[webkit-changes] [WebKit/WebKit] cab087: Stale float state caused by 'content visibility' m...

Wed, 02 Apr 2025 15:06:46 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: cab087edfb44fae2081a62e8ac7788905584c8ad
      
https://github.com/WebKit/WebKit/commit/cab087edfb44fae2081a62e8ac7788905584c8ad
  Author: Alan Baradlay <[email protected]>
  Date:   2025-04-02 (Wed, 02 Apr 2025)

  Changed paths:
    A LayoutTests/fast/block/content-visisbility-and-float-crash-expected.txt
    A LayoutTests/fast/block/content-visisbility-and-float-crash.html
    M Source/WebCore/rendering/RenderBlockFlow.cpp

  Log Message:
  -----------
  Stale float state caused by 'content visibility' may lead to ASSERT in 
addFloatsToNewParent
https://bugs.webkit.org/show_bug.cgi?id=290898
<rdar://143296265>

Reviewed by Antti Koivisto.

In this patch
1. we let m_floatingObjects go stale on the skipped root (we already do that 
for the skipped subtree by not running layout)
2. we descend into skipped subtrees while cleaning up floats even when 
m_floatingObjects is stale/empty

Having up-to-date m_floatingObjects on the skipped root, while stale 
m_floatingObjects on the skipped subtree can lead to issues when
(#1) a previously intrusive float
(#2) becomes non-intrusive and
(#3) eventually gets deleted
prevents us from being able to cleanup m_floatingObjects in skipped subtree(s).

at #1 m_floatingObjects is populated with the intrusive float (both skipped 
root and renderers in skipped subtree)
and at #2 since we only run layout on the skipped root, m_floatingObjects gets 
updated by removing this previously intrusive float (skipped subtree becomes 
stale)
and at #3 we don't descend into the skipped subtree to cleanup 
m_floatingObjects since the skipped root does not have this float anymore 
(removed at #2).

* Source/WebCore/rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::markSiblingsWithFloatsForLayout):

Canonical link: https://commits.webkit.org/293119@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to