Diff
Modified: trunk/Source/WebCore/ChangeLog (225950 => 225951)
--- trunk/Source/WebCore/ChangeLog 2017-12-15 01:39:11 UTC (rev 225950)
+++ trunk/Source/WebCore/ChangeLog 2017-12-15 01:39:29 UTC (rev 225951)
@@ -1,3 +1,18 @@
+2017-12-14 Commit Queue <[email protected]>
+
+ Unreviewed, rolling out r225878.
+ https://bugs.webkit.org/show_bug.cgi?id=180855
+
+ Introduced a crash in HTMLPictureElement. We're taking a
+ different approach for webkit.org/b/180769 (Requested by rniwa
+ on #webkit).
+
+ Reverted changeset:
+
+ "Crash inside ImageLoader::updateFromElement()"
+ https://bugs.webkit.org/show_bug.cgi?id=180769
+ https://trac.webkit.org/changeset/225878
+
2017-12-14 Ryan Haddad <[email protected]>
Unreviewed, rolling out r225931.
Modified: trunk/Source/WebCore/html/HTMLImageElement.cpp (225950 => 225951)
--- trunk/Source/WebCore/html/HTMLImageElement.cpp 2017-12-15 01:39:11 UTC (rev 225950)
+++ trunk/Source/WebCore/html/HTMLImageElement.cpp 2017-12-15 01:39:29 UTC (rev 225951)
@@ -295,8 +295,6 @@
Node::InsertedIntoAncestorResult HTMLImageElement::insertedIntoAncestor(InsertionType insertionType, ContainerNode& parentOfInsertedTree)
{
- HTMLElement::insertedIntoAncestor(insertionType, parentOfInsertedTree);
-
if (m_formSetByParser) {
m_form = m_formSetByParser;
m_formSetByParser = nullptr;
@@ -313,6 +311,9 @@
if (m_form)
m_form->registerImgElement(this);
}
+ // Insert needs to complete first, before we start updating the loader. Loader dispatches events which could result
+ // in callbacks back to this node.
+ Node::InsertedIntoAncestorResult insertNotificationRequest = HTMLElement::insertedIntoAncestor(insertionType, parentOfInsertedTree);
if (insertionType.connectedToDocument && !m_parsedUsemap.isNull())
document().addImageElementByUsemap(*m_parsedUsemap.impl(), *this);
@@ -319,25 +320,17 @@
if (is<HTMLPictureElement>(parentNode())) {
setPictureElement(&downcast<HTMLPictureElement>(*parentNode()));
- return InsertedIntoAncestorResult::NeedsPostInsertionCallback;
+ selectImageSource();
}
// If we have been inserted from a renderer-less document,
// our loader may have not fetched the image, so do it now.
if (insertionType.connectedToDocument && !m_imageLoader.image())
- return InsertedIntoAncestorResult::NeedsPostInsertionCallback;
+ m_imageLoader.updateFromElement();
- return InsertedIntoAncestorResult::Done;
+ return insertNotificationRequest;
}
-void HTMLImageElement::didFinishInsertingNode()
-{
- if (pictureElement())
- selectImageSource();
- else if (isConnected())
- m_imageLoader.updateFromElement();
-}
-
void HTMLImageElement::removedFromAncestor(RemovalType removalType, ContainerNode& oldParentOfRemovedTree)
{
if (m_form)
Modified: trunk/Source/WebCore/html/HTMLImageElement.h (225950 => 225951)
--- trunk/Source/WebCore/html/HTMLImageElement.h 2017-12-15 01:39:11 UTC (rev 225950)
+++ trunk/Source/WebCore/html/HTMLImageElement.h 2017-12-15 01:39:29 UTC (rev 225951)
@@ -90,9 +90,9 @@
bool hasPendingActivity() const { return m_imageLoader.hasPendingActivity(); }
- bool canContainRangeEndPoint() const final { return false; }
+ bool canContainRangeEndPoint() const override { return false; }
- const AtomicString& imageSourceURL() const final;
