Title: [98561] trunk
- Revision
- 98561
- Author
- [email protected]
- Date
- 2011-10-27 06:22:56 -0700 (Thu, 27 Oct 2011)
Log Message
Crash due to nested first-letter selectors
https://bugs.webkit.org/show_bug.cgi?id=70457
Source/WebCore:
Now only the lowest-level first-letter pseudostyle will be applied to
a given piece of text. Previously the last renderer to have layout
done would have its pseudostyle applied, no matter where it was in the
tree.
Patch by Ken Buchanan <[email protected]> on 2011-10-27
Reviewed by David Hyatt.
* renderer/RenderBlock.cpp:
(WebCore::RenderBlock::updateFirstLetter): Use the pseudostyle from
the lowest level node to have one
LayoutTests:
Adding layout test for nested first-letter pseudostyles causing a crash.
Patch by Ken Buchanan <[email protected]> on 2011-10-27
Reviewed by David Hyatt.
* fast/css/nested-first-letter-with-float-crash.html: Added
* fast/css/nested-first-letter-with-float-crash-expected.txt: Added
Modified Paths
Added Paths
Property Changed
Diff
Modified: trunk/LayoutTests/ChangeLog (98560 => 98561)
--- trunk/LayoutTests/ChangeLog 2011-10-27 13:19:53 UTC (rev 98560)
+++ trunk/LayoutTests/ChangeLog 2011-10-27 13:22:56 UTC (rev 98561)
@@ -1,3 +1,15 @@
+2011-10-27 Ken Buchanan <[email protected]>
+
+ Crash due to nested first-letter selectors
+ https://bugs.webkit.org/show_bug.cgi?id=70457
+
+ Adding layout test for nested first-letter pseudostyles causing a crash.
+
+ Reviewed by David Hyatt.
+
+ * fast/css/nested-first-letter-with-float-crash.html: Added
+ * fast/css/nested-first-letter-with-float-crash-expected.txt: Added
+
2011-10-27 Shinya Kawanaka <[email protected]>
Implement legacy text check emulation in unified text check interface.
Property changes on: trunk/LayoutTests/ChangeLog
___________________________________________________________________
Added: svn:executable
Added: trunk/LayoutTests/fast/css/nested-first-letter-with-float-crash-expected.txt (0 => 98561)
--- trunk/LayoutTests/fast/css/nested-first-letter-with-float-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/css/nested-first-letter-with-float-crash-expected.txt 2011-10-27 13:22:56 UTC (rev 98561)
@@ -0,0 +1,2 @@
+PASS, if the script does not cause a crash or ASSERT failure
+
Property changes on: trunk/LayoutTests/fast/css/nested-first-letter-with-float-crash-expected.txt
___________________________________________________________________
Added: svn:executable
Added: trunk/LayoutTests/fast/css/nested-first-letter-with-float-crash.html (0 => 98561)
--- trunk/LayoutTests/fast/css/nested-first-letter-with-float-crash.html (rev 0)
+++ trunk/LayoutTests/fast/css/nested-first-letter-with-float-crash.html 2011-10-27 13:22:56 UTC (rev 98561)
@@ -0,0 +1,26 @@
+<html>
+ <style type="text/css">
+ .parentStyle { position: absolute; }
+ .parentStyle:first-letter { position: inherit; }
+ .positionedChildStyle { position: absolute; }
+ .divChildStyle:first-letter { float: left; }
+ .divChildStyle:after { float: inherit; content: counter(blah); }
+ </style>
+ PASS, if the script does not cause a crash or ASSERT failure
+ <script>
+ function runTest() {
+ parentDiv = document.createElement('div');
+ parentDiv.setAttribute('class', 'parentStyle');
+ document.documentElement.appendChild(parentDiv);
+ positionedDiv = document.createElement('div');
+ positionedDiv.setAttribute('class', 'positionedChildStyle');
+ parentDiv.appendChild(positionedDiv);
+ divChild = document.createElement('div');
+ divChild.setAttribute('class', 'divChildStyle');
+ parentDiv.appendChild(divChild);
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+ }
+ window._onload_ = runTest;
+ </script>
+</html>
Property changes on: trunk/LayoutTests/fast/css/nested-first-letter-with-float-crash.html
___________________________________________________________________
Added: svn:executable
Modified: trunk/Source/WebCore/ChangeLog (98560 => 98561)
--- trunk/Source/WebCore/ChangeLog 2011-10-27 13:19:53 UTC (rev 98560)
+++ trunk/Source/WebCore/ChangeLog 2011-10-27 13:22:56 UTC (rev 98561)
@@ -1,3 +1,19 @@
+2011-10-27 Ken Buchanan <[email protected]>
+
+ Crash due to nested first-letter selectors
+ https://bugs.webkit.org/show_bug.cgi?id=70457
+
+ Now only the lowest-level first-letter pseudostyle will be applied to
+ a given piece of text. Previously the last renderer to have layout
+ done would have its pseudostyle applied, no matter where it was in the
+ tree.
+
+ Reviewed by David Hyatt.
+
+ * renderer/RenderBlock.cpp:
+ (WebCore::RenderBlock::updateFirstLetter): Use the pseudostyle from
+ the lowest level node to have one
+
2011-10-27 Andras Becsi <[email protected]>
Fix the build if NO_LISTBOX_RENDERING is enabled
Property changes on: trunk/Source/WebCore/ChangeLog
___________________________________________________________________
Added: svn:executable
Modified: trunk/Source/WebCore/rendering/RenderBlock.cpp (98560 => 98561)
--- trunk/Source/WebCore/rendering/RenderBlock.cpp 2011-10-27 13:19:53 UTC (rev 98560)
+++ trunk/Source/WebCore/rendering/RenderBlock.cpp 2011-10-27 13:22:56 UTC (rev 98561)
@@ -5565,6 +5565,11 @@
currChild = currChild->nextSibling();
} else if (currChild->isReplaced() || currChild->isRenderButton() || currChild->isMenuList())
break;
+ else if (currChild->style()->hasPseudoStyle(FIRST_LETTER) && currChild->canHaveChildren()) {
+ // We found a lower-level node with first-letter, which supersedes the higher-level style
+ firstLetterBlock = currChild;
+ currChild = currChild->firstChild();
+ }
else
currChild = currChild->firstChild();
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
