[webkit-changes] [239279] trunk

[zalan]

Title: [239279] trunk

Revision

239279

Author

za...@apple.com

Date

2018-12-17 11:42:55 -0800 (Mon, 17 Dec 2018)

Log Message

Reproducible ASSERTion failure when toggling layer borders with find-in-page up
https://bugs.webkit.org/show_bug.cgi?id=192762
<rdar://problem/46676873>

Reviewed by Simon Fraser.

Source/WebCore:

DocumentMarkerController::markersFor() should take a reference instead of a Node*.

Test: editing/document-marker-null-check.html

* dom/DocumentMarkerController.cpp:
(DocumentMarkerController::hasMarkers):
* dom/DocumentMarkerController.h:
* editing/AlternativeTextController.cpp:
(WebCore::AlternativeTextController::respondToChangedSelection):
* editing/Editor.cpp:
(WebCore::Editor::selectionStartHasMarkerFor const):
* rendering/InlineTextBox.cpp:
(WebCore::InlineTextBox::collectMarkedTextsForDocumentMarkers const):
* rendering/RenderReplaced.cpp:
(WebCore::RenderReplaced::paint):
* rendering/RenderText.cpp:
(WebCore::RenderText::draggedContentRangesBetweenOffsets const):
* rendering/SimpleLineLayout.cpp:
(WebCore::SimpleLineLayout::canUseForWithReason):
* testing/Internals.cpp:
(WebCore::Internals::markerCountForNode):

LayoutTests:

* editing/document-marker-null-check-expected.txt: Added.
* editing/document-marker-null-check.html: Added.

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/dom/DocumentMarkerController.cpp
• trunk/Source/WebCore/dom/DocumentMarkerController.h
• trunk/Source/WebCore/editing/AlternativeTextController.cpp
• trunk/Source/WebCore/editing/Editor.cpp
• trunk/Source/WebCore/rendering/InlineTextBox.cpp
• trunk/Source/WebCore/rendering/RenderReplaced.cpp
• trunk/Source/WebCore/rendering/RenderText.cpp
• trunk/Source/WebCore/rendering/SimpleLineLayout.cpp
• trunk/Source/WebCore/testing/Internals.cpp

Added Paths

• trunk/LayoutTests/editing/document-marker-null-check-expected.txt
• trunk/LayoutTests/editing/document-marker-null-check.html

Diff

Modified: trunk/LayoutTests/ChangeLog (239278 => 239279)

--- trunk/LayoutTests/ChangeLog	2018-12-17 19:22:20 UTC (rev 239278)
+++ trunk/LayoutTests/ChangeLog	2018-12-17 19:42:55 UTC (rev 239279)
@@ -1,3 +1,14 @@
+2018-12-17  Zalan Bujtas  <za...@apple.com>
+
+        Reproducible ASSERTion failure when toggling layer borders with find-in-page up
+        https://bugs.webkit.org/show_bug.cgi?id=192762
+        <rdar://problem/46676873>
+
+        Reviewed by Simon Fraser.
+
+        * editing/document-marker-null-check-expected.txt: Added.
+        * editing/document-marker-null-check.html: Added.
+
 2018-12-17  Commit Queue  <commit-qu...@webkit.org>
 
         Unreviewed, rolling out r239265 and r239274.

Added: trunk/LayoutTests/editing/document-marker-null-check-expected.txt (0 => 239279)

--- trunk/LayoutTests/editing/document-marker-null-check-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/editing/document-marker-null-check-expected.txt	2018-12-17 19:42:55 UTC (rev 239279)
@@ -0,0 +1 @@
+Pass if no crash or assert.

