Title: [112637] branches/chromium/1084/Source/WebCore/rendering/RenderFullScreen.cpp
- Revision
- 112637
- Author
- [email protected]
- Date
- 2012-03-29 19:23:30 -0700 (Thu, 29 Mar 2012)
Log Message
Merge 112596 - Heap-use-after-free in WebCore::InlineFlowBox::deleteLine due to fullscreen issues.
BUG=118853
Review URL: https://chromiumcodereview.appspot.com/9962002
Modified Paths
Diff
Modified: branches/chromium/1084/Source/WebCore/rendering/RenderFullScreen.cpp (112636 => 112637)
--- branches/chromium/1084/Source/WebCore/rendering/RenderFullScreen.cpp 2012-03-30 02:21:27 UTC (rev 112636)
+++ branches/chromium/1084/Source/WebCore/rendering/RenderFullScreen.cpp 2012-03-30 02:23:30 UTC (rev 112637)
@@ -113,8 +113,10 @@
if (RenderObject* parent = object->parent()) {
parent->addChild(fullscreenRenderer, object);
object->remove();
+ parent->setNeedsLayoutAndPrefWidthsRecalc();
}
fullscreenRenderer->addChild(object);
+ fullscreenRenderer->setNeedsLayoutAndPrefWidthsRecalc();
}
document->setFullScreenRenderer(fullscreenRenderer);
return fullscreenRenderer;
@@ -127,6 +129,7 @@
while ((child = firstChild())) {
child->remove();
parent()->addChild(child, this);
+ parent()->setNeedsLayoutAndPrefWidthsRecalc();
}
}
if (placeholder())
@@ -150,8 +153,10 @@
if (!m_placeholder) {
m_placeholder = new (document()->renderArena()) RenderFullScreenPlaceholder(this);
m_placeholder->setStyle(style);
- if (parent())
+ if (parent()) {
parent()->addChild(m_placeholder, this);
+ parent()->setNeedsLayoutAndPrefWidthsRecalc();
+ }
} else
m_placeholder->setStyle(style);
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