+ const AtomicString& imageSourceURL() const override;
bool hasShadowControls() const { return m_experimentalImageMenuEnabled; }
@@ -105,27 +105,26 @@
void didMoveToNewDocument(Document& oldDocument, Document& newDocument) override;
private:
- void parseAttribute(const QualifiedName&, const AtomicString&) final;
- bool isPresentationAttribute(const QualifiedName&) const final;
- void collectStyleForPresentationAttribute(const QualifiedName&, const AtomicString&, MutableStyleProperties&) final;
+ void parseAttribute(const QualifiedName&, const AtomicString&) override;
+ bool isPresentationAttribute(const QualifiedName&) const override;
+ void collectStyleForPresentationAttribute(const QualifiedName&, const AtomicString&, MutableStyleProperties&) override;
- void didAttachRenderers() final;
- RenderPtr<RenderElement> createElementRenderer(RenderStyle&&, const RenderTreePosition&) final;
+ void didAttachRenderers() override;
+ RenderPtr<RenderElement> createElementRenderer(RenderStyle&&, const RenderTreePosition&) override;
void setBestFitURLAndDPRFromImageCandidate(const ImageCandidate&);
- bool canStartSelection() const final;
+ bool canStartSelection() const override;
- bool isURLAttribute(const Attribute&) const final;
- bool attributeContainsURL(const Attribute&) const final;
- String completeURLsInAttributeValue(const URL& base, const Attribute&) const final;
+ bool isURLAttribute(const Attribute&) const override;
+ bool attributeContainsURL(const Attribute&) const override;
+ String completeURLsInAttributeValue(const URL& base, const Attribute&) const override;
- bool draggable() const final;
+ bool draggable() const override;
- void addSubresourceAttributeURLs(ListHashSet<URL>&) const final;
+ void addSubresourceAttributeURLs(ListHashSet<URL>&) const override;
- InsertedIntoAncestorResult insertedIntoAncestor(InsertionType, ContainerNode&) final;
- void didFinishInsertingNode() final;
- void removedFromAncestor(RemovalType, ContainerNode&) final;
+ InsertedIntoAncestorResult insertedIntoAncestor(InsertionType, ContainerNode&) override;
+ void removedFromAncestor(RemovalType, ContainerNode&) override;
bool isFormAssociatedElement() const final { return false; }
FormNamedItem* asFormNamedItem() final { return this; }
@@ -153,7 +152,7 @@
void tryCreateImageControls();
void destroyImageControls();
bool hasImageControls() const;
- bool childShouldCreateRenderer(const Node&) const final;
+ bool childShouldCreateRenderer(const Node&) const override;
#endif
friend class HTMLPictureElement;
Modified: trunk/Source/WebCore/html/HTMLInputElement.cpp (225950 => 225951)
--- trunk/Source/WebCore/html/HTMLInputElement.cpp 2017-12-15 01:39:11 UTC (rev 225950)
+++ trunk/Source/WebCore/html/HTMLInputElement.cpp 2017-12-15 01:39:29 UTC (rev 225951)
@@ -60,7 +60,6 @@
#include "SearchInputType.h"
#include "Settings.h"
#include "StyleResolver.h"
-#include "StyleTreeResolver.h"
#include "TextControlInnerElements.h"
#include <wtf/Language.h>
#include <wtf/MathExtras.h>
@@ -848,11 +847,7 @@
{
HTMLTextFormControlElement::didAttachRenderers();
- if (m_inputType->needsPostStyleResolutionCallback()) {
- Style::queuePostResolutionCallback([protectedElement = makeRef(*this)] {
- protectedElement->m_inputType->updateAfterStyleResolution();
- });
- }
+ m_inputType->attach();
if (document().focusedElement() == this) {
document().view()->queuePostLayoutCallback([protectedThis = makeRef(*this)] {
Modified: trunk/Source/WebCore/html/HTMLMetaElement.h (225950 => 225951)
--- trunk/Source/WebCore/html/HTMLMetaElement.h 2017-12-15 01:39:11 UTC (rev 225950)
+++ trunk/Source/WebCore/html/HTMLMetaElement.h 2017-12-15 01:39:29 UTC (rev 225951)
@@ -40,7 +40,7 @@
void parseAttribute(const QualifiedName&, const AtomicString&) final;
InsertedIntoAncestorResult insertedIntoAncestor(InsertionType, ContainerNode&) final;
- void didFinishInsertingNode() final;
+ void didFinishInsertingNode();
void process();
};
Modified: trunk/Source/WebCore/html/HTMLPictureElement.cpp (225950 => 225951)
--- trunk/Source/WebCore/html/HTMLPictureElement.cpp 2017-12-15 01:39:11 UTC (rev 225950)
+++ trunk/Source/WebCore/html/HTMLPictureElement.cpp 2017-12-15 01:39:29 UTC (rev 225951)
@@ -56,11 +56,8 @@
void HTMLPictureElement::sourcesChanged()
{
- Vector<Ref<HTMLImageElement>, 4> imageElements;
for (auto& element : childrenOfType<HTMLImageElement>(*this))
- imageElements.append(element);
- for (auto& element : imageElements)
- element->selectImageSource();
+ element.selectImageSource();
}
bool HTMLPictureElement::viewportChangeAffectedPicture() const
Modified: trunk/Source/WebCore/html/HTMLSourceElement.cpp (225950 => 225951)
--- trunk/Source/WebCore/html/HTMLSourceElement.cpp 2017-12-15 01:39:11 UTC (rev 225950)
+++ trunk/Source/WebCore/html/HTMLSourceElement.cpp 2017-12-15 01:39:29 UTC (rev 225951)
@@ -74,19 +74,11 @@
else
#endif
if (is<HTMLPictureElement>(*parent))
- return InsertedIntoAncestorResult::NeedsPostInsertionCallback;
-
+ downcast<HTMLPictureElement>(*parent).sourcesChanged();
}
return InsertedIntoAncestorResult::Done;
}
-void HTMLSourceElement::didFinishInsertingNode()
-{
- auto* parent = parentElement();
- if (is<HTMLPictureElement>(*parent))
- downcast<HTMLPictureElement>(*parent).sourcesChanged();
-}
-
void HTMLSourceElement::removedFromAncestor(RemovalType removalType, ContainerNode& oldParentOfRemovedTree)
{
HTMLElement::removedFromAncestor(removalType, oldParentOfRemovedTree);
Modified: trunk/Source/WebCore/html/HTMLSourceElement.h (225950 => 225951)
--- trunk/Source/WebCore/html/HTMLSourceElement.h 2017-12-15 01:39:11 UTC (rev 225950)
+++ trunk/Source/WebCore/html/HTMLSourceElement.h 2017-12-15 01:39:29 UTC (rev 225951)
@@ -46,7 +46,6 @@
HTMLSourceElement(const QualifiedName&, Document&);
InsertedIntoAncestorResult insertedIntoAncestor(InsertionType, ContainerNode&) final;
- void didFinishInsertingNode() final;
void removedFromAncestor(RemovalType, ContainerNode&) final;
bool isURLAttribute(const Attribute&) const final;
Modified: trunk/Source/WebCore/html/HTMLVideoElement.cpp (225950 => 225951)
--- trunk/Source/WebCore/html/HTMLVideoElement.cpp 2017-12-15 01:39:11 UTC (rev 225950)
+++ trunk/Source/WebCore/html/HTMLVideoElement.cpp 2017-12-15 01:39:29 UTC (rev 225951)
@@ -43,7 +43,6 @@
#include "RenderVideo.h"
#include "ScriptController.h"
#include "Settings.h"