Added: trunk/LayoutTests/editing/document-marker-null-check.html (0 => 239279)

--- trunk/LayoutTests/editing/document-marker-null-check.html	                        (rev 0)
+++ trunk/LayoutTests/editing/document-marker-null-check.html	2018-12-17 19:42:55 UTC (rev 239279)
@@ -0,0 +1,29 @@
+<html>
+<head>
+<title>This test that we don't crash on a null text node with marker on it.</title>
+<style>
+div:before {
+	content: "foobar";
+	display: table;
+}
+</style>
+</head>
+<body>
+<div>Pass if no crash or assert.</div>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+
+if (window.internals) {
+	internals.settings.setSimpleLineLayoutEnabled(false);	
+	var findOptions = ['CaseInsensitive', 'AtWordStarts', 'TreatMedialCapitalAsWordStart', 'WrapAround'];
+	internals.countMatchesForText('assert', findOptions, 'mark');
+}
+
+document.body.offsetHeight;
+if (window.internals)
+	internals.settings.setSimpleLineLayoutEnabled(true);
+document.body.offsetHeight;
+</script>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (239278 => 239279)

--- trunk/Source/WebCore/ChangeLog	2018-12-17 19:22:20 UTC (rev 239278)
+++ trunk/Source/WebCore/ChangeLog	2018-12-17 19:42:55 UTC (rev 239279)
@@ -1,3 +1,33 @@
+2018-12-17  Zalan Bujtas  <za...@apple.com>
+
+        Reproducible ASSERTion failure when toggling layer borders with find-in-page up
+        https://bugs.webkit.org/show_bug.cgi?id=192762
+        <rdar://problem/46676873>
+
+        Reviewed by Simon Fraser.
+
+        DocumentMarkerController::markersFor() should take a reference instead of a Node*.
+
+        Test: editing/document-marker-null-check.html
+
+        * dom/DocumentMarkerController.cpp:
+        (DocumentMarkerController::hasMarkers):
+        * dom/DocumentMarkerController.h:
+        * editing/AlternativeTextController.cpp:
+        (WebCore::AlternativeTextController::respondToChangedSelection):
+        * editing/Editor.cpp:
+        (WebCore::Editor::selectionStartHasMarkerFor const):
+        * rendering/InlineTextBox.cpp:
+        (WebCore::InlineTextBox::collectMarkedTextsForDocumentMarkers const):
+        * rendering/RenderReplaced.cpp:
+        (WebCore::RenderReplaced::paint):
+        * rendering/RenderText.cpp:
+        (WebCore::RenderText::draggedContentRangesBetweenOffsets const):
+        * rendering/SimpleLineLayout.cpp:
+        (WebCore::SimpleLineLayout::canUseForWithReason):
+        * testing/Internals.cpp:
+        (WebCore::Internals::markerCountForNode):
+
 2018-12-17  Commit Queue  <commit-qu...@webkit.org>
 
         Unreviewed, rolling out r239265 and r239274.

Modified: trunk/Source/WebCore/dom/DocumentMarkerController.cpp (239278 => 239279)

--- trunk/Source/WebCore/dom/DocumentMarkerController.cpp	2018-12-17 19:22:20 UTC (rev 239278)
+++ trunk/Source/WebCore/dom/DocumentMarkerController.cpp	2018-12-17 19:42:55 UTC (rev 239279)
@@ -521,13 +521,13 @@
     return nullptr;
 }
 
-Vector<RenderedDocumentMarker*> DocumentMarkerController::markersFor(Node* node, OptionSet<DocumentMarker::MarkerType> markerTypes)
+Vector<RenderedDocumentMarker*> DocumentMarkerController::markersFor(Node& node, OptionSet<DocumentMarker::MarkerType> markerTypes)
 {
     if (!possiblyHasMarkers(markerTypes))
         return { };
 
     Vector<RenderedDocumentMarker*> result;
-    MarkerList* list = m_markers.get(node);
+    MarkerList* list = m_markers.get(&node);
     if (!list)
         return result;
 
@@ -551,7 +551,8 @@
 
     Node* pastLastNode = range.pastLastNode();
     for (Node* node = range.firstNode(); node != pastLastNode; node = NodeTraversal::next(*node)) {
-        for (auto* marker : markersFor(node)) {
+        ASSERT(node);
+        for (auto* marker : markersFor(*node)) {
             if (!markerTypes.contains(marker->type()))
                 continue;
             if (node == &startContainer && marker->endOffset() <= range.startOffset())
@@ -763,7 +764,8 @@
 
     Node* pastLastNode = range.pastLastNode();
     for (Node* node = range.firstNode(); node != pastLastNode; node = NodeTraversal::next(*node)) {
-        for (auto* marker : markersFor(node)) {
+        ASSERT(node);
+        for (auto* marker : markersFor(*node)) {
             if (!markerTypes.contains(marker->type()))
                 continue;
             if (node == &startContainer && marker->endOffset() <= static_cast<unsigned>(range.startOffset()))

Modified: trunk/Source/WebCore/dom/DocumentMarkerController.h (239278 => 239279)

--- trunk/Source/WebCore/dom/DocumentMarkerController.h	2018-12-17 19:22:20 UTC (rev 239278)
+++ trunk/Source/WebCore/dom/DocumentMarkerController.h	2018-12-17 19:42:55 UTC (rev 239279)
@@ -82,7 +82,7 @@
     void setMarkersActive(Range*, bool);
     void setMarkersActive(Node*, unsigned startOffset, unsigned endOffset, bool);
 
-    WEBCORE_EXPORT Vector<RenderedDocumentMarker*> markersFor(Node*, OptionSet<DocumentMarker::MarkerType> = DocumentMarker::allMarkers());
+    WEBCORE_EXPORT Vector<RenderedDocumentMarker*> markersFor(Node&, OptionSet<DocumentMarker::MarkerType> = DocumentMarker::allMarkers());
     WEBCORE_EXPORT Vector<RenderedDocumentMarker*> markersInRange(Range&, OptionSet<DocumentMarker::MarkerType>);
     void clearDescriptionOnMarkersIntersectingRange(Range&, OptionSet<DocumentMarker::MarkerType>);
 

Modified: trunk/Source/WebCore/editing/AlternativeTextController.cpp (239278 => 239279)

--- trunk/Source/WebCore/editing/AlternativeTextController.cpp	2018-12-17 19:22:20 UTC (rev 239278)
+++ trunk/Source/WebCore/editing/AlternativeTextController.cpp	2018-12-17 19:42:55 UTC (rev 239279)
@@ -420,7 +420,8 @@
         return;
 
     Node* node = position.containerNode();
-    for (auto* marker : node->document().markers().markersFor(node)) {
+    ASSERT(node);
+    for (auto* marker : node->document().markers().markersFor(*node)) {
         ASSERT(marker);
         if (respondToMarkerAtEndOfWord(*marker, position))
             break;

Modified: trunk/Source/WebCore/editing/Editor.cpp (239278 => 239279)

--- trunk/Source/WebCore/editing/Editor.cpp	2018-12-17 19:22:20 UTC (rev 239278)
+++ trunk/Source/WebCore/editing/Editor.cpp	2018-12-17 19:42:55 UTC (rev 239279)
@@ -3768,7 +3768,7 @@
 
     unsigned int startOffset = static_cast<unsigned int>(from);
     unsigned int endOffset = static_cast<unsigned int>(from + length);
-    Vector<RenderedDocumentMarker*> markers = document().markers().markersFor(node);
+    Vector<RenderedDocumentMarker*> markers = document().markers().markersFor(*node);
     for (auto* marker : markers) {
         if (marker->startOffset() <= startOffset && endOffset <= marker->endOffset() && marker->type() == markerType)
             return true;

Modified: trunk/Source/WebCore/rendering/InlineTextBox.cpp (239278 => 239279)

--- trunk/Source/WebCore/rendering/InlineTextBox.cpp	2018-12-17 19:22:20 UTC (rev 239278)
+++ trunk/Source/WebCore/rendering/InlineTextBox.cpp	2018-12-17 19:42:55 UTC (rev 239279)
@@ -862,7 +862,7 @@
     if (!renderer().textNode())
         return { };
 
-    Vector<RenderedDocumentMarker*> markers = renderer().document().markers().markersFor(renderer().textNode());
+    Vector<RenderedDocumentMarker*> markers = renderer().document().markers().markersFor(*renderer().textNode());
 
     auto markedTextTypeForMarkerType = [] (DocumentMarker::MarkerType type) {
         switch (type) {

Modified: trunk/Source/WebCore/rendering/RenderReplaced.cpp (239278 => 239279)

--- trunk/Source/WebCore/rendering/RenderReplaced.cpp	2018-12-17 19:22:20 UTC (rev 239278)
+++ trunk/Source/WebCore/rendering/RenderReplaced.cpp	2018-12-17 19:42:55 UTC (rev 239279)
@@ -162,7 +162,8 @@
     GraphicsContextStateSaver savedGraphicsContext(paintInfo.context(), false);
     if (element() && element()->parentOrShadowHostElement()) {
         auto* parentContainer = element()->parentOrShadowHostElement();
-        if (draggedContentContainsReplacedElement(document().markers().markersFor(parentContainer, DocumentMarker::DraggedContent), *element())) {
+        ASSERT(parentContainer);
+        if (draggedContentContainsReplacedElement(document().markers().markersFor(*parentContainer, DocumentMarker::DraggedContent), *element())) {
             savedGraphicsContext.save();
             paintInfo.context().setAlpha(0.25);
         }

Modified: trunk/Source/WebCore/rendering/RenderText.cpp (239278 => 239279)

--- trunk/Source/WebCore/rendering/RenderText.cpp	2018-12-17 19:22:20 UTC (rev 239278)
+++ trunk/Source/WebCore/rendering/RenderText.cpp	2018-12-17 19:42:55 UTC (rev 239279)
@@ -1063,7 +1063,7 @@
     if (!textNode())
         return { };
 
-    auto markers = document().markers().markersFor(textNode(), DocumentMarker::DraggedContent);
+    auto markers = document().markers().markersFor(*textNode(), DocumentMarker::DraggedContent);
     if (markers.isEmpty())
         return { };
 

Modified: trunk/Source/WebCore/rendering/SimpleLineLayout.cpp (239278 => 239279)

--- trunk/Source/WebCore/rendering/SimpleLineLayout.cpp	2018-12-17 19:22:20 UTC (rev 239278)
+++ trunk/Source/WebCore/rendering/SimpleLineLayout.cpp	2018-12-17 19:42:55 UTC (rev 239279)
@@ -315,7 +315,7 @@
             SET_REASON_AND_RETURN_IF_NEEDED(FlowChildIsSelected, reasons, includeReasons);
         if (is<RenderText>(*child)) {
             const auto& renderText = downcast<RenderText>(*child);
-            if (!renderText.document().markers().markersFor(renderText.textNode()).isEmpty())
+            if (renderText.textNode() && !renderText.document().markers().markersFor(*renderText.textNode()).isEmpty())
                 SET_REASON_AND_RETURN_IF_NEEDED(FlowIncludesDocumentMarkers, reasons, includeReasons);
             child = child->nextSibling();
             continue;

Modified: trunk/Source/WebCore/testing/Internals.cpp (239278 => 239279)

--- trunk/Source/WebCore/testing/Internals.cpp	2018-12-17 19:22:20 UTC (rev 239278)
+++ trunk/Source/WebCore/testing/Internals.cpp	2018-12-17 19:42:55 UTC (rev 239279)
@@ -1541,7 +1541,7 @@
         return Exception { SyntaxError };
 
     node.document().frame()->editor().updateEditorUINowIfScheduled();
-    return node.document().markers().markersFor(&node, markerTypes).size();
+    return node.document().markers().markersFor(node, markerTypes).size();
 }
 
 ExceptionOr<RenderedDocumentMarker*> Internals::markerAt(Node& node, const String& markerType, unsigned index)
@@ -1554,7 +1554,7 @@
 
     node.document().frame()->editor().updateEditorUINowIfScheduled();
 
-    Vector<RenderedDocumentMarker*> markers = node.document().markers().markersFor(&node, markerTypes);
+    Vector<RenderedDocumentMarker*> markers = node.document().markers().markersFor(node, markerTypes);
     if (markers.size() <= index)
         return nullptr;
     return markers[index];

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes