Diff
Modified: trunk/LayoutTests/ChangeLog (162678 => 162679)
--- trunk/LayoutTests/ChangeLog 2014-01-24 02:49:42 UTC (rev 162678)
+++ trunk/LayoutTests/ChangeLog 2014-01-24 02:55:15 UTC (rev 162679)
@@ -1,3 +1,14 @@
+2014-01-23 Jon Honeycutt <jhoneyc...@apple.com>
+
+ Assertion failure in WebCore::PseudoElement::didRecalcStyle()
+ <https://bugs.webkit.org/show_bug.cgi?id=126761>
+ <rdar://problem/15793540>
+
+ Reviewed by Andy Estes.
+
+ * fast/images/animate-list-item-image-assertion-expected.txt: Added.
+ * fast/images/animate-list-item-image-assertion.html: Added.
+
2014-01-23 Joseph Pecoraro <pecor...@apple.com>
Web Inspector: Remove recompileAllJSFunctions timer in ScriptDebugServer
Added: trunk/LayoutTests/fast/images/animate-list-item-image-assertion-expected.txt (0 => 162679)
--- trunk/LayoutTests/fast/images/animate-list-item-image-assertion-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/images/animate-list-item-image-assertion-expected.txt 2014-01-24 02:55:15 UTC (rev 162679)
@@ -0,0 +1 @@
+PASSED
Added: trunk/LayoutTests/fast/images/animate-list-item-image-assertion.html (0 => 162679)
--- trunk/LayoutTests/fast/images/animate-list-item-image-assertion.html (rev 0)
+++ trunk/LayoutTests/fast/images/animate-list-item-image-assertion.html 2014-01-24 02:55:15 UTC (rev 162679)
@@ -0,0 +1,38 @@
+<!DOCTYPE html>
+
+<!-- Test passes if it doesn't assert in a debug build. -->
+
+<style>
+ #anchor:after {
+ content: ".";
+ display: block;
+ }
+ span {
+ float: left;
+ }
+ ul {
+ -webkit-animation-name: n;
+ -webkit-animation-duration: .1s;
+ }
+ @-webkit-keyframes n {
+ from { }
+ to { list-style-image: -webkit-repeating-radial-gradient(circle cover, rgb(23,136,16) , rgb(2%,5%,72%) , #373f74); }
+ }
+</style>
+
+<ul id="u">
+ <li>
+ <a id="anchor" href="" id="text">PASSED</span></a>
+ </li>
+</ul>
+
+<script>
+ if (window.testRunner) {
+ window.testRunner.dumpAsText(true);
+ window.testRunner.waitUntilDone();
+
+ document.getElementById("u").addEventListener('webkitAnimationStart', function() {
+ window.testRunner.notifyDone();
+ }, false);
+ }
+</script>
Modified: trunk/Source/WebCore/ChangeLog (162678 => 162679)
--- trunk/Source/WebCore/ChangeLog 2014-01-24 02:49:42 UTC (rev 162678)
+++ trunk/Source/WebCore/ChangeLog 2014-01-24 02:55:15 UTC (rev 162679)
@@ -1,3 +1,44 @@
+2014-01-23 Jon Honeycutt <jhoneyc...@apple.com>
+
+ Assertion failure in WebCore::PseudoElement::didRecalcStyle()
+ <https://bugs.webkit.org/show_bug.cgi?id=126761>
+ <rdar://problem/15793540>
+
+ Reviewed by Andy Estes.
+
+ Test: fast/images/animate-list-item-image-assertion.html
+
+ * dom/PseudoElement.cpp:
+ (WebCore::PseudoElement::didRecalcStyle):
+ Check isRenderImage() rather than isImage() before casting to
+ RenderImage.
+
+ * editing/ios/EditorIOS.mm:
+ (WebCore::getImage):
+ Ditto.
+
+ * editing/mac/EditorMac.mm:
+ (WebCore::getImage):
+ Ditto.
