[webkit-changes] [210352] branches/safari-603-branch

Thu, 05 Jan 2017 09:09:18 -0800

Title: [210352] branches/safari-603-branch

Diff

Modified: branches/safari-603-branch/LayoutTests/ChangeLog (210351 => 210352)


--- branches/safari-603-branch/LayoutTests/ChangeLog	2017-01-05 17:09:27 UTC (rev 210351)
+++ branches/safari-603-branch/LayoutTests/ChangeLog	2017-01-05 17:09:30 UTC (rev 210352)
@@ -1,5 +1,20 @@
 2017-01-05  Matthew Hanson  <[email protected]>
 
+        Merge r210120. rdar://problem/29772233
+
+    2016-12-22  Zalan Bujtas  <[email protected]>
+
+            Do not destroy the RenderNamedFlowFragment as leftover anonymous block.
+            https://bugs.webkit.org/show_bug.cgi?id=166436
+            rdar://problem/29772233
+
+            Reviewed by Simon Fraser.
+
+            * fast/regions/flow-fragment-as-anonymous-block-crash-expected.txt: Added.
+            * fast/regions/flow-fragment-as-anonymous-block-crash.html: Added.
+
+2017-01-05  Matthew Hanson  <[email protected]>
+
         Merge r210112. rdar://problem/29742039
 
     2016-12-22  Daniel Bates  <[email protected]>

Added: branches/safari-603-branch/LayoutTests/fast/regions/flow-fragment-as-anonymous-block-crash-expected.txt (0 => 210352)


--- branches/safari-603-branch/LayoutTests/fast/regions/flow-fragment-as-anonymous-block-crash-expected.txt	                        (rev 0)
+++ branches/safari-603-branch/LayoutTests/fast/regions/flow-fragment-as-anonymous-block-crash-expected.txt	2017-01-05 17:09:30 UTC (rev 210352)
@@ -0,0 +1,2 @@
+PASS if no crash or assert.
+

Added: branches/safari-603-branch/LayoutTests/fast/regions/flow-fragment-as-anonymous-block-crash.html (0 => 210352)


--- branches/safari-603-branch/LayoutTests/fast/regions/flow-fragment-as-anonymous-block-crash.html	                        (rev 0)
+++ branches/safari-603-branch/LayoutTests/fast/regions/flow-fragment-as-anonymous-block-crash.html	2017-01-05 17:09:30 UTC (rev 210352)
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>This tests that we don't destroy the fragment anonymous block while cleaning up the render tree.</title> 
+<style>
+li { 
+  -webkit-flow-from: foobar;
+}
+
+q {
+  display: list-item;
+  -webkit-flow-from: foobar;
+}
+
+.fuzz0::before{
+  display: block;
+}
+</style>
+</head>
+<body>
+PASS if no crash or assert.
+<li></li><q></q>
+<script>
+if (window.testRunner)
+  testRunner.dumpAsText();
+document.body.offsetHeight;
+document.getElementsByTagName("q")[0].className = "fuzz0";
+document.body.offsetHeight;
+</script>
+</body>
+</html>

Modified: branches/safari-603-branch/Source/WebCore/ChangeLog (210351 => 210352)


--- branches/safari-603-branch/Source/WebCore/ChangeLog	2017-01-05 17:09:27 UTC (rev 210351)
+++ branches/safari-603-branch/Source/WebCore/ChangeLog	2017-01-05 17:09:30 UTC (rev 210352)
@@ -1,5 +1,26 @@
 2017-01-05  Matthew Hanson  <[email protected]>
 
+        Merge r210120. rdar://problem/29772233
+
+    2016-12-22  Zalan Bujtas  <[email protected]>
+
+            Do not destroy the RenderNamedFlowFragment as leftover anonymous block.
+            https://bugs.webkit.org/show_bug.cgi?id=166436
+            rdar://problem/29772233
+
+            Reviewed by Simon Fraser.
+
+            When as the result of certain style change, the generated anonymous block is not needed anymore, we
+            move its descendants up to the parent and destroy the generated box. While RenderNamedFlowFragment is a generated
+            block, the cleanup code should just ignore it the same way we ignore boxes like multicolumn, mathml etc.
+
+            Test: fast/regions/flow-fragment-as-anonymous-block-crash.html
+
+            * rendering/RenderObject.h:
+            (WebCore::RenderObject::isAnonymousBlock):
+
+2017-01-05  Matthew Hanson  <[email protected]>
+
         Merge r210112. rdar://problem/29742039
 
     2016-12-22  Daniel Bates  <[email protected]>

Modified: branches/safari-603-branch/Source/WebCore/rendering/RenderObject.h (210351 => 210352)


--- branches/safari-603-branch/Source/WebCore/rendering/RenderObject.h	2017-01-05 17:09:27 UTC (rev 210351)
+++ branches/safari-603-branch/Source/WebCore/rendering/RenderObject.h	2017-01-05 17:09:30 UTC (rev 210352)
@@ -412,7 +412,7 @@
         // RenderBlock::createAnonymousBlock(). This includes creating an anonymous
         // RenderBlock having a BLOCK or BOX display. Other classes such as RenderTextFragment
         // are not RenderBlocks and will return false. See https://bugs.webkit.org/show_bug.cgi?id=56709. 
-        return isAnonymous() && (style().display() == BLOCK || style().display() == BOX) && style().styleType() == NOPSEUDO && isRenderBlock() && !isListMarker() && !isRenderFlowThread() && !isRenderMultiColumnSet() && !isRenderView()
+        return isAnonymous() && (style().display() == BLOCK || style().display() == BOX) && style().styleType() == NOPSEUDO && isRenderBlock() && !isListMarker() && !isRenderFlowThread() && !isRenderNamedFlowFragment() && !isRenderMultiColumnSet() && !isRenderView()
 #if ENABLE(FULLSCREEN_API)
             && !isRenderFullScreen()
             && !isRenderFullScreenPlaceholder()

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to