Diff
Modified: branches/safari-613-branch/LayoutTests/ChangeLog (291636 => 291637)
--- branches/safari-613-branch/LayoutTests/ChangeLog 2022-03-22 17:54:45 UTC (rev 291636)
+++ branches/safari-613-branch/LayoutTests/ChangeLog 2022-03-22 17:54:50 UTC (rev 291637)
@@ -1,5 +1,44 @@
2022-03-21 Alan Coon <alanc...@apple.com>
+ Cherry-pick r290615. rdar://problem/87919197
+
+ Handle widow relayout differently
+ https://bugs.webkit.org/show_bug.cgi?id=235519
+
+ Patch by Rob Buis <rb...@igalia.com> on 2022-02-28
+ Reviewed by Alan Bujtas.
+
+ Source/WebCore:
+
+ Handle widow relayout differently to prevent function call recursion.
+
+ Test: fast/multicol/widow-many-relayouts-crash.html
+
+ * rendering/RenderBlockFlow.cpp:
+ (WebCore::RenderBlockFlow::layoutBlock):
+ (WebCore::RenderBlockFlow::relayoutToAvoidWidows): Deleted.
+ * rendering/RenderBlockFlow.h:
+ (WebCore::RenderBlockFlow::didBreakAtLineToAvoidWidow const):
+
+ LayoutTests:
+
+ * fast/multicol/widow-many-relayouts-crash-expected.txt: Added.
+ * fast/multicol/widow-many-relayouts-crash.html: Added.
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@290615 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2022-02-28 Rob Buis <rb...@igalia.com>
+
+ Handle widow relayout differently
+ https://bugs.webkit.org/show_bug.cgi?id=235519
+
+ Reviewed by Alan Bujtas.
+
+ * fast/multicol/widow-many-relayouts-crash-expected.txt: Added.
+ * fast/multicol/widow-many-relayouts-crash.html: Added.
+
+2022-03-21 Alan Coon <alanc...@apple.com>
+
Cherry-pick r290519. rdar://problem/89148022
Re-add YouTubePluginReplacement, removed in r285252
Added: branches/safari-613-branch/LayoutTests/fast/multicol/widow-many-relayouts-crash-expected.txt (0 => 291637)
--- branches/safari-613-branch/LayoutTests/fast/multicol/widow-many-relayouts-crash-expected.txt (rev 0)
+++ branches/safari-613-branch/LayoutTests/fast/multicol/widow-many-relayouts-crash-expected.txt 2022-03-22 17:54:50 UTC (rev 291637)
@@ -0,0 +1 @@
+Test passes if it does not crash.
Added: branches/safari-613-branch/LayoutTests/fast/multicol/widow-many-relayouts-crash.html (0 => 291637)
--- branches/safari-613-branch/LayoutTests/fast/multicol/widow-many-relayouts-crash.html (rev 0)
+++ branches/safari-613-branch/LayoutTests/fast/multicol/widow-many-relayouts-crash.html 2022-03-22 17:54:50 UTC (rev 291637)
@@ -0,0 +1,40 @@
+<style>
+html {
+ font-size: 100ex;
+ widows: 2;
+}
+body {
+ block-size: 300em;
+ -webkit-column-axis: vertical;
+}
+a {
+ padding-right: 100%;
+}
+blockquote {
+ min-width: fit-content;
+}
+tr {
+ block-size: 300em;
+}
+span {
+ font-family: ui-serif;
+ padding-right: 80%;
+}
+</style>
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+_onload_ = () => {
+ let blockquote = document.createElement('blockquote');
+ let span = document.createElement('span');
+ blockquote.append(span);
+ span.append('\uA6F8\uD83D\uDC00擄');
+ span.append(document.createElement('tr'));
+ document.body.append(blockquote);
+ document.body.append(document.createElement('table'));
+ document.execCommand('SelectAll');
+ document.designMode = 'on';
+ document.execCommand('CreateLink', false, '#');
+ document.write("Test passes if it does not crash.");
+};
+</script>
Modified: branches/safari-613-branch/Source/WebCore/ChangeLog (291636 => 291637)
--- branches/safari-613-branch/Source/WebCore/ChangeLog 2022-03-22 17:54:45 UTC (rev 291636)
+++ branches/safari-613-branch/Source/WebCore/ChangeLog 2022-03-22 17:54:50 UTC (rev 291637)
@@ -1,5 +1,51 @@
2022-03-21 Alan Coon <alanc...@apple.com>
+ Cherry-pick r290615. rdar://problem/87919197
+
+ Handle widow relayout differently
+ https://bugs.webkit.org/show_bug.cgi?id=235519
+
+ Patch by Rob Buis <rb...@igalia.com> on 2022-02-28
+ Reviewed by Alan Bujtas.
+
+ Source/WebCore:
+
+ Handle widow relayout differently to prevent function call recursion.
+
+ Test: fast/multicol/widow-many-relayouts-crash.html
+
+ * rendering/RenderBlockFlow.cpp:
+ (WebCore::RenderBlockFlow::layoutBlock):
+ (WebCore::RenderBlockFlow::relayoutToAvoidWidows): Deleted.
+ * rendering/RenderBlockFlow.h:
+ (WebCore::RenderBlockFlow::didBreakAtLineToAvoidWidow const):
+
+ LayoutTests:
+
+ * fast/multicol/widow-many-relayouts-crash-expected.txt: Added.
