[webkit-changes] [207310] trunk/Source/WebCore

Thu, 13 Oct 2016 14:40:36 -0700

Title: [207310] trunk/Source/WebCore
Revision
207310
Author
za...@apple.com
Date
2016-10-13 14:41:01 -0700 (Thu, 13 Oct 2016)

Log Message

[Clean RenderTree] LayoutTests/imported/blink/fast/table/crash-bad-child-table-continuation.html fails.
https://bugs.webkit.org/show_bug.cgi?id=163399

Reviewed by David Hyatt.

When we try to insert a renderer before a child whose direct parent is a (anonymus) RenderTable, continuation logic
should dismiss the RenderTable as the parent and find a more appropriate ancestor.
RenderTables assumes a certain descendant tree structure which might not be available in the continuation.

Will be testable with webkit.org/b/162834

* rendering/RenderInline.cpp:
(WebCore::canUseAsParentForContinuation):
(WebCore::RenderInline::addChildToContinuation):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (207309 => 207310)


--- trunk/Source/WebCore/ChangeLog	2016-10-13 21:37:37 UTC (rev 207309)
+++ trunk/Source/WebCore/ChangeLog	2016-10-13 21:41:01 UTC (rev 207310)
@@ -1,3 +1,20 @@
+2016-10-13  Zalan Bujtas  <za...@apple.com>
+
+        [Clean RenderTree] LayoutTests/imported/blink/fast/table/crash-bad-child-table-continuation.html fails.
+        https://bugs.webkit.org/show_bug.cgi?id=163399
+
+        Reviewed by David Hyatt.
+
+        When we try to insert a renderer before a child whose direct parent is a (anonymus) RenderTable, continuation logic
+        should dismiss the RenderTable as the parent and find a more appropriate ancestor.
+        RenderTables assumes a certain descendant tree structure which might not be available in the continuation.
+
+        Will be testable with webkit.org/b/162834
+
+        * rendering/RenderInline.cpp:
+        (WebCore::canUseAsParentForContinuation):
+        (WebCore::RenderInline::addChildToContinuation):
+
 2016-10-13  Alex Christensen  <achristen...@webkit.org>
 
         Disable URLParser for non-Safari iOS and Mac apps for now

Modified: trunk/Source/WebCore/rendering/RenderInline.cpp (207309 => 207310)


--- trunk/Source/WebCore/rendering/RenderInline.cpp	2016-10-13 21:37:37 UTC (rev 207309)
+++ trunk/Source/WebCore/rendering/RenderInline.cpp	2016-10-13 21:41:01 UTC (rev 207310)
@@ -40,6 +40,7 @@
 #include "RenderLineBreak.h"
 #include "RenderListMarker.h"
 #include "RenderNamedFlowThread.h"
+#include "RenderTable.h"
 #include "RenderTheme.h"
 #include "RenderView.h"
 #include "Settings.h"
@@ -601,30 +602,36 @@
     post.setNeedsLayoutAndPrefWidthsRecalc();
 }
 
+static bool canUseAsParentForContinuation(const RenderObject* renderer)
+{
+    if (!renderer)
+        return false;
+    if (!is<RenderBlock>(renderer) && renderer->isAnonymous())
+        return false;
+    if (is<RenderTable>(renderer))
+        return false;
+    return true;
+}
+
 void RenderInline::addChildToContinuation(RenderObject* newChild, RenderObject* beforeChild)
 {
-    RenderBoxModelObject* flow = continuationBefore(beforeChild);
+    auto* flow = continuationBefore(beforeChild);
     // It may or may not be the direct parent of the beforeChild.
     RenderBoxModelObject* beforeChildAncestor = nullptr;
-    // In case of anonymous wrappers, the parent of the beforeChild is mostly irrelevant. What we need is
-    // the topmost wrapper.
-    if (beforeChild && !is<RenderBlock>(beforeChild->parent()) && beforeChild->parent()->isAnonymous()) {
-        RenderElement* anonymousParent = beforeChild->parent();
-        while (anonymousParent && anonymousParent->parent() && anonymousParent->parent()->isAnonymous())
-            anonymousParent = anonymousParent->parent();
-        ASSERT(anonymousParent && anonymousParent->parent());
-        beforeChildAncestor = downcast<RenderBoxModelObject>(anonymousParent->parent());
-    } else {
-        ASSERT(!beforeChild || is<RenderBlock>(*beforeChild->parent()) || is<RenderInline>(*beforeChild->parent()));
-        if (beforeChild)
-            beforeChildAncestor = downcast<RenderBoxModelObject>(beforeChild->parent());
-        else {
-            if (RenderBoxModelObject* continuation = nextContinuation(flow))
-                beforeChildAncestor = continuation;
-            else
-                beforeChildAncestor = flow;
-        }
-    }
+    // In case of anonymous wrappers, the parent of the beforeChild is mostly irrelevant. What we need is the topmost wrapper.
+    if (!beforeChild) {
+        auto* continuation = nextContinuation(flow);
+        beforeChildAncestor = continuation ? continuation : flow;
+    } else if (canUseAsParentForContinuation(beforeChild->parent()))
+        beforeChildAncestor = downcast<RenderBoxModelObject>(beforeChild->parent());
+    else if (beforeChild->parent()) {
+        auto* parent = beforeChild->parent();
+        while (parent && parent->parent() && parent->parent()->isAnonymous())
+            parent = parent->parent();
+        ASSERT(parent && parent->parent());
+        beforeChildAncestor = downcast<RenderBoxModelObject>(parent->parent());
+    } else
+        ASSERT_NOT_REACHED();
 
     if (newChild->isFloatingOrOutOfFlowPositioned())
         return beforeChildAncestor->addChildIgnoringContinuation(newChild, beforeChild);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to