Diff
Modified: trunk/LayoutTests/ChangeLog (201918 => 201919)
--- trunk/LayoutTests/ChangeLog 2016-06-10 07:37:52 UTC (rev 201918)
+++ trunk/LayoutTests/ChangeLog 2016-06-10 07:41:23 UTC (rev 201919)
@@ -1,3 +1,16 @@
+2016-06-08 Sergio Villar Senin <[email protected]>
+
+ [css-grid] CRASH when getting the computed style of a grid with only absolutely positioned children
+ https://bugs.webkit.org/show_bug.cgi?id=158537
+
+ Reviewed by Darin Adler.
+
+ * fast/css-grid-layout/grid-only-abspos-item-computed-style-crash-expected.txt: Added.
+ * fast/css-grid-layout/grid-only-abspos-item-computed-style-crash.html: Added.
+ * fast/css-grid-layout/grid-template-shorthand-get-set-expected.txt: Adjusted, grid-template
+ does create explicit tracks so we should return 0px instead of none.
+ * fast/css-grid-layout/grid-template-shorthand-get-set.html: Ditto.
+
2016-06-10 Chris Dumez <[email protected]>
DOMException should be exposed to workers
Added: trunk/LayoutTests/fast/css-grid-layout/grid-only-abspos-item-computed-style-crash-expected.txt (0 => 201919)
--- trunk/LayoutTests/fast/css-grid-layout/grid-only-abspos-item-computed-style-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/css-grid-layout/grid-only-abspos-item-computed-style-crash-expected.txt 2016-06-10 07:41:23 UTC (rev 201919)
@@ -0,0 +1,15 @@
+This test checks that, getting the computed style of a grid with only absolutelly positioned children and no tracks in some axis, does not CRASH.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS window.getComputedStyle(grid1, '').getPropertyValue('grid-template-columns') is "none"
+PASS window.getComputedStyle(grid1, '').getPropertyValue('grid-template-rows') is "20px"
+PASS window.getComputedStyle(grid2, '').getPropertyValue('grid-template-columns') is "10px"
+PASS window.getComputedStyle(grid2, '').getPropertyValue('grid-template-rows') is "none"
+PASS window.getComputedStyle(grid3, '').getPropertyValue('grid-template-columns') is "none"
+PASS window.getComputedStyle(grid3, '').getPropertyValue('grid-template-rows') is "none"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Property changes on: trunk/LayoutTests/fast/css-grid-layout/grid-only-abspos-item-computed-style-crash-expected.txt
___________________________________________________________________
Added: svn:eol-style
Added: trunk/LayoutTests/fast/css-grid-layout/grid-only-abspos-item-computed-style-crash.html (0 => 201919)
--- trunk/LayoutTests/fast/css-grid-layout/grid-only-abspos-item-computed-style-crash.html (rev 0)
+++ trunk/LayoutTests/fast/css-grid-layout/grid-only-abspos-item-computed-style-crash.html 2016-06-10 07:41:23 UTC (rev 201919)
@@ -0,0 +1,38 @@
+<!DOCTYPE html>
+<style type="text/css">
+
+.grid {
+ display: grid;
+ position: relative;
+}
+
+.emptyCols { grid-template-rows: 20px; }
+.emptyRows { grid-template-columns: 10px; }
+
+.absposChild {
+ position: absolute;
+}
+
+</style>
+
+
+<script>
+function runTest() {
+ description("This test checks that, getting the computed style of a grid with only absolutelly positioned children and no tracks in some axis, does not CRASH.");
+ testGridTemplatesValues(document.getElementById("grid1"), "none", "20px");
+ testGridTemplatesValues(document.getElementById("grid2"), "10px", "none");
+ testGridTemplatesValues(document.getElementById("grid3"), "none", "none");
+}
+</script>
+<script src=""
+<script src=""
+
+<body _onload_="runTest()">
+
+<div id="grid1" class="grid emptyCols"><div class="absposChild"></div></div>
+
+<div id="grid2" class="grid emptyRows"><div class="absposChild"></div></div>
+
+<div id="grid3" class="grid"><div class="absposChild"></div></div>
+
+</body>
Property changes on: trunk/LayoutTests/fast/css-grid-layout/grid-only-abspos-item-computed-style-crash.html
___________________________________________________________________
Added: svn:mime-type
Added: svn:eol-style
Modified: trunk/LayoutTests/fast/css-grid-layout/grid-template-shorthand-get-set-expected.txt (201918 => 201919)
--- trunk/LayoutTests/fast/css-grid-layout/grid-template-shorthand-get-set-expected.txt 2016-06-10 07:37:52 UTC (rev 201918)
+++ trunk/LayoutTests/fast/css-grid-layout/grid-template-shorthand-get-set-expected.txt 2016-06-10 07:41:23 UTC (rev 201919)
@@ -49,10 +49,10 @@
PASS window.getComputedStyle(gridTemplateComplexFormWithAuto, '').getPropertyValue('grid-template-columns') is "10px"
PASS window.getComputedStyle(gridTemplateComplexFormWithAuto, '').getPropertyValue('grid-template-rows') is "0px"
PASS window.getComputedStyle(gridTemplateComplexFormWithAuto, '').getPropertyValue('grid-template-areas') is "\"a\""
-PASS window.getComputedStyle(gridTemplateComplexFormOnlyAreas, '').getPropertyValue('grid-template-columns') is "none"
+PASS window.getComputedStyle(gridTemplateComplexFormOnlyAreas, '').getPropertyValue('grid-template-columns') is "0px"
PASS window.getComputedStyle(gridTemplateComplexFormOnlyAreas, '').getPropertyValue('grid-template-rows') is "0px"
PASS window.getComputedStyle(gridTemplateComplexFormOnlyAreas, '').getPropertyValue('grid-template-areas') is "\"a\""
-PASS window.getComputedStyle(gridTemplateNoColumnsRowWithEmptyTrailingLineNames, '').getPropertyValue('grid-template-columns') is "none"
+PASS window.getComputedStyle(gridTemplateNoColumnsRowWithEmptyTrailingLineNames, '').getPropertyValue('grid-template-columns') is "0px"
PASS window.getComputedStyle(gridTemplateNoColumnsRowWithEmptyTrailingLineNames, '').getPropertyValue('grid-template-rows') is "[first] 0px"
PASS window.getComputedStyle(gridTemplateNoColumnsRowWithEmptyTrailingLineNames, '').getPropertyValue('grid-template-areas') is "\"a\""
@@ -171,7 +171,7 @@
PASS element.style.gridTemplateRows is "[foo1 bar1] 50px [foo2 bar2 foo3 bar3] 50px [foo4 bar4]"
PASS getComputedStyle(element, '').getPropertyValue('grid-template-areas') is "\"a\" \"b\""
PASS element.style.gridTemplateAreas is "\"a\" \"b\""
-PASS getComputedStyle(element, '').getPropertyValue('grid-template-columns') is "none"
+PASS getComputedStyle(element, '').getPropertyValue('grid-template-columns') is "0px"
PASS element.style.gridTemplateColumns is "none"
PASS getComputedStyle(element, '').getPropertyValue('grid-template-rows') is "0px"
PASS element.style.gridTemplateRows is "auto"
Modified: trunk/LayoutTests/fast/css-grid-layout/grid-template-shorthand-get-set.html (201918 => 201919)
--- trunk/LayoutTests/fast/css-grid-layout/grid-template-shorthand-get-set.html 2016-06-10 07:37:52 UTC (rev 201918)
+++ trunk/LayoutTests/fast/css-grid-layout/grid-template-shorthand-get-set.html 2016-06-10 07:41:23 UTC (rev 201919)
@@ -2,6 +2,7 @@
<html>
<head>
<link href="" rel="stylesheet">
+<link href="" rel="stylesheet">
<style>
#gridTemplateWithNone {
grid-template: none;
@@ -156,8 +157,8 @@
<div class="grid" id="gridTemplateComplexFormWithLineNamesMultipleRowsAndColumns"></div>
<div class="grid" id="gridTemplateComplexFormWithLineNamesMultipleRowsAndColumnsWithoutRowsSizes"></div>
<div class="grid" id="gridTemplateComplexFormWithAuto"></div>
-<div class="grid" id="gridTemplateComplexFormOnlyAreas"></div>
-<div class="grid" id="gridTemplateNoColumnsRowWithEmptyTrailingLineNames"></div>
+<div class="grid justifyContentStart" id="gridTemplateComplexFormOnlyAreas"></div>
+<div class="grid justifyContentStart" id="gridTemplateNoColumnsRowWithEmptyTrailingLineNames"></div>
<div class="grid" id="gridTemplateNoColumnsRowWithEmptyTrailingLineNamesAndNonEmptyLeadingLineNames"></div>
<div class="grid" id="gridTemplateNoColumnsRowWithNonEmptyLeadingLineNamesAndEmptyTrailingLineNames"></div>
<div class="grid" id="gridTemplateMultipleSlash"></div>
@@ -203,8 +204,8 @@
testGridDefinitionsValues(document.getElementById("gridTemplateComplexFormWithLineNamesMultipleRowsAndColumns"), "[first] 10px [nav nav2] 15px [nav nav2] 15px", "100px [nav nav2] 25px [nav nav2] 25px [last]", '"a b c" "d e f" "g h i"');
testGridDefinitionsValues(document.getElementById("gridTemplateComplexFormWithLineNamesMultipleRowsAndColumnsWithoutRowsSizes"), "[first] 10px [nav nav2] 15px [nav nav2] 15px", "0px [nav nav2] 0px [nav nav2] 0px [last]", '"a b c" "d e f" "g h i"');
testGridDefinitionsValues(document.getElementById("gridTemplateComplexFormWithAuto"), "10px", "0px", '"a"');
- testGridDefinitionsValues(document.getElementById("gridTemplateComplexFormOnlyAreas"), "none", "0px", '"a"');
- testGridDefinitionsValues(document.getElementById("gridTemplateNoColumnsRowWithEmptyTrailingLineNames"), "none", "[first] 0px", '"a"');
+ testGridDefinitionsValues(document.getElementById("gridTemplateComplexFormOnlyAreas"), "0px", "0px", '"a"');
+ testGridDefinitionsValues(document.getElementById("gridTemplateNoColumnsRowWithEmptyTrailingLineNames"), "0px", "[first] 0px", '"a"');
debug("");
debug("Test getting wrong values for grid-template shorthand through CSS (they should resolve to the default: 'none')");
@@ -252,7 +253,7 @@
testGridDefinitionsSetJSValues("66px / 18px", "18px", "66px", "none");
testGridDefinitionsSetJSValues("[head] 'a' 15px [tail] / 10px", "10px", "[head] 15px [tail]", "\"a\"");
testGridDefinitionsSetJSValues("[foo1 bar1] 'a' 50px [foo2 bar2] [foo3 bar3] 'b' 50px [foo4 bar4] / 100px", "100px", "[foo1 bar1] 50px [foo2 bar2 foo3 bar3] 50px [foo4 bar4]", "\"a\" \"b\"");
- testGridDefinitionsSetJSValues("'a'", "none", "0px", "\"a\"", "none", "auto");
+ testGridDefinitionsSetJSValues("'a'", "0px", "0px", "\"a\"", "none", "auto");
debug("");
debug("Test setting grid-template shorthand to bad values through JS");
Modified: trunk/Source/WebCore/ChangeLog (201918 => 201919)
--- trunk/Source/WebCore/ChangeLog 2016-06-10 07:37:52 UTC (rev 201918)
+++ trunk/Source/WebCore/ChangeLog 2016-06-10 07:41:23 UTC (rev 201919)
@@ -1,3 +1,25 @@
+2016-06-08 Sergio Villar Senin <[email protected]>
+
+ [css-grid] CRASH when getting the computed style of a grid with only absolutely positioned children
+ https://bugs.webkit.org/show_bug.cgi?id=158537
+
+ Reviewed by Darin Adler.
+
+ Absolute positioning occurs after layout of the grid and its in-flow contents, and does not
+ contribute to the sizing of any grid tracks or affect the size/configuration of the grid in
+ any way. This means that we should treat as empty any grid whose only children are
+ absolutely positioned items.
+
+ Since r201510 empty grids are no longer internally represented by a 1x1 matrix. As we were
+ not considering grids-with-only-absolutely-positioned-children as empty, we were trying to
+ access some invalid position in the internal representation of the grid triggering an ASSERT
+ in debug builds and a crash in release.
+
+ Test: fast/css-grid-layout/grid-only-abspos-item-computed-style-crash.html
+
+ * css/CSSComputedStyleDeclaration.cpp:
+ (WebCore::valueForGridTrackList):
+
2016-06-10 Chris Dumez <[email protected]>
DOMException should be exposed to workers
Modified: trunk/Source/WebCore/css/CSSComputedStyleDeclaration.cpp (201918 => 201919)
--- trunk/Source/WebCore/css/CSSComputedStyleDeclaration.cpp 2016-06-10 07:37:52 UTC (rev 201918)
+++ trunk/Source/WebCore/css/CSSComputedStyleDeclaration.cpp 2016-06-10 07:41:23 UTC (rev 201919)
@@ -1124,10 +1124,11 @@
// Handle the 'none' case.
bool trackListIsEmpty = trackSizes.isEmpty() && autoRepeatTrackSizes.isEmpty();
if (isRenderGrid && trackListIsEmpty) {
- // For grids we should consider every listed track, whether implicitly or explicitly created. If we don't have
- // any explicit track and there are no children then there are no implicit tracks. We cannot simply check the
- // number of rows/columns in our internal grid representation because it's always at least 1x1 (see r143331).
- trackListIsEmpty = !downcast<RenderBlock>(*renderer).firstChild();
+ // For grids we should consider every listed track, whether implicitly or explicitly
+ // created. Empty grids have a sole grid line per axis.
+ auto& grid = downcast<RenderGrid>(*renderer);
+ auto& positions = isRowAxis ? grid.columnPositions() : grid.rowPositions();
+ trackListIsEmpty = positions.size() == 1;
}
if (trackListIsEmpty)
