[webkit-changes] [143493] branches/chromium/1364

Wed, 20 Feb 2013 13:22:11 -0800

Title: [143493] branches/chromium/1364

Diff

Modified: branches/chromium/1364/LayoutTests/fast/block/float/float-not-removed-from-pre-block-expected.txt (143492 => 143493)


--- branches/chromium/1364/LayoutTests/fast/block/float/float-not-removed-from-pre-block-expected.txt	2013-02-20 21:20:17 UTC (rev 143492)
+++ branches/chromium/1364/LayoutTests/fast/block/float/float-not-removed-from-pre-block-expected.txt	2013-02-20 21:24:14 UTC (rev 143493)
@@ -1,3 +1,3 @@
 Bug 101970: Heap-use-after-free in WebCore::RenderLayerModelObject::hasSelfPaintingLayer
 Test passes if it does not crash.
-
+

Copied: branches/chromium/1364/LayoutTests/fast/css-generated-content/quote-layout-focus-crash-expected.txt (from rev 142820, trunk/LayoutTests/fast/css-generated-content/quote-layout-focus-crash-expected.txt) (0 => 143493)


--- branches/chromium/1364/LayoutTests/fast/css-generated-content/quote-layout-focus-crash-expected.txt	                        (rev 0)
+++ branches/chromium/1364/LayoutTests/fast/css-generated-content/quote-layout-focus-crash-expected.txt	2013-02-20 21:24:14 UTC (rev 143493)
@@ -0,0 +1,3 @@
+Bug 109616 - ASSERT(!renderer()->needsLayout()) when calling Element::focus() with generated content
+
+

Copied: branches/chromium/1364/LayoutTests/fast/css-generated-content/quote-layout-focus-crash.html (from rev 142820, trunk/LayoutTests/fast/css-generated-content/quote-layout-focus-crash.html) (0 => 143493)


--- branches/chromium/1364/LayoutTests/fast/css-generated-content/quote-layout-focus-crash.html	                        (rev 0)
+++ branches/chromium/1364/LayoutTests/fast/css-generated-content/quote-layout-focus-crash.html	2013-02-20 21:24:14 UTC (rev 143493)
@@ -0,0 +1,47 @@
+<!DOCTYPE html>
+
+<style>
+    /* Must be positioned absolute or static, must have margins to push it out view. */
+    .positioned {
+        position: absolute;
+        margin-top: 100%;
+    }
+
+    /* Any kind of quote will do, can be either :before or :after */
+    .positioned:before,
+    .focusable:before {
+        content: open-quote;
+    }
+</style>
+
+<p>Bug 109616 - ASSERT(!renderer()->needsLayout()) when calling Element::focus() with generated content</p>
+
+<!--
+    This is testing a case where RenderQuote::updateDepth will mark the RenderQuote
+    and its ancestors as needing layout in the middle of a layout of its ancestor.
+    When its ancestor finishes the layout it will mark itself and the ancestors
+    farther up as no longer needing layout. The end result is some subtree
+    needing layout, but the RenderView and possibly other ancestors of the subtree
+    not needing layout.
+
+    ex.
+
+    RenderView <- !needsLayout
+        \
+       RenderBlock (.focusable) <- needsLayout
+            \
+             RenderBlock (generated content) <- needsLayout
+                \
+                 RenderQuote <- needsLayout
+-->
+
+<div class="positioned"></div>
+<div class="focusable" tabindex="1"></div>
+
+<script>
+    if (window.testRunner)
+        testRunner.dumpAsText();
+    // .focusable still needs layout at this point, but RenderView doesn't
+    // think any descendants need layout.
+    document.querySelector('.focusable').focus();
+</script>

Modified: branches/chromium/1364/Source/WebCore/dom/Document.cpp (143492 => 143493)


--- branches/chromium/1364/Source/WebCore/dom/Document.cpp	2013-02-20 21:20:17 UTC (rev 143492)
+++ branches/chromium/1364/Source/WebCore/dom/Document.cpp	2013-02-20 21:24:14 UTC (rev 143493)
@@ -1927,6 +1927,9 @@
 
     StackStats::LayoutCheckPoint layoutCheckPoint;
 
+    if (renderView())
+        renderView()->markQuoteContainingBlocksForLayoutIfNeeded();
+
     // Only do a layout if changes have occurred that make it necessary.      
     if (frameView && renderer() && (frameView->layoutPending() || renderer()->needsLayout()))
         frameView->layout();
@@ -2477,7 +2480,10 @@
     m_overMinimumLayoutThreshold = true;
     if (!ownerElement() || (ownerElement()->renderer() && !ownerElement()->renderer()->needsLayout())) {
         updateStyleIfNeeded();
-        
+
+        if (renderView())
+            renderView()->markQuoteContainingBlocksForLayoutIfNeeded();
+
         // Always do a layout after loading if needed.
         if (view() && renderObject && (!renderObject->firstChild() || renderObject->needsLayout()))
             view()->layout();

Modified: branches/chromium/1364/Source/WebCore/rendering/RenderQuote.h (143492 => 143493)


--- branches/chromium/1364/Source/WebCore/rendering/RenderQuote.h	2013-02-20 21:20:17 UTC (rev 143492)
+++ branches/chromium/1364/Source/WebCore/rendering/RenderQuote.h	2013-02-20 21:24:14 UTC (rev 143493)
@@ -38,6 +38,8 @@
     void attachQuote();
     void detachQuote();
 
+    RenderQuote* next() { return m_next; }
+
 private:
     virtual void willBeDestroyed() OVERRIDE;
     virtual const char* renderName() const OVERRIDE { return "RenderQuote"; };

Modified: branches/chromium/1364/Source/WebCore/rendering/RenderView.cpp (143492 => 143493)


--- branches/chromium/1364/Source/WebCore/rendering/RenderView.cpp	2013-02-20 21:20:17 UTC (rev 143492)
+++ branches/chromium/1364/Source/WebCore/rendering/RenderView.cpp	2013-02-20 21:24:14 UTC (rev 143493)
@@ -36,6 +36,7 @@
 #include "RenderLayer.h"
 #include "RenderLayerBacking.h"
 #include "RenderNamedFlowThread.h"
+#include "RenderQuote.h"
 #include "RenderSelectionInfo.h"
 #include "RenderWidget.h"
 #include "RenderWidgetProtector.h"
@@ -1037,6 +1038,18 @@
     return m_intervalArena.get();
 }
 
+void RenderView::markQuoteContainingBlocksForLayoutIfNeeded()
+{
+    for (RenderQuote* quote = m_renderQuoteHead; quote; quote = quote->next()) {
+        if (!quote->needsLayout())
+            continue;
+        // Can't use markContainingBlocksForLayout because it would abort as soon
+        // as it sees a parent that already thinks it needs layout.
+        for (RenderObject* renderer = quote->parent(); renderer; renderer = renderer->parent())
+            renderer->setChildNeedsLayout(true, MarkOnlyThis);
+    }
+}
+
 void RenderView::reportMemoryUsage(MemoryObjectInfo* memoryObjectInfo) const
 {
     MemoryClassInfo info(memoryObjectInfo, this, PlatformMemoryTypes::Rendering);

Modified: branches/chromium/1364/Source/WebCore/rendering/RenderView.h (143492 => 143493)


--- branches/chromium/1364/Source/WebCore/rendering/RenderView.h	2013-02-20 21:20:17 UTC (rev 143492)
+++ branches/chromium/1364/Source/WebCore/rendering/RenderView.h	2013-02-20 21:24:14 UTC (rev 143493)
@@ -229,6 +229,11 @@
     void removeRenderCounter() { ASSERT(m_renderCounterCount > 0); m_renderCounterCount--; }
     bool hasRenderCounters() { return m_renderCounterCount; }
 
+    // FIXME: This is a hack until we have proper pre layout tasks to handle quote attachment.
+    // See RenderQuote::updateDepth for more details about what this is a workaround for.
+    // See: https://bugs.webkit.org/show_bug.cgi?id=109628
+    void markQuoteContainingBlocksForLayoutIfNeeded();
+
 protected:
     virtual void mapLocalToContainer(const RenderLayerModelObject* repaintContainer, TransformState&, MapCoordinatesFlags = ApplyContainerFlip, bool* wasFixed = 0) const OVERRIDE;
     virtual const RenderObject* pushMappingToContainer(const RenderLayerModelObject* ancestorToStopAt, RenderGeometryMap&) const OVERRIDE;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to