Skip to site navigation (Press enter)

[webkit-changes] [95654] trunk

mitz Wed, 21 Sep 2011 11:45:26 -0700

Title: [95654] trunk

Revision: 95654
Author: [email protected]
Date: 2011-09-21 11:45:56 -0700 (Wed, 21 Sep 2011)

Log Message

<rdar://problem/9768483> REGRESSION: Crash in RenderBlock::removeFloatingObjectsBelow()
https://bugs.webkit.org/show_bug.cgi?id=68550


Reviewed by Darin Adler.

Source/WebCore: 

Test: fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow.html

* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::removeFloatingObjectsBelow): Break out of the while() loop when the
floating object set is empty, which can happen if there were no floats on previous lines
(in which case, lastFloat is 0).

LayoutTests: 

* fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow-expected.txt: Added.
* fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/rendering/RenderBlock.cpp

Added Paths

trunk/LayoutTests/fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow-expected.txt
trunk/LayoutTests/fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow.html

Diff

Modified: trunk/LayoutTests/ChangeLog (95653 => 95654)


--- trunk/LayoutTests/ChangeLog	2011-09-21 18:38:58 UTC (rev 95653)
+++ trunk/LayoutTests/ChangeLog	2011-09-21 18:45:56 UTC (rev 95654)
@@ -1,3 +1,13 @@
+2011-09-21  Dan Bernstein  <[email protected]>
+
+        <rdar://problem/9768483> REGRESSION: Crash in RenderBlock::removeFloatingObjectsBelow()
+        https://bugs.webkit.org/show_bug.cgi?id=68550
+
+        Reviewed by Darin Adler.
+
+        * fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow-expected.txt: Added.
+        * fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow.html: Added.
+
 2011-09-21  Dmitry Lomov  <[email protected]>
 
         Fixed bug number in test expectations.

Added: trunk/LayoutTests/fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow-expected.txt (0 => 95654)


--- trunk/LayoutTests/fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow-expected.txt	2011-09-21 18:45:56 UTC (rev 95654)
@@ -0,0 +1,6 @@
+Test for https://bugs.webkit.org/show_bug.cgi?id=68550 REGRESSION: Crash in RenderBlock::removeFloatingObjectsBelow().
+
+The test passes if it does not cause a crash or assertion failure.
+
+Text
+E

Added: trunk/LayoutTests/fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow.html (0 => 95654)


--- trunk/LayoutTests/fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow.html	                        (rev 0)
+++ trunk/LayoutTests/fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow.html	2011-09-21 18:45:56 UTC (rev 95654)
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<p>
+     Test for <i><a href=""
+     REGRESSION: Crash in RenderBlock::removeFloatingObjectsBelow()</i>.
+</p>
+<p>
+    The test passes if it does not cause a crash or assertion failure.
+</p>
+<script>
+    if (window.layoutTestController)
+        layoutTestController.dumpAsText();
+</script>
+<div style="-webkit-columns: 2; width: 200px; height: 40px; font-family: ahem; -webkit-font-smoothing: none;">
+    <div style="height: 12px;"></div>
+    <div>
+        Text<br>E
+        <div style="width: 6px; height: 6px; float: left; background-color: blue;">
+        </div>
+    </div>
+</div>

Modified: trunk/Source/WebCore/ChangeLog (95653 => 95654)


--- trunk/Source/WebCore/ChangeLog	2011-09-21 18:38:58 UTC (rev 95653)
+++ trunk/Source/WebCore/ChangeLog	2011-09-21 18:45:56 UTC (rev 95654)
@@ -1,3 +1,17 @@
+2011-09-21  Dan Bernstein  <[email protected]>
+
+        <rdar://problem/9768483> REGRESSION: Crash in RenderBlock::removeFloatingObjectsBelow()
+        https://bugs.webkit.org/show_bug.cgi?id=68550
+
+        Reviewed by Darin Adler.
+
+        Test: fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow.html
+
+        * rendering/RenderBlock.cpp:
+        (WebCore::RenderBlock::removeFloatingObjectsBelow): Break out of the while() loop when the
+        floating object set is empty, which can happen if there were no floats on previous lines
+        (in which case, lastFloat is 0).
+
 2011-09-21  ChangSeok Oh  <[email protected]>
 
         [GTK] Fix build break when enabling webgl on r95593

Modified: trunk/Source/WebCore/rendering/RenderBlock.cpp (95653 => 95654)


--- trunk/Source/WebCore/rendering/RenderBlock.cpp	2011-09-21 18:38:58 UTC (rev 95653)
+++ trunk/Source/WebCore/rendering/RenderBlock.cpp	2011-09-21 18:45:56 UTC (rev 95654)
@@ -3290,6 +3290,8 @@
         m_floatingObjects->remove(curr);
         ASSERT(!curr->m_originatingLine);
         delete curr;
+        if (floatingObjectSet.isEmpty())
+            break;
         curr = floatingObjectSet.last();
     }
 }

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes