Diff
Modified: trunk/LayoutTests/ChangeLog (222213 => 222214)
--- trunk/LayoutTests/ChangeLog 2017-09-19 17:56:41 UTC (rev 222213)
+++ trunk/LayoutTests/ChangeLog 2017-09-19 18:07:57 UTC (rev 222214)
@@ -1,3 +1,14 @@
+2017-09-19 Zalan Bujtas <[email protected]>
+
+ Do not mutate RenderText content during layout.
+ https://bugs.webkit.org/show_bug.cgi?id=176219
+ <rdar://problem/34205724>
+
+ Reviewed by David Hyatt.
+
+ * fast/text/international/dynamic-text-combine-crash.html: Added.
+ * fast/text/text-combine-crash-expected.txt:
+
2017-09-19 Matt Lewis <[email protected]>
Marked http/tests/websocket/tests/hybi/handshake-ok-with-legacy-websocket-response-headers.html as flaky.
Added: trunk/LayoutTests/fast/text/international/dynamic-text-combine-crash-expected.txt (0 => 222214)
--- trunk/LayoutTests/fast/text/international/dynamic-text-combine-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/text/international/dynamic-text-combine-crash-expected.txt 2017-09-19 18:07:57 UTC (rev 222214)
@@ -0,0 +1,6 @@
+Pass if no crash.
+
+
+
+
+
Added: trunk/LayoutTests/fast/text/international/dynamic-text-combine-crash.html (0 => 222214)
--- trunk/LayoutTests/fast/text/international/dynamic-text-combine-crash.html (rev 0)
+++ trunk/LayoutTests/fast/text/international/dynamic-text-combine-crash.html 2017-09-19 18:07:57 UTC (rev 222214)
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<style>
+h3 {
+ max-height: 0;
+ -webkit-text-combine: horizontal;
+ -webkit-writing-mode: vertical-rl;
+}
+</style>
+</head>
+<body><listing>Pass if no crash.<dd contenteditable="true"><h3 id="h">foobar</h3></body>
+<script>
+ if (window.testRunner)
+ testRunner.dumpAsText();
+ window.getSelection().setPosition(h, 1);
+ document.execCommand("delete", false);
+ document.execCommand("delete", false);
+</script>
+</html>
\ No newline at end of file
Modified: trunk/LayoutTests/fast/text/text-combine-crash-expected.txt (222213 => 222214)
--- trunk/LayoutTests/fast/text/text-combine-crash-expected.txt 2017-09-19 17:56:41 UTC (rev 222213)
+++ trunk/LayoutTests/fast/text/text-combine-crash-expected.txt 2017-09-19 18:07:57 UTC (rev 222214)
@@ -4,14 +4,14 @@

-
+
Errlog webtest_fn_1: TypeError: undefined is not an object (evaluating 'document.applets[0].addEventListener')
Errlog webtest_fn_2: TypeError: Argument 1 ('node') to Range.setStartBefore must be an instance of Node
Errlog webtest_fn_3: TypeError: undefined is not an object (evaluating 'document.images[2].contentEditable="true"')
Errlog webtest_fn_8: TypeError: null is not an object (evaluating 'lis.length')
-Errlog webtest_fn_9: TypeError: undefined is not an object (evaluating 'document.anchors[4].setAttribute')
+Errlog webtest_fn_9: TypeError: undefined is not an object (evaluating 'document.anchors[4].setAttribute')
Errlog webtest_fn_10: TypeError: Argument 1 ('node') to Range.setStartAfter must be an instance of Node
-Errlog webtest_fn_15: TypeError: Argument 1 ('node') to Range.setStart must be an instance of Node
+Errlog webtest_fn_15: TypeError: Argument 1 ('node') to Range.setStart must be an instance of Node
Errlog webtest_fn_16: TypeError: undefined is not an object (evaluating 'elem.parentNode')
Errlog webtest_fn_18: TypeError: undefined is not an object (evaluating 'document.applets[0].contentEditable="true"')
Errlog webtest_fn_21: TypeError: undefined is not an object (evaluating 'document.anchors[4].appendChild')
Modified: trunk/Source/WebCore/ChangeLog (222213 => 222214)
--- trunk/Source/WebCore/ChangeLog 2017-09-19 17:56:41 UTC (rev 222213)
+++ trunk/Source/WebCore/ChangeLog 2017-09-19 18:07:57 UTC (rev 222214)
@@ -1,3 +1,30 @@
+2017-09-19 Zalan Bujtas <[email protected]>
+
+ Do not mutate RenderText content during layout.
+ https://bugs.webkit.org/show_bug.cgi?id=176219
+ <rdar://problem/34205724>
+
+ Reviewed by David Hyatt.
+
+ Update combined text when the style/content change as opposed to lazily, during layout.
+ -content mutation during layout might make the inline tree go out of sync.
+
+ Test: fast/text/international/dynamic-text-combine-crash.html
+
+ * rendering/RenderBlockFlow.cpp:
+ (WebCore::RenderBlockFlow::computeInlinePreferredLogicalWidths const):
+ * rendering/RenderCombineText.cpp:
+ (WebCore::RenderCombineText::styleDidChange):
+ (WebCore::RenderCombineText::setRenderedText):
+ (WebCore::RenderCombineText::combineTextIfNeeded):
+ (WebCore::RenderCombineText::combineText): Deleted.
+ * rendering/RenderCombineText.h:
+ * rendering/RenderText.h:
+ * rendering/line/BreakingContext.h:
+ (WebCore::BreakingContext::handleText):
+ * rendering/line/LineBreaker.cpp:
+ (WebCore::LineBreaker::skipLeadingWhitespace):
+
2017-09-19 Nael Ouedraogo <[email protected]>
[GTK] The binding code of Media Source Extension of AudioTrack, VideoTrack and TextTrack is not generated
Modified: trunk/Source/WebCore/rendering/RenderBlockFlow.cpp (222213 => 222214)
--- trunk/Source/WebCore/rendering/RenderBlockFlow.cpp 2017-09-19 17:56:41 UTC (rev 222213)
+++ trunk/Source/WebCore/rendering/RenderBlockFlow.cpp 2017-09-19 18:07:57 UTC (rev 222214)
@@ -4353,7 +4353,7 @@
RenderText& renderText = downcast<RenderText>(*child);
if (renderText.style().hasTextCombine() && renderText.isCombineText())
- downcast<RenderCombineText>(renderText).combineText();
+ downcast<RenderCombineText>(renderText).combineTextIfNeeded();
// Determine if we have a breakable character. Pass in
// whether or not we should ignore any spaces at the front
Modified: trunk/Source/WebCore/rendering/RenderCombineText.cpp (222213 => 222214)
--- trunk/Source/WebCore/rendering/RenderCombineText.cpp 2017-09-19 17:56:41 UTC (rev 222213)
+++ trunk/Source/WebCore/rendering/RenderCombineText.cpp 2017-09-19 18:07:57 UTC (rev 222214)
@@ -54,6 +54,7 @@
}
m_needsFontUpdate = true;
+ combineTextIfNeeded();
}
void RenderCombineText::setRenderedText(const String& text)
@@ -61,6 +62,7 @@
RenderText::setRenderedText(text);
m_needsFontUpdate = true;
+ combineTextIfNeeded();
}
float RenderCombineText::width(unsigned from, unsigned length, const FontCascade& font, float xPosition, HashSet<const Font*>* fallbackFonts, GlyphOverflow* glyphOverflow) const
@@ -95,7 +97,7 @@
return { };
}
-void RenderCombineText::combineText()
+void RenderCombineText::combineTextIfNeeded()
{
if (!m_needsFontUpdate)
return;
@@ -192,6 +194,7 @@
m_combinedTextWidth = combinedTextWidth;
m_combinedTextAscent = glyphOverflow.top;
m_combinedTextDescent = glyphOverflow.bottom;
+ m_lineBoxes.dirtyRange(*this, 0, originalText().length(), originalText().length());
}
}
Modified: trunk/Source/WebCore/rendering/RenderCombineText.h (222213 => 222214)
--- trunk/Source/WebCore/rendering/RenderCombineText.h 2017-09-19 17:56:41 UTC (rev 222213)
+++ trunk/Source/WebCore/rendering/RenderCombineText.h 2017-09-19 18:07:57 UTC (rev 222214)
@@ -32,7 +32,7 @@
Text& textNode() const { return downcast<Text>(nodeForNonAnonymous()); }
- void combineText();
+ void combineTextIfNeeded();
std::optional<FloatPoint> computeTextOrigin(const FloatRect& boxRect) const;
String combinedStringForRendering() const;
bool isCombined() const { return m_isCombined; }
Modified: trunk/Source/WebCore/rendering/RenderText.h (222213 => 222214)
--- trunk/Source/WebCore/rendering/RenderText.h 2017-09-19 17:56:41 UTC (rev 222213)
+++ trunk/Source/WebCore/rendering/RenderText.h 2017-09-19 18:07:57 UTC (rev 222214)
@@ -186,6 +186,8 @@
virtual void setRenderedText(const String&);
virtual UChar previousCharacter() const;
+ RenderTextLineBoxes m_lineBoxes;
+
private:
RenderText(Node&, const String&);
@@ -243,8 +245,6 @@
float m_endMinWidth;
String m_text;
-
- RenderTextLineBoxes m_lineBoxes;
};
inline UChar RenderText::uncheckedCharacterAt(unsigned i) const
Modified: trunk/Source/WebCore/rendering/line/BreakingContext.h (222213 => 222214)
--- trunk/Source/WebCore/rendering/line/BreakingContext.h 2017-09-19 17:56:41 UTC (rev 222213)
+++ trunk/Source/WebCore/rendering/line/BreakingContext.h 2017-09-19 18:07:57 UTC (rev 222214)
@@ -755,7 +755,7 @@
if (renderText.style().hasTextCombine() && is<RenderCombineText>(*m_current.renderer())) {
auto& combineRenderer = downcast<RenderCombineText>(*m_current.renderer());
- combineRenderer.combineText();
+ combineRenderer.combineTextIfNeeded();
// The length of the renderer's text may have changed. Increment stale iterator positions
if (iteratorIsBeyondEndOfRenderCombineText(m_lineBreakHistory.current(), combineRenderer)) {
ASSERT(iteratorIsBeyondEndOfRenderCombineText(m_resolver.position(), combineRenderer));
Modified: trunk/Source/WebCore/rendering/line/LineBreaker.cpp (222213 => 222214)
--- trunk/Source/WebCore/rendering/line/LineBreaker.cpp 2017-09-19 17:56:41 UTC (rev 222213)
+++ trunk/Source/WebCore/rendering/line/LineBreaker.cpp 2017-09-19 18:07:57 UTC (rev 222214)
@@ -68,7 +68,7 @@
} else if (object.isFloating())
m_block.positionNewFloatOnLine(*m_block.insertFloatingObject(downcast<RenderBox>(object)), lastFloatFromPreviousLine, lineInfo, width);
else if (object.style().hasTextCombine() && is<RenderCombineText>(object)) {
- downcast<RenderCombineText>(object).combineText();
+ downcast<RenderCombineText>(object).combineTextIfNeeded();
if (downcast<RenderCombineText>(object).isCombined())
continue;
}