+
+ * html/HTMLImageElement.cpp:
+ (WebCore::HTMLImageElement::parseAttribute):
+ (WebCore::HTMLImageElement::didAttachRenderers):
+ Ditto.
+
+ * loader/ImageLoader.cpp:
+ (WebCore::ImageLoader::renderImageResource):
+ Ditto.
+
+ * page/DragController.cpp:
+ (WebCore::getCachedImage):
+ Ditto.
+
+ * rendering/RenderLayerBacking.cpp:
+ (WebCore::RenderLayerBacking::isDirectlyCompositedImage):
+ (WebCore::RenderLayerBacking::updateImageContents):
+ Ditto.
+
2014-01-23 Joseph Pecoraro <pecor...@apple.com>
Web Inspector: Remove recompileAllJSFunctions timer in ScriptDebugServer
Modified: trunk/Source/WebCore/dom/PseudoElement.cpp (162678 => 162679)
--- trunk/Source/WebCore/dom/PseudoElement.cpp 2014-01-24 02:49:42 UTC (rev 162678)
+++ trunk/Source/WebCore/dom/PseudoElement.cpp 2014-01-24 02:55:15 UTC (rev 162679)
@@ -112,7 +112,7 @@
RenderObject* renderer = this->renderer();
for (RenderObject* child = renderer->nextInPreOrder(renderer); child; child = child->nextInPreOrder(renderer)) {
// We only manage the style for the generated content which must be images or text.
- if (!child->isImage())
+ if (!child->isRenderImage())
continue;
toRenderImage(*child).setStyle(RenderImage::createStyleInheritingFromPseudoStyle(renderer->style()));
}
Modified: trunk/Source/WebCore/editing/ios/EditorIOS.mm (162678 => 162679)
--- trunk/Source/WebCore/editing/ios/EditorIOS.mm 2014-01-24 02:49:42 UTC (rev 162678)
+++ trunk/Source/WebCore/editing/ios/EditorIOS.mm 2014-01-24 02:55:15 UTC (rev 162679)
@@ -345,7 +345,7 @@
static void getImage(Element& imageElement, RefPtr<Image>& image, CachedImage*& cachedImage)
{
auto renderer = imageElement.renderer();
- if (!renderer || !renderer->isImage())
+ if (!renderer || !renderer->isRenderImage())
return;
CachedImage* tentativeCachedImage = toRenderImage(renderer)->cachedImage();
Modified: trunk/Source/WebCore/editing/mac/EditorMac.mm (162678 => 162679)
--- trunk/Source/WebCore/editing/mac/EditorMac.mm 2014-01-24 02:49:42 UTC (rev 162678)
+++ trunk/Source/WebCore/editing/mac/EditorMac.mm 2014-01-24 02:55:15 UTC (rev 162679)
@@ -366,7 +366,7 @@
static void getImage(Element& imageElement, RefPtr<Image>& image, CachedImage*& cachedImage)
{
auto renderer = imageElement.renderer();
- if (!renderer || !renderer->isImage())
+ if (!renderer || !renderer->isRenderImage())
return;
CachedImage* tentativeCachedImage = toRenderImage(renderer)->cachedImage();
Modified: trunk/Source/WebCore/html/HTMLAreaElement.cpp (162678 => 162679)
--- trunk/Source/WebCore/html/HTMLAreaElement.cpp 2014-01-24 02:49:42 UTC (rev 162678)
+++ trunk/Source/WebCore/html/HTMLAreaElement.cpp 2014-01-24 02:55:15 UTC (rev 162679)
@@ -220,7 +220,7 @@
return;
auto renderer = imageElement->renderer();
- if (!renderer || !renderer->isImage())
+ if (!renderer || !renderer->isRenderImage())
return;
toRenderImage(renderer)->areaElementFocusChanged(this);
Modified: trunk/Source/WebCore/html/HTMLImageElement.cpp (162678 => 162679)
--- trunk/Source/WebCore/html/HTMLImageElement.cpp 2014-01-24 02:49:42 UTC (rev 162678)
+++ trunk/Source/WebCore/html/HTMLImageElement.cpp 2014-01-24 02:55:15 UTC (rev 162679)
@@ -115,7 +115,7 @@
void HTMLImageElement::parseAttribute(const QualifiedName& name, const AtomicString& value)
{
if (name == altAttr) {
- if (renderer() && renderer()->isImage())
+ if (renderer() && renderer()->isRenderImage())
toRenderImage(renderer())->updateAltText();
} else if (name == srcAttr || name == srcsetAttr) {
m_bestFitImageURL = bestFitSourceForImageAttributes(document().deviceScaleFactor(), fastGetAttribute(srcAttr), fastGetAttribute(srcsetAttr));
@@ -192,7 +192,7 @@
void HTMLImageElement::didAttachRenderers()
{
- if (!renderer() || !renderer()->isImage())
+ if (!renderer() || !renderer()->isRenderImage())
return;
if (m_imageLoader.hasPendingBeforeLoadEvent())
return;
Modified: trunk/Source/WebCore/loader/ImageLoader.cpp (162678 => 162679)
--- trunk/Source/WebCore/loader/ImageLoader.cpp 2014-01-24 02:49:42 UTC (rev 162678)
+++ trunk/Source/WebCore/loader/ImageLoader.cpp 2014-01-24 02:55:15 UTC (rev 162679)
@@ -325,7 +325,7 @@
// We don't return style generated image because it doesn't belong to the ImageLoader.
// See <https://bugs.webkit.org/show_bug.cgi?id=42840>
- if (renderer->isImage() && !toRenderImage(*renderer).isGeneratedContent())
+ if (renderer->isRenderImage() && !toRenderImage(*renderer).isGeneratedContent())
return &toRenderImage(*renderer).imageResource();
#if ENABLE(SVG)
Modified: trunk/Source/WebCore/page/DragController.cpp (162678 => 162679)
--- trunk/Source/WebCore/page/DragController.cpp 2014-01-24 02:49:42 UTC (rev 162678)
+++ trunk/Source/WebCore/page/DragController.cpp 2014-01-24 02:55:15 UTC (rev 162679)
@@ -655,7 +655,7 @@
static CachedImage* getCachedImage(Element& element)
{
RenderObject* renderer = element.renderer();
- if (!renderer || !renderer->isImage())
+ if (!renderer || !renderer->isRenderImage())
return 0;
RenderImage* image = toRenderImage(renderer);
return image->cachedImage();
Modified: trunk/Source/WebCore/rendering/RenderLayerBacking.cpp (162678 => 162679)
--- trunk/Source/WebCore/rendering/RenderLayerBacking.cpp 2014-01-24 02:49:42 UTC (rev 162678)
+++ trunk/Source/WebCore/rendering/RenderLayerBacking.cpp 2014-01-24 02:55:15 UTC (rev 162679)
@@ -1865,7 +1865,7 @@
// that require painting. Direct compositing saves backing store.
bool RenderLayerBacking::isDirectlyCompositedImage() const
{
- if (!renderer().isImage() || m_owningLayer.hasBoxDecorationsOrBackground() || renderer().hasClip())
+ if (!renderer().isRenderImage() || m_owningLayer.hasBoxDecorationsOrBackground() || renderer().hasClip())
return false;
RenderImage& imageRenderer = toRenderImage(renderer());
@@ -1912,7 +1912,7 @@
void RenderLayerBacking::updateImageContents()
{
- ASSERT(renderer().isImage());
+ ASSERT(renderer().isRenderImage());
RenderImage& imageRenderer = toRenderImage(renderer());
CachedImage* cachedImage = imageRenderer.cachedImage();
Modified: trunk/Source/WebKit/mac/ChangeLog (162678 => 162679)
--- trunk/Source/WebKit/mac/ChangeLog 2014-01-24 02:49:42 UTC (rev 162678)
+++ trunk/Source/WebKit/mac/ChangeLog 2014-01-24 02:55:15 UTC (rev 162679)
@@ -1,3 +1,23 @@
+2014-01-23 Jon Honeycutt <jhoneyc...@apple.com>
+
+ Assertion failure in WebCore::PseudoElement::didRecalcStyle()
+ <https://bugs.webkit.org/show_bug.cgi?id=126761>
+ <rdar://problem/15793540>
+
+ Some areas of code were erroneously checking the value of
+ RenderObject::isImage() rather than RenderObject::isRenderImage()
+ before casting the object to RenderImage.
+
+ This could lead to an assertion failure for RenderListMarkers, which
+ may return true for isImage(), but are not RenderImages.
+
+ Reviewed by Andy Estes.
+
+ * Misc/WebNSPasteboardExtras.mm:
+ (-[NSPasteboard _web_declareAndWriteDragImageForElement:URL:title:archive:source:]):
+ Check isRenderImage() rather than isImage() before casting to
+ RenderImage.
+
2014-01-23 Joseph Pecoraro <pecor...@apple.com>
Web Inspector: Remove recompileAllJSFunctions timer in ScriptDebugServer
Modified: trunk/Source/WebKit/mac/Misc/WebNSPasteboardExtras.mm (162678 => 162679)
--- trunk/Source/WebKit/mac/Misc/WebNSPasteboardExtras.mm 2014-01-24 02:49:42 UTC (rev 162678)
+++ trunk/Source/WebKit/mac/Misc/WebNSPasteboardExtras.mm 2014-01-24 02:55:15 UTC (rev 162679)
@@ -272,7 +272,7 @@
NSString *extension = @"";
if (RenderObject* renderer = core(element)->renderer()) {
- if (renderer->isImage()) {
+ if (renderer->isRenderImage()) {
if (CachedImage* image = toRenderImage(renderer)->cachedImage()) {
extension = image->image()->filenameExtension();
if (![extension length])
Modified: trunk/Source/WebKit2/ChangeLog (162678 => 162679)
--- trunk/Source/WebKit2/ChangeLog 2014-01-24 02:49:42 UTC (rev 162678)
+++ trunk/Source/WebKit2/ChangeLog 2014-01-24 02:55:15 UTC (rev 162679)
@@ -1,3 +1,16 @@
+2014-01-23 Jon Honeycutt <jhoneyc...@apple.com>
+
+ Assertion failure in WebCore::PseudoElement::didRecalcStyle()
+ <https://bugs.webkit.org/show_bug.cgi?id=126761>
+ <rdar://problem/15793540>
+
+ Reviewed by Andy Estes.
+
+ * WebProcess/WebPage/ios/WebPageIOS.mm:
+ (WebKit::WebPage::getPositionInformation):
+ Check isRenderImage() rather than isImage() before casting to
+ RenderImage.
+
2014-01-23 Anders Carlsson <ander...@apple.com>
Move policy client into WKPage.cpp and get rid of WebPolicyClient files
Modified: trunk/Source/WebKit2/WebProcess/WebPage/ios/WebPageIOS.mm (162678 => 162679)
--- trunk/Source/WebKit2/WebProcess/WebPage/ios/WebPageIOS.mm 2014-01-24 02:49:42 UTC (rev 162678)
+++ trunk/Source/WebKit2/WebProcess/WebPage/ios/WebPageIOS.mm 2014-01-24 02:55:15 UTC (rev 162679)
@@ -823,7 +823,7 @@
if (!element)
return;
- if (element->renderer() && element->renderer()->isImage()) {
+ if (element->renderer() && element->renderer()->isRenderImage()) {
URL url = ""
if (!url.string().isNull())
info.url = ""