+ * fast/multicol/widow-many-relayouts-crash.html: Added.
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@290615 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2022-02-28 Rob Buis <rb...@igalia.com>
+
+ Handle widow relayout differently
+ https://bugs.webkit.org/show_bug.cgi?id=235519
+
+ Reviewed by Alan Bujtas.
+
+ Handle widow relayout differently to prevent function call recursion.
+
+ Test: fast/multicol/widow-many-relayouts-crash.html
+
+ * rendering/RenderBlockFlow.cpp:
+ (WebCore::RenderBlockFlow::layoutBlock):
+ (WebCore::RenderBlockFlow::relayoutToAvoidWidows): Deleted.
+ * rendering/RenderBlockFlow.h:
+ (WebCore::RenderBlockFlow::didBreakAtLineToAvoidWidow const):
+
+2022-03-21 Alan Coon <alanc...@apple.com>
+
Cherry-pick r290526. rdar://problem/89372801
[Cocoa] HLS + Modern EME key rotation causes playback to stall indefinitely
Modified: branches/safari-613-branch/Source/WebCore/rendering/RenderBlockFlow.cpp (291636 => 291637)
--- branches/safari-613-branch/Source/WebCore/rendering/RenderBlockFlow.cpp 2022-03-22 17:54:45 UTC (rev 291636)
+++ branches/safari-613-branch/Source/WebCore/rendering/RenderBlockFlow.cpp 2022-03-22 17:54:50 UTC (rev 291637)
@@ -500,7 +500,7 @@
LayoutUnit repaintLogicalBottom;
LayoutUnit maxFloatLogicalBottom;
const RenderStyle& styleToUse = style();
- {
+ do {
LayoutStateMaintainer statePusher(*this, locationOffset(), hasTransform() || hasReflection() || styleToUse.isFlippedBlocksWritingMode(), pageLogicalHeight, pageLogicalHeightChanged);
preparePaginationBeforeBlockLayout(relayoutChildren);
@@ -530,13 +530,18 @@
layoutInlineChildren(relayoutChildren, repaintLogicalTop, repaintLogicalBottom);
else
layoutBlockChildren(relayoutChildren, maxFloatLogicalBottom);
- }
+ // Expand our intrinsic height to encompass floats.
+ LayoutUnit toAdd = borderAndPaddingAfter() + scrollbarLogicalHeight();
+ if (lowestFloatLogicalBottom() > (logicalHeight() - toAdd) && createsNewFormattingContext())
+ setLogicalHeight(lowestFloatLogicalBottom() + toAdd);
+ if (shouldBreakAtLineToAvoidWidow()) {
+ setEverHadLayout(true);
+ continue;
+ }
+ break;
+ } while (true);
- // Expand our intrinsic height to encompass floats.
- LayoutUnit toAdd = borderAndPaddingAfter() + scrollbarLogicalHeight();
- if (lowestFloatLogicalBottom() > (logicalHeight() - toAdd) && createsNewFormattingContext())
- setLogicalHeight(lowestFloatLogicalBottom() + toAdd);
- if (relayoutForPagination() || relayoutToAvoidWidows()) {
+ if (relayoutForPagination()) {
ASSERT(!shouldBreakAtLineToAvoidWidow());
return;
}
@@ -553,7 +558,7 @@
updateLogicalHeight();
LayoutUnit newHeight = logicalHeight();
{
- // FIXME: This could be removed once relayoutForPagination()/relayoutToAvoidWidows() either stop recursing or we manage to
+ // FIXME: This could be removed once relayoutForPagination() either stop recursing or we manage to
// re-order them.
LayoutStateMaintainer statePusher(*this, locationOffset(), hasTransform() || hasReflection() || styleToUse.isFlippedBlocksWritingMode(), pageLogicalHeight, pageLogicalHeightChanged);
@@ -1728,16 +1733,6 @@
rareBlockFlowData()->m_lineBreakToAvoidWidow = -1;
}
-bool RenderBlockFlow::relayoutToAvoidWidows()
-{
- if (!shouldBreakAtLineToAvoidWidow())
- return false;
-
- setEverHadLayout(true);
- layoutBlock(false);
- return true;
-}
-
bool RenderBlockFlow::hasNextPage(LayoutUnit logicalOffset, PageBoundaryRule pageBoundaryRule) const
{
ASSERT(view().frameView().layoutContext().layoutState() && view().frameView().layoutContext().layoutState()->isPaginated());
Modified: branches/safari-613-branch/Source/WebCore/rendering/RenderBlockFlow.h (291636 => 291637)
--- branches/safari-613-branch/Source/WebCore/rendering/RenderBlockFlow.h 2022-03-22 17:54:45 UTC (rev 291636)
+++ branches/safari-613-branch/Source/WebCore/rendering/RenderBlockFlow.h 2022-03-22 17:54:50 UTC (rev 291637)
@@ -250,7 +250,6 @@
void clearDidBreakAtLineToAvoidWidow();
void setDidBreakAtLineToAvoidWidow();
bool didBreakAtLineToAvoidWidow() const { return hasRareBlockFlowData() && rareBlockFlowData()->m_didBreakAtLineToAvoidWidow; }
- bool relayoutToAvoidWidows();
LegacyRootInlineBox* lineGridBox() const { return hasRareBlockFlowData() ? rareBlockFlowData()->m_lineGridBox.get() : nullptr; }
void setLineGridBox(std::unique_ptr<LegacyRootInlineBox> box)
