Title: [219394] trunk/Source/WebCore
- Revision
- 219394
- Author
- za...@apple.com
- Date
- 2017-07-12 08:37:52 -0700 (Wed, 12 Jul 2017)
Log Message
Paginated mode: Infinite recursion in RenderTable::layout
https://bugs.webkit.org/show_bug.cgi?id=174413
Reviewed by Simon Fraser.
This patch is a workaround for avoiding infinite recursion when the table layout does not stabilize.
Apparently we leak some context (computed padding in this case) from the current to the subsequent layout.
The subsequent layouts always end up producing different line heights for some of the cells in the <thead>.
In paginated mode, when the section moves (<thead>, <tbody> etc) we call layout again recursively.
This could lead to infinite recursion for unstable table layout.
Unable to come up with a reduction yet.
* rendering/RenderTable.cpp:
(WebCore::RenderTable::layout):
* rendering/RenderTable.h:
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (219393 => 219394)
--- trunk/Source/WebCore/ChangeLog 2017-07-12 14:27:31 UTC (rev 219393)
+++ trunk/Source/WebCore/ChangeLog 2017-07-12 15:37:52 UTC (rev 219394)
@@ -1,3 +1,22 @@
+2017-07-12 Zalan Bujtas <za...@apple.com>
+
+ Paginated mode: Infinite recursion in RenderTable::layout
+ https://bugs.webkit.org/show_bug.cgi?id=174413
+
+ Reviewed by Simon Fraser.
+
+ This patch is a workaround for avoiding infinite recursion when the table layout does not stabilize.
+ Apparently we leak some context (computed padding in this case) from the current to the subsequent layout.
+ The subsequent layouts always end up producing different line heights for some of the cells in the <thead>.
+ In paginated mode, when the section moves (<thead>, <tbody> etc) we call layout again recursively.
+ This could lead to infinite recursion for unstable table layout.
+
+ Unable to come up with a reduction yet.
+
+ * rendering/RenderTable.cpp:
+ (WebCore::RenderTable::layout):
+ * rendering/RenderTable.h:
+
2017-07-12 Youenn Fablet <you...@apple.com>
WebRTC: Incorrect sdpMLineIndex for video breaks Firefox interop
Modified: trunk/Source/WebCore/rendering/RenderTable.cpp (219393 => 219394)
--- trunk/Source/WebCore/rendering/RenderTable.cpp 2017-07-12 14:27:31 UTC (rev 219393)
+++ trunk/Source/WebCore/rendering/RenderTable.cpp 2017-07-12 15:37:52 UTC (rev 219394)
@@ -47,6 +47,7 @@
#include "RenderTableSection.h"
#include "RenderView.h"
#include "StyleInheritedData.h"
+#include <wtf/SetForScope.h>
#include <wtf/StackStats.h>
namespace WebCore {
@@ -601,8 +602,13 @@
bool paginated = view().layoutState() && view().layoutState()->isPaginated();
if (sectionMoved && paginated) {
- markForPaginationRelayoutIfNeeded();
- layoutIfNeeded();
+ // FIXME: Table layout should always stabilize even when section moves (see webkit.org/b/174412).
+ if (!m_inRecursiveSectionMovedWithPagination) {
+ SetForScope<bool> paginatedSectionMoved(m_inRecursiveSectionMovedWithPagination, true);
+ markForPaginationRelayoutIfNeeded();
+ layoutIfNeeded();
+ } else
+ ASSERT_NOT_REACHED();
}
// FIXME: This value isn't the intrinsic content logical height, but we need
Modified: trunk/Source/WebCore/rendering/RenderTable.h (219393 => 219394)
--- trunk/Source/WebCore/rendering/RenderTable.h 2017-07-12 14:27:31 UTC (rev 219393)
+++ trunk/Source/WebCore/rendering/RenderTable.h 2017-07-12 15:37:52 UTC (rev 219394)
@@ -366,6 +366,7 @@
LayoutUnit m_borderEnd;
mutable LayoutUnit m_columnOffsetTop;
mutable LayoutUnit m_columnOffsetHeight;
+ bool m_inRecursiveSectionMovedWithPagination { false };
};
inline RenderTableSection* RenderTable::topSection() const
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
