Skip to site navigation (Press enter)

[webkit-changes] [106298] trunk

rniwa Mon, 30 Jan 2012 16:18:31 -0800

Title: [106298] trunk

Revision: 106298
Author: rn...@webkit.org
Date: 2012-01-30 16:18:19 -0800 (Mon, 30 Jan 2012)

Log Message

Crash in previousLinePosition when moving into a root inline box without leaves
https://bugs.webkit.org/show_bug.cgi?id=76812


Reviewed by Enrica Casucci.

Source/WebCore: 

The crash was caused by us assuming that every root inline box has at least one leaf,
which isn't true when we create inline boxes for an empty text run with margin, border, etc...

Test: editing/selection/move-into-empty-root-inline-box.html

* editing/visible_units.cpp:
(WebCore::previousLinePosition):
(WebCore::nextLinePosition):

LayoutTests: 

Add a regression test for the crash. Unfortunately, we can only test previousLinePosition.

* editing/selection/move-into-empty-root-inline-box-expected.txt: Added.
* editing/selection/move-into-empty-root-inline-box.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/editing/visible_units.cpp

Added Paths

trunk/LayoutTests/editing/selection/move-into-empty-root-inline-box-expected.txt
trunk/LayoutTests/editing/selection/move-into-empty-root-inline-box.html

Diff

Modified: trunk/LayoutTests/ChangeLog (106297 => 106298)


--- trunk/LayoutTests/ChangeLog	2012-01-30 23:59:20 UTC (rev 106297)
+++ trunk/LayoutTests/ChangeLog	2012-01-31 00:18:19 UTC (rev 106298)
@@ -1,3 +1,15 @@
+2012-01-30  Ryosuke Niwa  <rn...@webkit.org>
+
+        Crash in previousLinePosition when moving into a root inline box without leaves
+        https://bugs.webkit.org/show_bug.cgi?id=76812
+
+        Reviewed by Enrica Casucci.
+
+        Add a regression test for the crash. Unfortunately, we can only test previousLinePosition.
+
+        * editing/selection/move-into-empty-root-inline-box-expected.txt: Added.
+        * editing/selection/move-into-empty-root-inline-box.html: Added.
+
 2012-01-30  Oliver Hunt  <oli...@apple.com>
 
         Unexpected syntax error

Added: trunk/LayoutTests/editing/selection/move-into-empty-root-inline-box-expected.txt (0 => 106298)


--- trunk/LayoutTests/editing/selection/move-into-empty-root-inline-box-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/editing/selection/move-into-empty-root-inline-box-expected.txt	2012-01-31 00:18:19 UTC (rev 106298)
@@ -0,0 +1,2 @@
+
+This tests moving into an empty root inline boxes. The test passes as long as WebKit doesn't crash.

Added: trunk/LayoutTests/editing/selection/move-into-empty-root-inline-box.html (0 => 106298)


--- trunk/LayoutTests/editing/selection/move-into-empty-root-inline-box.html	                        (rev 0)
+++ trunk/LayoutTests/editing/selection/move-into-empty-root-inline-box.html	2012-01-31 00:18:19 UTC (rev 106298)
@@ -0,0 +1,10 @@
+<!DOCTYPE html><html><body><br><label style="margin-left: inherit;"></label><script>
+
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+getSelection().setPosition(document.querySelector('br'), 0);
+getSelection().modify("move","forward","paragraph");
+document.writeln("This tests moving into an empty root inline boxes. The test passes as long as WebKit doesn't crash.");
+
+</script></body></html>

Modified: trunk/Source/WebCore/ChangeLog (106297 => 106298)


--- trunk/Source/WebCore/ChangeLog	2012-01-30 23:59:20 UTC (rev 106297)
+++ trunk/Source/WebCore/ChangeLog	2012-01-31 00:18:19 UTC (rev 106298)
@@ -1,3 +1,19 @@
+2012-01-30  Ryosuke Niwa  <rn...@webkit.org>
+
+        Crash in previousLinePosition when moving into a root inline box without leaves
+        https://bugs.webkit.org/show_bug.cgi?id=76812
+
+        Reviewed by Enrica Casucci.
+
+        The crash was caused by us assuming that every root inline box has at least one leaf,
+        which isn't true when we create inline boxes for an empty text run with margin, border, etc...
+
+        Test: editing/selection/move-into-empty-root-inline-box.html
+
+        * editing/visible_units.cpp:
+        (WebCore::previousLinePosition):
+        (WebCore::nextLinePosition):
+
 2012-01-30  Levi Weintraub  <le...@chromium.org>
 
         !m_insideRegionPaint assertion in RenderRegion.cpp is invalid

Modified: trunk/Source/WebCore/editing/visible_units.cpp (106297 => 106298)


--- trunk/Source/WebCore/editing/visible_units.cpp	2012-01-30 23:59:20 UTC (rev 106297)
+++ trunk/Source/WebCore/editing/visible_units.cpp	2012-01-31 00:18:19 UTC (rev 106298)
@@ -576,7 +576,7 @@
         root = box->root()->prevRootBox();
         // We want to skip zero height boxes.
         // This could happen in case it is a TrailingFloatsRootInlineBox.
-        if (!root || !root->logicalHeight())
+        if (!root || !root->logicalHeight() || !root->firstLeafChild())
             root = 0;
     }
 
@@ -677,7 +677,7 @@
         root = box->root()->nextRootBox();
         // We want to skip zero height boxes.
         // This could happen in case it is a TrailingFloatsRootInlineBox.
-        if (!root || !root->logicalHeight())
+        if (!root || !root->logicalHeight() || !root->firstLeafChild())
             root = 0;
     }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes