[webkit-changes] [170291] trunk/Source/WebCore

Mon, 23 Jun 2014 08:00:17 -0700

Title: [170291] trunk/Source/WebCore
Revision
170291
Author
stav...@adobe.com
Date
2014-06-23 07:59:48 -0700 (Mon, 23 Jun 2014)

Log Message

REGRESSION (r168046): Incorrect handling of object information in WebCore::RenderFlowThread::removeLineRegionInfo
https://bugs.webkit.org/show_bug.cgi?id=133587

Reviewed by Antti Koivisto.

When an object flowed in multicol is moved from in-flow positioning to out-of-flow positioning,
its information must be removed from the flowthread prior to the change being made.
Otherwise, the flow thread will no longer be its containing block and a reference to it
will not be possible to obtain.

No new tests can be added because the code still hits in an unrelated assertion followed by a null dereference.
The issue was discussed with Antti Koivisto and we decided its better to fix this problem first and
handle the following issue in a separate bug.

* rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::styleWillChange):
* rendering/RenderObject.h:
(WebCore::RenderObject::flowThreadContainingBlock):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (170290 => 170291)


--- trunk/Source/WebCore/ChangeLog	2014-06-23 14:59:26 UTC (rev 170290)
+++ trunk/Source/WebCore/ChangeLog	2014-06-23 14:59:48 UTC (rev 170291)
@@ -1,3 +1,24 @@
+2014-06-23  Radu Stavila  <stav...@adobe.com>
+
+        REGRESSION (r168046): Incorrect handling of object information in WebCore::RenderFlowThread::removeLineRegionInfo
+        https://bugs.webkit.org/show_bug.cgi?id=133587
+
+        Reviewed by Antti Koivisto.
+
+        When an object flowed in multicol is moved from in-flow positioning to out-of-flow positioning,
+        its information must be removed from the flowthread prior to the change being made. 
+        Otherwise, the flow thread will no longer be its containing block and a reference to it
+        will not be possible to obtain.
+
+        No new tests can be added because the code still hits in an unrelated assertion followed by a null dereference.
+        The issue was discussed with Antti Koivisto and we decided its better to fix this problem first and
+        handle the following issue in a separate bug.
+
+        * rendering/RenderBlockFlow.cpp:
+        (WebCore::RenderBlockFlow::styleWillChange):
+        * rendering/RenderObject.h:
+        (WebCore::RenderObject::flowThreadContainingBlock):
+
 2014-06-23  Krzysztof Czech  <k.cz...@samsung.com>
 
         [EFL] Platform support for WebSpeech feature.

Modified: trunk/Source/WebCore/rendering/RenderBlockFlow.cpp (170290 => 170291)


--- trunk/Source/WebCore/rendering/RenderBlockFlow.cpp	2014-06-23 14:59:26 UTC (rev 170290)
+++ trunk/Source/WebCore/rendering/RenderBlockFlow.cpp	2014-06-23 14:59:48 UTC (rev 170291)
@@ -1981,9 +1981,22 @@
     const RenderStyle* oldStyle = hasInitializedStyle() ? &style() : nullptr;
     s_canPropagateFloatIntoSibling = oldStyle ? !isFloatingOrOutOfFlowPositioned() && !avoidsFloats() : false;
 
-    if (oldStyle && parent() && diff == StyleDifferenceLayout && oldStyle->position() != newStyle.position()) {
-        if (containsFloats() && !isFloating() && !isOutOfFlowPositioned() && newStyle.hasOutOfFlowPosition())
-            markAllDescendantsWithFloatsForLayout();
+    if (oldStyle) {
+        EPosition oldPosition = oldStyle->position();
+        EPosition newPosition = newStyle.position();
+        
+        if (parent() && diff == StyleDifferenceLayout && oldPosition != newPosition) {
+            if (containsFloats() && !isFloating() && !isOutOfFlowPositioned() && newStyle.hasOutOfFlowPosition())
+                markAllDescendantsWithFloatsForLayout();
+
+            // If this block is inside a multicol and is moving from in-flow positioning to out-of-flow positioning,
+            // remove its info (such as lines-to-region mapping) from the flowthread because it won't be able to do it later.
+            // The flowthread will no longer be in its containing block chain and, as such, flowThreadContainingBlock will return null.
+            if (RenderFlowThread* flowThread = flowThreadContainingBlock(SkipFlowThreadCache)) {
+                if (flowThread->isRenderMultiColumnFlowThread() && !isOutOfFlowPositioned() && (newPosition == AbsolutePosition || newPosition == FixedPosition))
+                    flowThread->removeFlowChildInfo(this);
+            }
+        }
     }
 
     RenderBlock::styleWillChange(diff, newStyle);

Modified: trunk/Source/WebCore/rendering/RenderObject.h (170290 => 170291)


--- trunk/Source/WebCore/rendering/RenderObject.h	2014-06-23 14:59:26 UTC (rev 170290)
+++ trunk/Source/WebCore/rendering/RenderObject.h	2014-06-23 14:59:48 UTC (rev 170291)
@@ -210,13 +210,19 @@
     RenderBoxModelObject& enclosingBoxModelObject() const;
 
     bool fixedPositionedWithNamedFlowContainingBlock() const;
+
+    enum ShouldUseFlowThreadCache {
+        UseFlowThreadCache,
+        SkipFlowThreadCache
+    };
+
     // Function to return our enclosing flow thread if we are contained inside one. This
     // function follows the containing block chain.
-    RenderFlowThread* flowThreadContainingBlock() const
+    RenderFlowThread* flowThreadContainingBlock(ShouldUseFlowThreadCache useCache = UseFlowThreadCache) const
     {
         if (flowThreadState() == NotInsideFlowThread)
             return 0;
-        return locateFlowThreadContainingBlock();
+        return (useCache == SkipFlowThreadCache) ? locateFlowThreadContainingBlockNoCache() : locateFlowThreadContainingBlock();
     }
 
     RenderNamedFlowFragment* currentRenderNamedFlowFragment() const;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to