-#include "StyleTreeResolver.h"
#include <wtf/text/TextStream.h>
#if ENABLE(VIDEO_PRESENTATION_MODE)
@@ -91,21 +90,14 @@
updateDisplayState();
if (shouldDisplayPosterImage()) {
- Style::queuePostResolutionCallback([protectedThis = makeRef(*this)] {
- protectedThis->updateAfterStyleResolution();
- });
+ if (!m_imageLoader)
+ m_imageLoader = std::make_unique<HTMLImageLoader>(*this);
+ m_imageLoader->updateFromElement();
+ if (auto* renderer = this->renderer())
+ renderer->imageResource().setCachedImage(m_imageLoader->image());
}
}
-void HTMLVideoElement::updateAfterStyleResolution()
-{
- if (!m_imageLoader)
- m_imageLoader = std::make_unique<HTMLImageLoader>(*this);
- m_imageLoader->updateFromElement();
- if (auto* renderer = this->renderer())
- renderer->imageResource().setCachedImage(m_imageLoader->image());
-}
-
void HTMLVideoElement::collectStyleForPresentationAttribute(const QualifiedName& name, const AtomicString& value, MutableStyleProperties& style)
{
if (name == widthAttr)
Modified: trunk/Source/WebCore/html/HTMLVideoElement.h (225950 => 225951)
--- trunk/Source/WebCore/html/HTMLVideoElement.h 2017-12-15 01:39:11 UTC (rev 225950)
+++ trunk/Source/WebCore/html/HTMLVideoElement.h 2017-12-15 01:39:29 UTC (rev 225951)
@@ -96,7 +96,6 @@
void scheduleResizeEventIfSizeChanged() final;
bool rendererIsNeeded(const RenderStyle&) final;
void didAttachRenderers() final;
- void updateAfterStyleResolution();
void parseAttribute(const QualifiedName&, const AtomicString&) final;
bool isPresentationAttribute(const QualifiedName&) const final;
void collectStyleForPresentationAttribute(const QualifiedName&, const AtomicString&, MutableStyleProperties&) final;
Modified: trunk/Source/WebCore/html/ImageInputType.cpp (225950 => 225951)
--- trunk/Source/WebCore/html/ImageInputType.cpp 2017-12-15 01:39:11 UTC (rev 225950)
+++ trunk/Source/WebCore/html/ImageInputType.cpp 2017-12-15 01:39:29 UTC (rev 225951)
@@ -126,13 +126,10 @@
element().ensureImageLoader().updateFromElementIgnoringPreviousError();
}
-bool ImageInputType::needsPostStyleResolutionCallback()
+void ImageInputType::attach()
{
- return true;
-}
+ BaseButtonInputType::attach();
-void ImageInputType::updateAfterStyleResolution()
-{
HTMLImageLoader& imageLoader = element().ensureImageLoader();
imageLoader.updateFromElement();
Modified: trunk/Source/WebCore/html/ImageInputType.h (225950 => 225951)
--- trunk/Source/WebCore/html/ImageInputType.h 2017-12-15 01:39:11 UTC (rev 225950)
+++ trunk/Source/WebCore/html/ImageInputType.h 2017-12-15 01:39:29 UTC (rev 225951)
@@ -50,8 +50,7 @@
void handleDOMActivateEvent(Event&) override;
void altAttributeChanged() override;
void srcAttributeChanged() override;
- bool needsPostStyleResolutionCallback() override;
- void updateAfterStyleResolution() override;
+ void attach() override;
bool shouldRespectAlignAttribute() override;
bool canBeSuccessfulSubmitButton() override;
bool isImageButton() const override;
Modified: trunk/Source/WebCore/html/InputType.cpp (225950 => 225951)
--- trunk/Source/WebCore/html/InputType.cpp 2017-12-15 01:39:11 UTC (rev 225950)
+++ trunk/Source/WebCore/html/InputType.cpp 2017-12-15 01:39:29 UTC (rev 225951)
@@ -587,15 +587,10 @@
