStyle() : current->style();
if (styleToUse.textDecoration() & textDecoration)
return current;
@@ -1751,4 +1709,41 @@
return current;
}
+RenderBlock* containingBlockForFixedPosition(const RenderElement* element)
+{
+ const auto* object = element;
+ while (object && !object->canContainFixedPositionObjects())
+ object = object->parent();
+
+ ASSERT(!object || !object->isAnonymousBlock());
+ return const_cast<RenderBlock*>(downcast<RenderBlock>(object));
}
+
+RenderBlock* containingBlockForAbsolutePosition(const RenderElement* element)
+{
+ const auto* object = element;
+ while (object && !object->canContainAbsolutelyPositionedObjects())
+ object = object->parent();
+
+ // For a relatively positioned inline, return its nearest non-anonymous containing block,
+ // not the inline itself, to avoid having a positioned objects list in all RenderInlines
+ // and use RenderBlock* as RenderElement::containingBlock's return type.
+ // Use RenderBlock::container() to obtain the inline.
+ if (object && !is<RenderBlock>(*object))
+ object = object->containingBlock();
+
+ while (object && object->isAnonymousBlock())
+ object = object->containingBlock();
+
+ return const_cast<RenderBlock*>(downcast<RenderBlock>(object));
+}
+
+RenderBlock* containingBlockForObjectInFlow(const RenderElement* element)
+{
+ const auto* object = element;
+ while (object && ((object->isInline() && !object->isReplaced()) || !object->isRenderBlock()))
+ object = object->parent();
+ return const_cast<RenderBlock*>(downcast<RenderBlock>(object));
+}
+
+}
Modified: branches/safari-601.1.46-branch/Source/WebCore/rendering/RenderElement.h (200756 => 200757)
--- branches/safari-601.1.46-branch/Source/WebCore/rendering/RenderElement.h 2016-05-12 09:12:15 UTC (rev 200756)
+++ branches/safari-601.1.46-branch/Source/WebCore/rendering/RenderElement.h 2016-05-12 09:12:18 UTC (rev 200757)
@@ -70,10 +70,6 @@
bool canContainFixedPositionObjects() const;
bool canContainAbsolutelyPositionedObjects() const;
- RenderBlock* containingBlockForFixedPosition() const;
- RenderBlock* containingBlockForAbsolutePosition() const;
- RenderBlock* containingBlockForObjectInFlow() const;
-
Color selectionColor(int colorProperty) const;
PassRefPtr<RenderStyle> selectionPseudoStyle() const;
@@ -481,6 +477,9 @@
return adjustLayoutUnitForAbsoluteZoom(value, renderer.style());
}
+RenderBlock* containingBlockForFixedPosition(const RenderElement*);
+RenderBlock* containingBlockForAbsolutePosition(const RenderElement*);
+RenderBlock* containingBlockForObjectInFlow(const RenderElement*);
} // namespace WebCore
SPECIALIZE_TYPE_TRAITS_RENDER_OBJECT(RenderElement, isRenderElement())
Modified: branches/safari-601.1.46-branch/Source/WebCore/rendering/RenderObject.cpp (200756 => 200757)
--- branches/safari-601.1.46-branch/Source/WebCore/rendering/RenderObject.cpp 2016-05-12 09:12:15 UTC (rev 200756)
+++ branches/safari-601.1.46-branch/Source/WebCore/rendering/RenderObject.cpp 2016-05-12 09:12:18 UTC (rev 200757)
@@ -696,15 +696,15 @@
const RenderStyle& style = this->style();
if (!is<RenderText>(*this) && style.position() == FixedPosition)
- parent = parent->containingBlockForFixedPosition();
+ parent = containingBlockForFixedPosition(parent);
else if (!is<RenderText>(*this) && style.position() == AbsolutePosition)
- parent = parent->containingBlockForAbsolutePosition();
+ parent = containingBlockForAbsolutePosition(parent);
else
- parent = parent->containingBlockForObjectInFlow();
+ parent = containingBlockForObjectInFlow(parent);
- if (!is<RenderBlock>(parent))
- return nullptr; // This can still happen in case of an orphaned tree
-
+ // This can still happen in case of an detached tree
+ if (!parent)
+ return nullptr;
return downcast<RenderBlock>(parent);
}
