Title: [124072] branches/safari-536.26-branch

Diff

Modified: branches/safari-536.26-branch/LayoutTests/ChangeLog (124071 => 124072)


--- branches/safari-536.26-branch/LayoutTests/ChangeLog	2012-07-30 18:55:10 UTC (rev 124071)
+++ branches/safari-536.26-branch/LayoutTests/ChangeLog	2012-07-30 19:26:39 UTC (rev 124072)
@@ -1,5 +1,21 @@
 2012-07-30  Lucas Forschler  <lforsch...@apple.com>
 
+    Merge 117309
+
+    2012-05-16  Ken Buchanan  <ke...@chromium.org>
+
+            Crash due to first-letter not getting computed on RenderTableCell
+            https://bugs.webkit.org/show_bug.cgi?id=86133
+
+            Reviewed by Abhishek Arya.
+
+            Test to exercise crashing condition in bug 86133.
+
+            * fast/css-generated-content/first-letter-table-cell-format-block-crash-expected.txt: Added
+            * fast/css-generated-content/first-letter-table-cell-format-block-crash.html: Added
+
+2012-07-30  Lucas Forschler  <lforsch...@apple.com>
+
     Merge 117304
 
     2012-05-16  Abhishek Arya  <infe...@chromium.org>

Copied: branches/safari-536.26-branch/LayoutTests/fast/css-generated-content/first-letter-table-cell-format-block-crash-expected.txt (from rev 117309, trunk/LayoutTests/fast/css-generated-content/first-letter-table-cell-format-block-crash-expected.txt) (0 => 124072)


--- branches/safari-536.26-branch/LayoutTests/fast/css-generated-content/first-letter-table-cell-format-block-crash-expected.txt	                        (rev 0)
+++ branches/safari-536.26-branch/LayoutTests/fast/css-generated-content/first-letter-table-cell-format-block-crash-expected.txt	2012-07-30 19:26:39 UTC (rev 124072)
@@ -0,0 +1 @@
+PASS, if no crash or assert in debug build.

Copied: branches/safari-536.26-branch/LayoutTests/fast/css-generated-content/first-letter-table-cell-format-block-crash.html (from rev 117309, trunk/LayoutTests/fast/css-generated-content/first-letter-table-cell-format-block-crash.html) (0 => 124072)


--- branches/safari-536.26-branch/LayoutTests/fast/css-generated-content/first-letter-table-cell-format-block-crash.html	                        (rev 0)
+++ branches/safari-536.26-branch/LayoutTests/fast/css-generated-content/first-letter-table-cell-format-block-crash.html	2012-07-30 19:26:39 UTC (rev 124072)
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<html>
+<style>
+#test0 {
+    -webkit-column-count:2;
+    display: table-cell;
+}
+#test0::first-letter {
+    background-size: auto;
+}
+#test1 {
+    float: right;
+}
+</style>
+<script>
+    _onload_ = function() {
+        test0=document.createElement('div');
+        test0.setAttribute('id', 'test0');
+        document.body.appendChild(test0);
+        test1=document.createElement('div');
+        test1.setAttribute('id', 'test1');
+        test0.appendChild(test1);
+        test0.appendChild(document.createTextNode(unescape('%u3200A')));
+        document.designMode = 'on';
+        window.getSelection().setBaseAndExtent(test1, 0, test1, 0);
+        document.execCommand('InsertLineBreak');
+        document.execCommand('selectall');
+        document.execCommand('strikethrough');
+        document.execCommand('FormatBlock', false, '<'+'pre>');
+
+        document.body.offsetTop;
+        document.body.innerHTML = "PASS, if no crash or assert in debug build."
+
+        if (window.layoutTestController)
+            layoutTestController.dumpAsText();
+    }
+</script>
+<body>
+</body>
+</html>

Modified: branches/safari-536.26-branch/Source/WebCore/ChangeLog (124071 => 124072)


--- branches/safari-536.26-branch/Source/WebCore/ChangeLog	2012-07-30 18:55:10 UTC (rev 124071)
+++ branches/safari-536.26-branch/Source/WebCore/ChangeLog	2012-07-30 19:26:39 UTC (rev 124072)
@@ -1,5 +1,30 @@
 2012-07-30  Lucas Forschler  <lforsch...@apple.com>
 
+    Merge 117309
+
+    2012-05-16  Ken Buchanan  <ke...@chromium.org>
+
+            Crash due to first-letter not getting computed on RenderTableCell
+            https://bugs.webkit.org/show_bug.cgi?id=86133
+
+            Reviewed by Abhishek Arya.
+
+            RenderTableCell overrides RenderBlock::layout() but doesn't call
+            updateFirstLetter() in it. This is normally not a problem because
+            updateFirstLetter() gets called during preferred logical width
+            computation, but there exist rare occasions when layout of the table
+            cell happens without preferred logical widths being dirty, in which
+            case the first-letter update can be skipped.
+
+            This patch adds a call to updateFirstLetter() to
+            RenderTableCell::layout(). This ensures that the first-letter is up
+            to date before commencing block layout.
+
+            * rendering/RenderTableCell.cpp:
+            (WebCore::RenderTableCell::layout)
+
+2012-07-30  Lucas Forschler  <lforsch...@apple.com>
+
     Merge 117304
 
     2012-05-16  Abhishek Arya  <infe...@chromium.org>

Modified: branches/safari-536.26-branch/Source/WebCore/rendering/RenderTableCell.cpp (124071 => 124072)


--- branches/safari-536.26-branch/Source/WebCore/rendering/RenderTableCell.cpp	2012-07-30 18:55:10 UTC (rev 124071)
+++ branches/safari-536.26-branch/Source/WebCore/rendering/RenderTableCell.cpp	2012-07-30 19:26:39 UTC (rev 124072)
@@ -186,6 +186,7 @@
 
 void RenderTableCell::layout()
 {
+    updateFirstLetter();
     layoutBlock(cellWidthChanged());
     setCellWidthChanged(false);
 }
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to