Title: [214023] trunk
- Revision
- 214023
- Author
- za...@apple.com
- Date
- 2017-03-15 18:56:57 -0700 (Wed, 15 Mar 2017)
Log Message
Do not reparent floating object until after intruding/overhanging dependency is cleared.
https://bugs.webkit.org/show_bug.cgi?id=169711
<rdar://problem/30959743>
Reviewed by Simon Fraser.
Source/WebCore:
This patch ensures that we cleanup the m_floatingObjects for siblings before reparenting the fresh float.
Test: fast/block/float/inline-becomes-float-and-moves-around.html
* rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::styleDidChange):
* rendering/RenderElement.cpp:
(WebCore::RenderElement::styleDidChange):
* rendering/RenderElement.h:
(WebCore::RenderElement::noLongerAffectsParentBlock):
LayoutTests:
* fast/block/float/inline-becomes-float-and-moves-around-expected.txt: Added.
* fast/block/float/inline-becomes-float-and-moves-around.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (214022 => 214023)
--- trunk/LayoutTests/ChangeLog 2017-03-16 01:01:45 UTC (rev 214022)
+++ trunk/LayoutTests/ChangeLog 2017-03-16 01:56:57 UTC (rev 214023)
@@ -1,3 +1,14 @@
+2017-03-15 Zalan Bujtas <za...@apple.com>
+
+ Do not reparent floating object until after intruding/overhanging dependency is cleared.
+ https://bugs.webkit.org/show_bug.cgi?id=169711
+ <rdar://problem/30959743>
+
+ Reviewed by Simon Fraser.
+
+ * fast/block/float/inline-becomes-float-and-moves-around-expected.txt: Added.
+ * fast/block/float/inline-becomes-float-and-moves-around.html: Added.
+
2017-03-15 Dave Hyatt <hy...@apple.com>
Positioned SVG not sized correctly
Added: trunk/LayoutTests/fast/block/float/inline-becomes-float-and-moves-around-expected.txt (0 => 214023)
--- trunk/LayoutTests/fast/block/float/inline-becomes-float-and-moves-around-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/block/float/inline-becomes-float-and-moves-around-expected.txt 2017-03-16 01:56:57 UTC (rev 214023)
@@ -0,0 +1,2 @@
+
+PASS if no crash or assert.
Added: trunk/LayoutTests/fast/block/float/inline-becomes-float-and-moves-around.html (0 => 214023)
--- trunk/LayoutTests/fast/block/float/inline-becomes-float-and-moves-around.html (rev 0)
+++ trunk/LayoutTests/fast/block/float/inline-becomes-float-and-moves-around.html 2017-03-16 01:56:57 UTC (rev 214023)
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>This tests that we don't crash while moving floats around.</title>
+<script>
+function runTest() {
+ document.body.offsetHeight
+ div0.style.float = "right"
+ window.getSelection().addRange(document.createRange());
+ div0.parentElement.removeChild(div0)
+ document.body.offsetHeight
+ if (window.testRunner)
+ testRunner.dumpAsText();
+}
+</script>
+<body _onload_="runTest()">
+<div style="display: inline-flex"></div><div id=div0><li style="float: left"></li></div><br><div></div>
+PASS if no crash or assert.
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (214022 => 214023)
--- trunk/Source/WebCore/ChangeLog 2017-03-16 01:01:45 UTC (rev 214022)
+++ trunk/Source/WebCore/ChangeLog 2017-03-16 01:56:57 UTC (rev 214023)
@@ -1,3 +1,22 @@
+2017-03-15 Zalan Bujtas <za...@apple.com>
+
+ Do not reparent floating object until after intruding/overhanging dependency is cleared.
+ https://bugs.webkit.org/show_bug.cgi?id=169711
+ <rdar://problem/30959743>
+
+ Reviewed by Simon Fraser.
+
+ This patch ensures that we cleanup the m_floatingObjects for siblings before reparenting the fresh float.
+
+ Test: fast/block/float/inline-becomes-float-and-moves-around.html
+
+ * rendering/RenderBlockFlow.cpp:
+ (WebCore::RenderBlockFlow::styleDidChange):
+ * rendering/RenderElement.cpp:
+ (WebCore::RenderElement::styleDidChange):
+ * rendering/RenderElement.h:
+ (WebCore::RenderElement::noLongerAffectsParentBlock):
+
2017-03-15 Dean Jackson <d...@apple.com>
Make a base class for WebGL and WebGPU contexts
Modified: trunk/Source/WebCore/rendering/RenderBlockFlow.cpp (214022 => 214023)
--- trunk/Source/WebCore/rendering/RenderBlockFlow.cpp 2017-03-16 01:01:45 UTC (rev 214022)
+++ trunk/Source/WebCore/rendering/RenderBlockFlow.cpp 2017-03-16 01:56:57 UTC (rev 214023)
@@ -2064,6 +2064,10 @@
parentBlock->markAllDescendantsWithFloatsForLayout();
parentBlock->markSiblingsWithFloatsForLayout();
}
+ // Fresh floats need to be reparented if they actually belong to the previous anonymous block.
+ // It copies the logic of RenderBlock::addChildIgnoringContinuation
+ if (noLongerAffectsParentBlock() && style().isFloating() && previousSibling() && previousSibling()->isAnonymousBlock())
+ downcast<RenderBoxModelObject>(*parent()).moveChildTo(&downcast<RenderBoxModelObject>(*previousSibling()), this);
if (auto fragment = renderNamedFlowFragment())
fragment->setStyle(RenderNamedFlowFragment::createStyle(style()));
Modified: trunk/Source/WebCore/rendering/RenderElement.cpp (214022 => 214023)
--- trunk/Source/WebCore/rendering/RenderElement.cpp 2017-03-16 01:01:45 UTC (rev 214022)
+++ trunk/Source/WebCore/rendering/RenderElement.cpp 2017-03-16 01:56:57 UTC (rev 214023)
@@ -1013,13 +1013,8 @@
if (s_affectsParentBlock)
handleDynamicFloatPositionChange();
- if (s_noLongerAffectsParentBlock) {
+ if (s_noLongerAffectsParentBlock)
removeAnonymousWrappersForInlinesIfNecessary();
- // Fresh floats need to be reparented if they actually belong to the previous anonymous block.
- // It copies the logic of RenderBlock::addChildIgnoringContinuation
- if (style().isFloating() && previousSibling() && previousSibling()->isAnonymousBlock())
- downcast<RenderBoxModelObject>(*parent()).moveChildTo(&downcast<RenderBoxModelObject>(*previousSibling()), this);
- }
SVGRenderSupport::styleChanged(*this, oldStyle);
Modified: trunk/Source/WebCore/rendering/RenderElement.h (214022 => 214023)
--- trunk/Source/WebCore/rendering/RenderElement.h 2017-03-16 01:01:45 UTC (rev 214022)
+++ trunk/Source/WebCore/rendering/RenderElement.h 2017-03-16 01:56:57 UTC (rev 214023)
@@ -278,6 +278,8 @@
void removeFromRenderFlowThreadIncludingDescendants(bool shouldUpdateState);
void adjustFlowThreadStateOnContainingBlockChangeIfNeeded();
+
+ bool noLongerAffectsParentBlock() const { return s_noLongerAffectsParentBlock; }
private:
RenderElement(ContainerNode&, RenderStyle&&, BaseTypeFlags);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
