[webkit-changes] [257987] releases/WebKitGTK/webkit-2.28

[carlosgc]

Title: [257987] releases/WebKitGTK/webkit-2.28

Revision

257987

Author

carlo...@webkit.org

Date

2020-03-06 06:28:28 -0800 (Fri, 06 Mar 2020)

Log Message

Merge r257720 - ASSERT(m_column != unsetColumnIndex) in RenderTable::cellBefore
https://bugs.webkit.org/show_bug.cgi?id=208397

Patch by Doug Kelly <do...@apple.com> on 2020-03-02
Reviewed by Zalan Bujtas.

Source/WebCore:

When inserting a cell into a table row which is not visible, this can lead to attempting to compute the repaint
rects during tree building.  Instead, mark the layer as dirty using dirtyVisibleContentStatus(), and the visibility
will be recomputed at a later time.

Test: fast/table/insert-cell-invisible-parent.html

* rendering/RenderElement.cpp:
(WebCore::RenderElement::insertedIntoTree):

LayoutTests:

* fast/table/insert-cell-invisible-parent-expected.txt: Added.
* fast/table/insert-cell-invisible-parent.html: Added.

Modified Paths

• releases/WebKitGTK/webkit-2.28/LayoutTests/ChangeLog
• releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog
• releases/WebKitGTK/webkit-2.28/Source/WebCore/rendering/RenderElement.cpp

Added Paths

• releases/WebKitGTK/webkit-2.28/LayoutTests/fast/table/insert-cell-invisible-parent-expected.txt
• releases/WebKitGTK/webkit-2.28/LayoutTests/fast/table/insert-cell-invisible-parent.html

Diff

Modified: releases/WebKitGTK/webkit-2.28/LayoutTests/ChangeLog (257986 => 257987)

--- releases/WebKitGTK/webkit-2.28/LayoutTests/ChangeLog	2020-03-06 14:28:23 UTC (rev 257986)
+++ releases/WebKitGTK/webkit-2.28/LayoutTests/ChangeLog	2020-03-06 14:28:28 UTC (rev 257987)
@@ -1,3 +1,13 @@
+2020-03-02  Doug Kelly  <do...@apple.com>
+
+        ASSERT(m_column != unsetColumnIndex) in RenderTable::cellBefore
+        https://bugs.webkit.org/show_bug.cgi?id=208397
+
+        Reviewed by Zalan Bujtas.
+
+        * fast/table/insert-cell-invisible-parent-expected.txt: Added.
+        * fast/table/insert-cell-invisible-parent.html: Added.
+
 2020-02-28  Chris Dumez  <cdu...@apple.com>
 
         Garbage collection prevents FontFace.loaded promise from getting resolved

Added: releases/WebKitGTK/webkit-2.28/LayoutTests/fast/table/insert-cell-invisible-parent-expected.txt (0 => 257987)

--- releases/WebKitGTK/webkit-2.28/LayoutTests/fast/table/insert-cell-invisible-parent-expected.txt	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.28/LayoutTests/fast/table/insert-cell-invisible-parent-expected.txt	2020-03-06 14:28:28 UTC (rev 257987)
@@ -0,0 +1 @@
+Tests if a newly-inserted cell is properly added when parent element is not visible. Test passes if WebKit does not crash. PASS

Added: releases/WebKitGTK/webkit-2.28/LayoutTests/fast/table/insert-cell-invisible-parent.html (0 => 257987)

--- releases/WebKitGTK/webkit-2.28/LayoutTests/fast/table/insert-cell-invisible-parent.html	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.28/LayoutTests/fast/table/insert-cell-invisible-parent.html	2020-03-06 14:28:28 UTC (rev 257987)
@@ -0,0 +1,16 @@
+<style>
+    td { visibility: initial; }
+    #row { visibility: collapse; -webkit-backface-visibility: hidden; }
+</style>
+<table rules="none">
+<tr id="row">
+<script>
+document.body.offsetHeight;
+window.scrollBy();
+row.insertCell();
+document.body.offsetWidth;
+if (window.testRunner) {
+    document.body.innerText = "Tests if a newly-inserted cell is properly added when parent element is not visible.  Test passes if WebKit does not crash.  PASS";
+    testRunner.dumpAsText();
+}
+</script>

Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog (257986 => 257987)

--- releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog	2020-03-06 14:28:23 UTC (rev 257986)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog	2020-03-06 14:28:28 UTC (rev 257987)
@@ -1,3 +1,19 @@
+2020-03-02  Doug Kelly  <do...@apple.com>
+
+        ASSERT(m_column != unsetColumnIndex) in RenderTable::cellBefore
+        https://bugs.webkit.org/show_bug.cgi?id=208397
+
+        Reviewed by Zalan Bujtas.
+
+        When inserting a cell into a table row which is not visible, this can lead to attempting to compute the repaint
+        rects during tree building.  Instead, mark the layer as dirty using dirtyVisibleContentStatus(), and the visibility
+        will be recomputed at a later time.
+
+        Test: fast/table/insert-cell-invisible-parent.html
+
+        * rendering/RenderElement.cpp:
+        (WebCore::RenderElement::insertedIntoTree):
+
 2020-03-02  Chris Dumez  <cdu...@apple.com>
 
         Add quirk to disable to back/forward cache on docs.google.com

Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/rendering/RenderElement.cpp (257986 => 257987)

--- releases/WebKitGTK/webkit-2.28/Source/WebCore/rendering/RenderElement.cpp	2020-03-06 14:28:23 UTC (rev 257986)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/rendering/RenderElement.cpp	2020-03-06 14:28:28 UTC (rev 257987)
@@ -885,7 +885,7 @@
         if (!layer)
             layer = parent()->enclosingLayer();
         if (layer)
-            layer->setHasVisibleContent();
+            layer->dirtyVisibleContentStatus();
     }
 
     RenderObject::insertedIntoTree();

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes