Title: [145590] branches/safari-536.30-branch/Source/WebCore
- Revision
- 145590
- Author
- lforsch...@apple.com
- Date
- 2013-03-12 14:55:25 -0700 (Tue, 12 Mar 2013)
Log Message
Rollout 145585, not needed.
Modified Paths
Diff
Modified: branches/safari-536.30-branch/Source/WebCore/ChangeLog (145589 => 145590)
--- branches/safari-536.30-branch/Source/WebCore/ChangeLog 2013-03-12 21:54:11 UTC (rev 145589)
+++ branches/safari-536.30-branch/Source/WebCore/ChangeLog 2013-03-12 21:55:25 UTC (rev 145590)
@@ -1,36 +1,5 @@
2013-03-12 Lucas Forschler <lforsch...@apple.com>
- Merge r129144
-
- 2012-09-20 Levi Weintraub <le...@chromium.org>
-
- Prevent reading stale data from InlineTextBoxes
- https://bugs.webkit.org/show_bug.cgi?id=94750
-
- Reviewed by Eric Seidel.
-
- Text from dirty InlineTextBoxes should never be read or used. This change enforces this
- design goal by forcefully zero-ing out the start and length of InlineTextBoxes when
- they're being marked dirty. It also adds asserts to accessors for those members.
-
- This change involves making markDirty virtual. Running the line-layout performance test
- as well as profiling resizing the html5 spec showed negligable impact with this change.
-
- No new tests as this doesn't change any proper behavior.
-
- * rendering/InlineBox.h:
- (WebCore::InlineBox::markDirty): Making virtual to allow InlineTextBox to overload and
- zero out its start and length.
- * rendering/InlineTextBox.cpp:
- (WebCore::InlineTextBox::markDirty): Zeroing out start and length when we mark the box dirty.
- * rendering/InlineTextBox.h:
- (WebCore::InlineTextBox::start): Adding an assert when we hit this case.
- (WebCore::InlineTextBox::end): Ditto.
- (WebCore::InlineTextBox::len): Ditto.
- (WebCore::InlineTextBox::offsetRun): Ditto.
-
-2013-03-12 Lucas Forschler <lforsch...@apple.com>
-
Merge r128524
2012-09-13 Tom Sepez <tse...@chromium.org>
Modified: branches/safari-536.30-branch/Source/WebCore/rendering/InlineBox.h (145589 => 145590)
--- branches/safari-536.30-branch/Source/WebCore/rendering/InlineBox.h 2013-03-12 21:54:11 UTC (rev 145589)
+++ branches/safari-536.30-branch/Source/WebCore/rendering/InlineBox.h 2013-03-12 21:55:25 UTC (rev 145590)
@@ -255,7 +255,7 @@
virtual void clearTruncation() { }
bool isDirty() const { return m_bitfields.dirty(); }
- virtual void markDirty(bool dirty = true) { m_bitfields.setDirty(dirty); }
+ void markDirty(bool dirty = true) { m_bitfields.setDirty(dirty); }
virtual void dirtyLineBoxes();
Modified: branches/safari-536.30-branch/Source/WebCore/rendering/InlineTextBox.cpp (145589 => 145590)
--- branches/safari-536.30-branch/Source/WebCore/rendering/InlineTextBox.cpp 2013-03-12 21:54:11 UTC (rev 145589)
+++ branches/safari-536.30-branch/Source/WebCore/rendering/InlineTextBox.cpp 2013-03-12 21:55:25 UTC (rev 145590)
@@ -64,15 +64,6 @@
InlineBox::destroy(arena);
}
-void InlineTextBox::markDirty(bool dirty)
-{
- if (dirty) {
- m_len = 0;
- m_start = 0;
- }
- InlineBox::markDirty(dirty);
-}
-
LayoutRect InlineTextBox::logicalOverflowRect() const
{
if (knownToHaveNoOverflow() || !gTextBoxesWithOverflow)
Modified: branches/safari-536.30-branch/Source/WebCore/rendering/InlineTextBox.h (145589 => 145590)
--- branches/safari-536.30-branch/Source/WebCore/rendering/InlineTextBox.h 2013-03-12 21:54:11 UTC (rev 145589)
+++ branches/safari-536.30-branch/Source/WebCore/rendering/InlineTextBox.h 2013-03-12 21:55:25 UTC (rev 145590)
@@ -64,19 +64,17 @@
void setNextTextBox(InlineTextBox* n) { m_nextTextBox = n; }
void setPreviousTextBox(InlineTextBox* p) { m_prevTextBox = p; }
- unsigned start() const { ASSERT(!isDirty()); return m_start; }
- unsigned end() const { ASSERT(!isDirty()); return m_len ? m_start + m_len - 1 : m_start; }
- unsigned len() const { ASSERT(!isDirty()); return m_len; }
+ unsigned start() const { return m_start; }
+ unsigned end() const { return m_len ? m_start + m_len - 1 : m_start; }
+ unsigned len() const { return m_len; }
void setStart(unsigned start) { m_start = start; }
void setLen(unsigned len) { m_len = len; }
- void offsetRun(int d) { ASSERT(!isDirty()); m_start += d; }
+ void offsetRun(int d) { m_start += d; }
unsigned short truncation() { return m_truncation; }
- virtual void markDirty(bool dirty = true) OVERRIDE;
-
using InlineBox::hasHyphen;
using InlineBox::setHasHyphen;
using InlineBox::canHaveLeadingExpansion;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
