[webkit-changes] [273174] branches/safari-611-branch/Source/WebCore

Fri, 19 Feb 2021 15:38:28 -0800

Title: [273174] branches/safari-611-branch/Source/WebCore
Revision
273174
Author
alanc...@apple.com
Date
2021-02-19 15:37:52 -0800 (Fri, 19 Feb 2021)

Log Message

Cherry-pick r272931. rdar://problem/74500616

    RenderElement::containingBlockForAbsolutePosition may call RenderObject::containingBlock recursively
    https://bugs.webkit.org/show_bug.cgi?id=221976
    <rdar://problem/72775667>

    Reviewed by Simon Fraser.

    When a RenderInline happens to be absolute positioned (this is a highly incorrect state, see webkit.org/b/221994), containingBlockForAbsolutePosition() calls containingBlock()
    with |this| and in return containingBlock() calls back on containingBlockForAbsolutePosition() with the same renderer.
    This patch ensures that we always call containingBlock() from containingBlockForAbsolutePosition() with an ancestor -mostly with the parent().

    * rendering/RenderElement.cpp:
    (WebCore::RenderElement::containingBlockForAbsolutePosition const):

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@272931 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

Diff

Modified: branches/safari-611-branch/Source/WebCore/ChangeLog (273173 => 273174)


--- branches/safari-611-branch/Source/WebCore/ChangeLog	2021-02-19 23:37:49 UTC (rev 273173)
+++ branches/safari-611-branch/Source/WebCore/ChangeLog	2021-02-19 23:37:52 UTC (rev 273174)
@@ -1,5 +1,40 @@
 2021-02-19  Alan Coon  <alanc...@apple.com>
 
+        Cherry-pick r272931. rdar://problem/74500616
+
+    RenderElement::containingBlockForAbsolutePosition may call RenderObject::containingBlock recursively
+    https://bugs.webkit.org/show_bug.cgi?id=221976
+    <rdar://problem/72775667>
+    
+    Reviewed by Simon Fraser.
+    
+    When a RenderInline happens to be absolute positioned (this is a highly incorrect state, see webkit.org/b/221994), containingBlockForAbsolutePosition() calls containingBlock()
+    with |this| and in return containingBlock() calls back on containingBlockForAbsolutePosition() with the same renderer.
+    This patch ensures that we always call containingBlock() from containingBlockForAbsolutePosition() with an ancestor -mostly with the parent().
+    
+    * rendering/RenderElement.cpp:
+    (WebCore::RenderElement::containingBlockForAbsolutePosition const):
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@272931 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2021-02-16  Zalan Bujtas  <za...@apple.com>
+
+            RenderElement::containingBlockForAbsolutePosition may call RenderObject::containingBlock recursively
+            https://bugs.webkit.org/show_bug.cgi?id=221976
+            <rdar://problem/72775667>
+
+            Reviewed by Simon Fraser.
+
+            When a RenderInline happens to be absolute positioned (this is a highly incorrect state, see webkit.org/b/221994), containingBlockForAbsolutePosition() calls containingBlock()
+            with |this| and in return containingBlock() calls back on containingBlockForAbsolutePosition() with the same renderer.
+            This patch ensures that we always call containingBlock() from containingBlockForAbsolutePosition() with an ancestor -mostly with the parent().
+
+            * rendering/RenderElement.cpp:
+            (WebCore::RenderElement::containingBlockForAbsolutePosition const):
+
+2021-02-19  Alan Coon  <alanc...@apple.com>
+
         Cherry-pick r272927. rdar://problem/74500651
 
     REGRESSION(r271515): ::marker fired at wrong time

Modified: branches/safari-611-branch/Source/WebCore/rendering/RenderElement.cpp (273173 => 273174)


--- branches/safari-611-branch/Source/WebCore/rendering/RenderElement.cpp	2021-02-19 23:37:49 UTC (rev 273173)
+++ branches/safari-611-branch/Source/WebCore/rendering/RenderElement.cpp	2021-02-19 23:37:52 UTC (rev 273174)
@@ -601,15 +601,22 @@
 
 RenderBlock* RenderElement::containingBlockForAbsolutePosition() const
 {
-    // A relatively positioned RenderInline forwards its absolute positioned descendants to
-    // its nearest non-anonymous containing block (to avoid having a positioned objects list in all RenderInlines).
-    auto* renderer = isRenderInline() ? const_cast<RenderElement*>(downcast<RenderElement>(this)) : parent();
-    while (renderer && !renderer->canContainAbsolutelyPositionedObjects())
-        renderer = renderer->parent();
+    auto nearestNonAnonymousContainingBlockIncludingSelf = [&] (auto* renderer) {
+        while (renderer && (!is<RenderBlock>(*renderer) || renderer->isAnonymousBlock()))
+            renderer = renderer->containingBlock();
+        return downcast<RenderBlock>(renderer);
+    };
+
+    if (is<RenderInline>(*this) && style().position() == PositionType::Relative) {
+        // A relatively positioned RenderInline forwards its absolute positioned descendants to
+        // its nearest non-anonymous containing block (to avoid having positioned objects list in RenderInlines).
+        return nearestNonAnonymousContainingBlockIncludingSelf(parent());
+    }
+    auto* ancestor = parent();
+    while (ancestor && !ancestor->canContainAbsolutelyPositionedObjects())
+        ancestor = ancestor->parent();
     // Make sure we only return non-anonymous RenderBlock as containing block.
-    while (renderer && (!is<RenderBlock>(*renderer) || renderer->isAnonymousBlock()))
-        renderer = renderer->containingBlock();
-    return downcast<RenderBlock>(renderer);
+    return nearestNonAnonymousContainingBlockIncludingSelf(ancestor);
 }
 
 static void addLayers(RenderElement& renderer, RenderLayer* parentLayer, RenderElement*& newObject, RenderLayer*& beforeChild)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to