{
}
-bool InputType::needsPostStyleResolutionCallback()
+void InputType::attach()
{
- return false;
}
-void InputType::updateAfterStyleResolution()
-{
-}
-
void InputType::detach()
{
}
Modified: trunk/Source/WebCore/html/InputType.h (225950 => 225951)
--- trunk/Source/WebCore/html/InputType.h 2017-12-15 01:39:11 UTC (rev 225950)
+++ trunk/Source/WebCore/html/InputType.h 2017-12-15 01:39:29 UTC (rev 225951)
@@ -235,8 +235,7 @@
virtual bool rendererIsNeeded();
virtual RenderPtr<RenderElement> createInputRenderer(RenderStyle&&);
virtual void addSearchResult();
- virtual bool needsPostStyleResolutionCallback();
- virtual void updateAfterStyleResolution();
+ virtual void attach();
virtual void detach();
virtual void minOrMaxAttributeChanged();
virtual void stepAttributeChanged();
Modified: trunk/Source/WebCore/loader/ImageLoader.cpp (225950 => 225951)
--- trunk/Source/WebCore/loader/ImageLoader.cpp 2017-12-15 01:39:11 UTC (rev 225950)
+++ trunk/Source/WebCore/loader/ImageLoader.cpp 2017-12-15 01:39:29 UTC (rev 225951)
@@ -36,7 +36,6 @@
#include "HTMLNames.h"
#include "HTMLObjectElement.h"
#include "HTMLParserIdioms.h"
-#include "NoEventDispatchAssertion.h"
#include "Page.h"
#include "RenderImage.h"
#include "RenderSVGImage.h"
@@ -158,7 +157,6 @@
void ImageLoader::updateFromElement()
{
- RELEASE_ASSERT(NoEventDispatchAssertion::InMainThread::isEventAllowed());
// If we're not making renderers for the page, then don't load images. We don't want to slow
// down the raw HTML parsing case by loading images we don't intend to display.
Document& document = element().document();
Modified: trunk/Source/WebCore/svg/SVGImageElement.cpp (225950 => 225951)
--- trunk/Source/WebCore/svg/SVGImageElement.cpp 2017-12-15 01:39:11 UTC (rev 225950)
+++ trunk/Source/WebCore/svg/SVGImageElement.cpp 2017-12-15 01:39:29 UTC (rev 225951)
@@ -189,16 +189,14 @@
Node::InsertedIntoAncestorResult SVGImageElement::insertedIntoAncestor(InsertionType insertionType, ContainerNode& parentOfInsertedTree)
{
SVGGraphicsElement::insertedIntoAncestor(insertionType, parentOfInsertedTree);
- if (insertionType.connectedToDocument)
- return InsertedIntoAncestorResult::NeedsPostInsertionCallback;
+ if (!insertionType.connectedToDocument)
+ return InsertedIntoAncestorResult::Done;
+ // Update image loader, as soon as we're living in the tree.
+ // We can only resolve base URIs properly, after that!
+ m_imageLoader.updateFromElement();
return InsertedIntoAncestorResult::Done;
}
-void SVGImageElement::didFinishInsertingNode()
-{
- m_imageLoader.updateFromElement();
-}
-
const AtomicString& SVGImageElement::imageSourceURL() const
{
return getAttribute(XLinkNames::hrefAttr);
Modified: trunk/Source/WebCore/svg/SVGImageElement.h (225950 => 225951)
--- trunk/Source/WebCore/svg/SVGImageElement.h 2017-12-15 01:39:11 UTC (rev 225950)
+++ trunk/Source/WebCore/svg/SVGImageElement.h 2017-12-15 01:39:29 UTC (rev 225951)
@@ -50,7 +50,6 @@
void didAttachRenderers() final;
InsertedIntoAncestorResult insertedIntoAncestor(InsertionType, ContainerNode&) final;
- void didFinishInsertingNode() final;
RenderPtr<RenderElement> createElementRenderer(RenderStyle&&, const RenderTreePosition&) final;
