[webkit-changes] [258472] releases/WebKitGTK/webkit-2.26

Sat, 14 Mar 2020 12:54:00 -0700

Title: [258472] releases/WebKitGTK/webkit-2.26
Revision
258472
Author
[email protected]
Date
2020-03-14 12:53:15 -0700 (Sat, 14 Mar 2020)

Log Message

Merge r257720 - ASSERT(m_column != unsetColumnIndex) in RenderTable::cellBefore
https://bugs.webkit.org/show_bug.cgi?id=208397

Patch by Doug Kelly <[email protected]> on 2020-03-02
Reviewed by Zalan Bujtas.

Source/WebCore:

When inserting a cell into a table row which is not visible, this can lead to attempting to compute the repaint
rects during tree building.  Instead, mark the layer as dirty using dirtyVisibleContentStatus(), and the visibility
will be recomputed at a later time.

Test: fast/table/insert-cell-invisible-parent.html

* rendering/RenderElement.cpp:
(WebCore::RenderElement::insertedIntoTree):

LayoutTests:

* fast/table/insert-cell-invisible-parent-expected.txt: Added.
* fast/table/insert-cell-invisible-parent.html: Added.

Modified Paths

Added Paths

Diff

Modified: releases/WebKitGTK/webkit-2.26/LayoutTests/ChangeLog (258471 => 258472)


--- releases/WebKitGTK/webkit-2.26/LayoutTests/ChangeLog	2020-03-14 19:53:07 UTC (rev 258471)
+++ releases/WebKitGTK/webkit-2.26/LayoutTests/ChangeLog	2020-03-14 19:53:15 UTC (rev 258472)
@@ -1,3 +1,13 @@
+2020-03-02  Doug Kelly  <[email protected]>
+
+        ASSERT(m_column != unsetColumnIndex) in RenderTable::cellBefore
+        https://bugs.webkit.org/show_bug.cgi?id=208397
+
+        Reviewed by Zalan Bujtas.
+
+        * fast/table/insert-cell-invisible-parent-expected.txt: Added.
+        * fast/table/insert-cell-invisible-parent.html: Added.
+
 2020-03-04  Doug Kelly  <[email protected]>
 
         Crash in SVGElement::removeEventListener with symbol element

Added: releases/WebKitGTK/webkit-2.26/LayoutTests/fast/table/insert-cell-invisible-parent-expected.txt (0 => 258472)


--- releases/WebKitGTK/webkit-2.26/LayoutTests/fast/table/insert-cell-invisible-parent-expected.txt	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.26/LayoutTests/fast/table/insert-cell-invisible-parent-expected.txt	2020-03-14 19:53:15 UTC (rev 258472)
@@ -0,0 +1 @@
+Tests if a newly-inserted cell is properly added when parent element is not visible. Test passes if WebKit does not crash. PASS

Added: releases/WebKitGTK/webkit-2.26/LayoutTests/fast/table/insert-cell-invisible-parent.html (0 => 258472)


--- releases/WebKitGTK/webkit-2.26/LayoutTests/fast/table/insert-cell-invisible-parent.html	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.26/LayoutTests/fast/table/insert-cell-invisible-parent.html	2020-03-14 19:53:15 UTC (rev 258472)
@@ -0,0 +1,16 @@
+<style>
+    td { visibility: initial; }
+    #row { visibility: collapse; -webkit-backface-visibility: hidden; }
+</style>
+<table rules="none">
+<tr id="row">
+<script>
+document.body.offsetHeight;
+window.scrollBy();
+row.insertCell();
+document.body.offsetWidth;
+if (window.testRunner) {
+    document.body.innerText = "Tests if a newly-inserted cell is properly added when parent element is not visible.  Test passes if WebKit does not crash.  PASS";
+    testRunner.dumpAsText();
+}
+</script>

Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (258471 => 258472)


--- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog	2020-03-14 19:53:07 UTC (rev 258471)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog	2020-03-14 19:53:15 UTC (rev 258472)
@@ -1,3 +1,19 @@
+2020-03-02  Doug Kelly  <[email protected]>
+
+        ASSERT(m_column != unsetColumnIndex) in RenderTable::cellBefore
+        https://bugs.webkit.org/show_bug.cgi?id=208397
+
+        Reviewed by Zalan Bujtas.
+
+        When inserting a cell into a table row which is not visible, this can lead to attempting to compute the repaint
+        rects during tree building.  Instead, mark the layer as dirty using dirtyVisibleContentStatus(), and the visibility
+        will be recomputed at a later time.
+
+        Test: fast/table/insert-cell-invisible-parent.html
+
+        * rendering/RenderElement.cpp:
+        (WebCore::RenderElement::insertedIntoTree):
+
 2020-03-04  Doug Kelly  <[email protected]>
 
         Crash in SVGElement::removeEventListener with symbol element

Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/rendering/RenderElement.cpp (258471 => 258472)


--- releases/WebKitGTK/webkit-2.26/Source/WebCore/rendering/RenderElement.cpp	2020-03-14 19:53:07 UTC (rev 258471)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/rendering/RenderElement.cpp	2020-03-14 19:53:15 UTC (rev 258472)
@@ -886,7 +886,7 @@
         if (!layer)
             layer = parent()->enclosingLayer();
         if (layer)
-            layer->setHasVisibleContent();
+            layer->dirtyVisibleContentStatus();
     }
 
     RenderObject::insertedIntoTree();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to