[webkit-changes] [207925] branches/safari-602-branch

Wed, 26 Oct 2016 16:17:44 -0700

Title: [207925] branches/safari-602-branch

Diff

Modified: branches/safari-602-branch/LayoutTests/ChangeLog (207924 => 207925)


--- branches/safari-602-branch/LayoutTests/ChangeLog	2016-10-26 23:18:17 UTC (rev 207924)
+++ branches/safari-602-branch/LayoutTests/ChangeLog	2016-10-26 23:18:22 UTC (rev 207925)
@@ -1,5 +1,20 @@
 2016-10-26  Matthew Hanson  <matthew_han...@apple.com>
 
+        Merge r207804. rdar://problem/28849628
+
+    2016-10-24  Zalan Bujtas  <za...@apple.com>
+
+            Do not update selection rect on dirty lineboxes.
+            https://bugs.webkit.org/show_bug.cgi?id=163862
+            <rdar://problem/28813156>
+
+            Reviewed by Simon Fraser.
+
+            * fast/css-generated-content/dynamic-first-letter-selection-clear-crash-expected.txt: Added.
+            * fast/css-generated-content/dynamic-first-letter-selection-clear-crash.html: Added.
+
+2016-10-26  Matthew Hanson  <matthew_han...@apple.com>
+
         Merge r207692. rdar://problem/28810751
 
     2016-10-20  Dean Jackson  <d...@apple.com>

Added: branches/safari-602-branch/LayoutTests/fast/css-generated-content/dynamic-first-letter-selection-clear-crash-expected.txt (0 => 207925)


--- branches/safari-602-branch/LayoutTests/fast/css-generated-content/dynamic-first-letter-selection-clear-crash-expected.txt	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/fast/css-generated-content/dynamic-first-letter-selection-clear-crash-expected.txt	2016-10-26 23:18:22 UTC (rev 207925)
@@ -0,0 +1,2 @@
+Pass if
+no crash.

Added: branches/safari-602-branch/LayoutTests/fast/css-generated-content/dynamic-first-letter-selection-clear-crash.html (0 => 207925)


--- branches/safari-602-branch/LayoutTests/fast/css-generated-content/dynamic-first-letter-selection-clear-crash.html	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/fast/css-generated-content/dynamic-first-letter-selection-clear-crash.html	2016-10-26 23:18:22 UTC (rev 207925)
@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>This tests that we can clear selection properly on dynamic content with first letter.</title>
+<style>
+.floatClass::first-letter {
+  float: right;
+}
+
+#innerBody {
+ column-count: 2;
+}
+
+</style>
+</head>
+<body>
+<li id=li style="float: right;">Pass if<span style="float: right;"></span></li><body id=innerBody style="height: 100px"><span id=span style="display: none;"></span>no crash.</body>
+<script>
+  if (window.testRunner)
+    testRunner.dumpAsText();
+  innerBody.style.webkitWritingMode = "vertical-rl";
+  innerBody.className = "floatClass";
+
+  document.getSelection().setBaseAndExtent(span, 0, innerBody, innerBody.childNodes.length);
+  window.getSelection().modify("extend", "left", "documentboundary");
+  innerBody.scrollIntoViewIfNeeded(true);
+  li.style.cssText = "float: right; height: 40px; width: 40px;";
+  document.body.offsetHeight;
+  li.style.cssText = "";
+</script>
+</body>
+</html>

Modified: branches/safari-602-branch/Source/WebCore/ChangeLog (207924 => 207925)


--- branches/safari-602-branch/Source/WebCore/ChangeLog	2016-10-26 23:18:17 UTC (rev 207924)
+++ branches/safari-602-branch/Source/WebCore/ChangeLog	2016-10-26 23:18:22 UTC (rev 207925)
@@ -1,5 +1,40 @@
 2016-10-26  Matthew Hanson  <matthew_han...@apple.com>
 
+        Merge r207804. rdar://problem/28849628
+
+    2016-10-24  Zalan Bujtas  <za...@apple.com>
+
+            Do not update selection rect on dirty lineboxes.
+            https://bugs.webkit.org/show_bug.cgi?id=163862
+            <rdar://problem/28813156>
+
+            Reviewed by Simon Fraser.
+
+            In certain cases RenderBlock::updateFirstLetter() triggers
+            unwanted render tree mutation while the caller assumes intact renderers.
+            This patch ensures that no renderers gets destroyed while computing the preferred widths
+            when we are outside of layout context.
+
+            Test: fast/css-generated-content/dynamic-first-letter-selection-clear-crash.html
+
+            * rendering/RenderBlock.cpp:
+            (WebCore::RenderBlock::computePreferredLogicalWidths):
+            (WebCore::RenderBlock::updateFirstLetter):
+            * rendering/RenderBlock.h:
+            * rendering/RenderListItem.cpp:
+            (WebCore::RenderListItem::insertOrMoveMarkerRendererIfNeeded):
+            * rendering/RenderRubyRun.cpp:
+            (WebCore::RenderRubyRun::updateFirstLetter):
+            * rendering/RenderRubyRun.h:
+            * rendering/RenderTable.cpp:
+            (WebCore::RenderTable::updateFirstLetter):
+            * rendering/RenderTable.h:
+            * rendering/svg/RenderSVGText.cpp:
+            (WebCore::RenderSVGText::updateFirstLetter):
+            * rendering/svg/RenderSVGText.h:
+
+2016-10-26  Matthew Hanson  <matthew_han...@apple.com>
+
         Merge r207692. rdar://problem/28810751
 
     2016-10-20  Dean Jackson  <d...@apple.com>

Modified: branches/safari-602-branch/Source/WebCore/rendering/RenderBlock.cpp (207924 => 207925)


--- branches/safari-602-branch/Source/WebCore/rendering/RenderBlock.cpp	2016-10-26 23:18:17 UTC (rev 207924)
+++ branches/safari-602-branch/Source/WebCore/rendering/RenderBlock.cpp	2016-10-26 23:18:22 UTC (rev 207925)
@@ -2754,7 +2754,9 @@
 {
     ASSERT(preferredLogicalWidthsDirty());
 
-    updateFirstLetter();
+    // FIXME: Do not even try to reshuffle first letter renderers when we are not in layout
+    // until after webkit.org/b/163848 is fixed.
+    updateFirstLetter(view().frameView().isInRenderTreeLayout() ? RenderTreeMutationIsAllowed::Yes : RenderTreeMutationIsAllowed::No);
 
     m_minPreferredLogicalWidth = 0;
     m_maxPreferredLogicalWidth = 0;
@@ -3304,7 +3306,7 @@
         firstLetterContainer = nullptr;
 }
 
-void RenderBlock::updateFirstLetter()
+void RenderBlock::updateFirstLetter(RenderTreeMutationIsAllowed mutationAllowedOrNot)
 {
     RenderObject* firstLetterObj;
     RenderElement* firstLetterContainer;
@@ -3325,6 +3327,8 @@
     if (!is<RenderText>(*firstLetterObj))
         return;
 
+    if (mutationAllowedOrNot != RenderTreeMutationIsAllowed::Yes)
+        return;
     // Our layout state is not valid for the repaints we are going to trigger by
     // adding and removing children of firstLetterContainer.
     LayoutStateDisabler layoutStateDisabler(view());

Modified: branches/safari-602-branch/Source/WebCore/rendering/RenderBlock.h (207924 => 207925)


--- branches/safari-602-branch/Source/WebCore/rendering/RenderBlock.h	2016-10-26 23:18:17 UTC (rev 207924)
+++ branches/safari-602-branch/Source/WebCore/rendering/RenderBlock.h	2016-10-26 23:18:22 UTC (rev 207925)
@@ -243,7 +243,8 @@
     LayoutUnit collapsedMarginBeforeForChild(const RenderBox& child) const;
     LayoutUnit collapsedMarginAfterForChild(const RenderBox& child) const;
 
-    virtual void updateFirstLetter();
+    enum class RenderTreeMutationIsAllowed { Yes, No };
+    virtual void updateFirstLetter(RenderTreeMutationIsAllowed = RenderTreeMutationIsAllowed::Yes);
     void getFirstLetter(RenderObject*& firstLetter, RenderElement*& firstLetterContainer, RenderObject* skipObject = nullptr);
 
     virtual void scrollbarsChanged(bool /*horizontalScrollbarChanged*/, bool /*verticalScrollbarChanged*/) { }

Modified: branches/safari-602-branch/Source/WebCore/rendering/RenderListItem.cpp (207924 => 207925)


--- branches/safari-602-branch/Source/WebCore/rendering/RenderListItem.cpp	2016-10-26 23:18:17 UTC (rev 207924)
+++ branches/safari-602-branch/Source/WebCore/rendering/RenderListItem.cpp	2016-10-26 23:18:22 UTC (rev 207925)
@@ -274,7 +274,7 @@
     if (!m_marker)
         return;
 
-    // FIXME: Do not even try reposition the marker when we are not in layout
+    // FIXME: Do not even try to reposition the marker when we are not in layout
     // until after we fixed webkit.org/b/163789.
     if (!view().frameView().isInRenderTreeLayout())
         return;

Modified: branches/safari-602-branch/Source/WebCore/rendering/RenderRubyRun.cpp (207924 => 207925)


--- branches/safari-602-branch/Source/WebCore/rendering/RenderRubyRun.cpp	2016-10-26 23:18:17 UTC (rev 207924)
+++ branches/safari-602-branch/Source/WebCore/rendering/RenderRubyRun.cpp	2016-10-26 23:18:22 UTC (rev 207925)
@@ -106,7 +106,7 @@
     return 0;
 }
 
-void RenderRubyRun::updateFirstLetter()
+void RenderRubyRun::updateFirstLetter(RenderTreeMutationIsAllowed)
 {
 }

Modified: branches/safari-602-branch/Source/WebCore/rendering/RenderRubyRun.h (207924 => 207925)


--- branches/safari-602-branch/Source/WebCore/rendering/RenderRubyRun.h	2016-10-26 23:18:17 UTC (rev 207924)
+++ branches/safari-602-branch/Source/WebCore/rendering/RenderRubyRun.h	2016-10-26 23:18:22 UTC (rev 207925)
@@ -62,7 +62,7 @@
     void removeChild(RenderObject&) override;
 
     RenderBlock* firstLineBlock() const override;
-    void updateFirstLetter() override;
+    void updateFirstLetter(RenderTreeMutationIsAllowed = RenderTreeMutationIsAllowed::Yes) override;
 
     void getOverhang(bool firstLine, RenderObject* startRenderer, RenderObject* endRenderer, float& startOverhang, float& endOverhang) const;

Modified: branches/safari-602-branch/Source/WebCore/rendering/RenderTable.cpp (207924 => 207925)


--- branches/safari-602-branch/Source/WebCore/rendering/RenderTable.cpp	2016-10-26 23:18:17 UTC (rev 207924)
+++ branches/safari-602-branch/Source/WebCore/rendering/RenderTable.cpp	2016-10-26 23:18:22 UTC (rev 207925)
@@ -1458,7 +1458,7 @@
     return nullptr;
 }
 
-void RenderTable::updateFirstLetter()
+void RenderTable::updateFirstLetter(RenderTreeMutationIsAllowed)
 {
 }

Modified: branches/safari-602-branch/Source/WebCore/rendering/RenderTable.h (207924 => 207925)


--- branches/safari-602-branch/Source/WebCore/rendering/RenderTable.h	2016-10-26 23:18:17 UTC (rev 207924)
+++ branches/safari-602-branch/Source/WebCore/rendering/RenderTable.h	2016-10-26 23:18:22 UTC (rev 207925)
@@ -304,7 +304,7 @@
     void invalidateCachedColumnOffsets();
 
     RenderBlock* firstLineBlock() const final;
-    void updateFirstLetter() final;
+    void updateFirstLetter(RenderTreeMutationIsAllowed = RenderTreeMutationIsAllowed::Yes) final;
     
     void updateLogicalWidth() final;

Modified: branches/safari-602-branch/Source/WebCore/rendering/svg/RenderSVGText.cpp (207924 => 207925)


--- branches/safari-602-branch/Source/WebCore/rendering/svg/RenderSVGText.cpp	2016-10-26 23:18:17 UTC (rev 207924)
+++ branches/safari-602-branch/Source/WebCore/rendering/svg/RenderSVGText.cpp	2016-10-26 23:18:22 UTC (rev 207925)
@@ -545,7 +545,7 @@
 
 // Fix for <rdar://problem/8048875>. We should not render :first-letter CSS Style
 // in a SVG text element context.
-void RenderSVGText::updateFirstLetter()
+void RenderSVGText::updateFirstLetter(RenderTreeMutationIsAllowed)
 {
 }

Modified: branches/safari-602-branch/Source/WebCore/rendering/svg/RenderSVGText.h (207924 => 207925)


--- branches/safari-602-branch/Source/WebCore/rendering/svg/RenderSVGText.h	2016-10-26 23:18:17 UTC (rev 207924)
+++ branches/safari-602-branch/Source/WebCore/rendering/svg/RenderSVGText.h	2016-10-26 23:18:22 UTC (rev 207925)
@@ -92,7 +92,7 @@
     std::unique_ptr<RootInlineBox> createRootInlineBox() override;
 
     RenderBlock* firstLineBlock() const override;
-    void updateFirstLetter() override;
+    void updateFirstLetter(RenderTreeMutationIsAllowed = RenderTreeMutationIsAllowed::Yes) override;
 
     bool shouldHandleSubtreeMutations() const;
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to