[webkit-changes] [104205] branches/safari-534.54-branch

Thu, 05 Jan 2012 13:22:16 -0800

Title: [104205] branches/safari-534.54-branch

Diff

Modified: branches/safari-534.54-branch/LayoutTests/ChangeLog (104204 => 104205)


--- branches/safari-534.54-branch/LayoutTests/ChangeLog	2012-01-05 21:19:26 UTC (rev 104204)
+++ branches/safari-534.54-branch/LayoutTests/ChangeLog	2012-01-05 21:22:08 UTC (rev 104205)
@@ -1,5 +1,21 @@
 2011-1-5  Lucas Forschler  <[email protected]>
 
+    Merge 98010
+
+    2011-10-20  Ken Buchanan <[email protected]>
+
+            Crash in updateFirstLetter on :after generated content
+            https://bugs.webkit.org/show_bug.cgi?id=70031
+
+            Reviewed by David Hyatt.
+
+            Added test for crash condition with a floating first-letter on after content
+
+            * fast/css-generated-content/after-with-first-letter-float-crash.html: Added
+            * fast/css-generated-content/after-with-first-letter-float-crash-expected.txt: Added
+
+2011-1-5  Lucas Forschler  <[email protected]>
+
     Merge 97927
 
     2011-10-19  Carol Szabo  <[email protected]>

Copied: branches/safari-534.54-branch/LayoutTests/fast/css-generated-content/after-with-first-letter-float-crash-expected.txt (from rev 98010, trunk/LayoutTests/fast/css-generated-content/after-with-first-letter-float-crash-expected.txt) (0 => 104205)


--- branches/safari-534.54-branch/LayoutTests/fast/css-generated-content/after-with-first-letter-float-crash-expected.txt	                        (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/fast/css-generated-content/after-with-first-letter-float-crash-expected.txt	2012-01-05 21:22:08 UTC (rev 104205)
@@ -0,0 +1 @@
+PASS, if the script does not cause a crash or ASSERT failure

Copied: branches/safari-534.54-branch/LayoutTests/fast/css-generated-content/after-with-first-letter-float-crash.html (from rev 98010, trunk/LayoutTests/fast/css-generated-content/after-with-first-letter-float-crash.html) (0 => 104205)


--- branches/safari-534.54-branch/LayoutTests/fast/css-generated-content/after-with-first-letter-float-crash.html	                        (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/fast/css-generated-content/after-with-first-letter-float-crash.html	2012-01-05 21:22:08 UTC (rev 104205)
@@ -0,0 +1,19 @@
+<html>
+    <body>
+        <style type="text/css">
+            div::first-letter { float: right; content: "AB" }
+            div::after { display: table; content: "CD" }
+        </style>
+        <div></div>
+        PASS, if the script does not cause a crash or ASSERT failure
+        <script>
+            function runTest() {
+                document.body.offsetTop;
+                document.body.style.color = "blue";
+                if (window.layoutTestController)
+                    layoutTestController.dumpAsText();
+            }
+            window._onload_ = runTest;
+        </script>
+    </body>
+</html>

Modified: branches/safari-534.54-branch/Source/WebCore/ChangeLog (104204 => 104205)


--- branches/safari-534.54-branch/Source/WebCore/ChangeLog	2012-01-05 21:19:26 UTC (rev 104204)
+++ branches/safari-534.54-branch/Source/WebCore/ChangeLog	2012-01-05 21:22:08 UTC (rev 104205)
@@ -1,5 +1,25 @@
 2011-1-5  Lucas Forschler  <[email protected]>
 
+    Merge 98010
+
+    2011-10-20  Ken Buchanan <[email protected]>
+
+            Crash in updateFirstLetter on :after generated content
+            https://bugs.webkit.org/show_bug.cgi?id=70031
+
+            Reviewed by David Hyatt.
+
+            Preventing findBeforeAfterParent() from returning a first-letter block and overwriting its style.
+            Instead, it returns the block's parent.
+
+            * rendering/RenderBlock.cpp:
+            (WebCore::RenderBlock::updateFirstLetter):
+            * rendering/RenderObjectChildList.cpp:
+            (WebCore::findBeforeAfterParent)
+            (WebCore::RenderObjectChildList::updateBeforeAfterContent): First-letter siblings now already have style applied, so this clause is redundant
+
+2011-1-5  Lucas Forschler  <[email protected]>
+
     Merge 97927
 
     2011-10-19  Carol Szabo  <[email protected]>

Modified: branches/safari-534.54-branch/Source/WebCore/rendering/RenderBlock.cpp (104204 => 104205)


--- branches/safari-534.54-branch/Source/WebCore/rendering/RenderBlock.cpp	2012-01-05 21:19:26 UTC (rev 104204)
+++ branches/safari-534.54-branch/Source/WebCore/rendering/RenderBlock.cpp	2012-01-05 21:22:08 UTC (rev 104205)
@@ -5376,6 +5376,7 @@
         RenderObject* firstLetter = currChild->parent();
         RenderObject* firstLetterContainer = firstLetter->parent();
         RenderStyle* pseudoStyle = styleForFirstLetter(firstLetterBlock, firstLetterContainer);
+        ASSERT(firstLetter->isFloating() || firstLetter->isInline());
 
         if (Node::diff(firstLetter->style(), pseudoStyle) == Node::Detach) {
             // The first-letter renderer needs to be replaced. Create a new renderer of the right type.
@@ -5406,7 +5407,7 @@
                 next = next->nextSibling();
             }
             if (remainingText) {
-                ASSERT(remainingText->node()->renderer() == remainingText);
+                ASSERT(remainingText->isAnonymous() || remainingText->node()->renderer() == remainingText);
                 // Replace the old renderer with the new one.
                 remainingText->setFirstLetter(newFirstLetter);
             }

Modified: branches/safari-534.54-branch/Source/WebCore/rendering/RenderObjectChildList.cpp (104204 => 104205)


--- branches/safari-534.54-branch/Source/WebCore/rendering/RenderObjectChildList.cpp	2012-01-05 21:19:26 UTC (rev 104204)
+++ branches/safari-534.54-branch/Source/WebCore/rendering/RenderObjectChildList.cpp	2012-01-05 21:22:08 UTC (rev 104205)
@@ -255,9 +255,13 @@
     if (!(object->isTable() || object->isTableSection() || object->isTableRow()))
         return object;
 
+    // If there is a :first-letter style applied on the :before or :after content,
+    // then we want the parent of the first-letter block
     RenderObject* beforeAfterParent = object;
-    while (beforeAfterParent && !(beforeAfterParent->isText() || beforeAfterParent->isImage()))
+    while (beforeAfterParent && !(beforeAfterParent->isText() || beforeAfterParent->isImage())
+        && (beforeAfterParent->style()->styleType() != FIRST_LETTER))
         beforeAfterParent = beforeAfterParent->firstChild();
+
     return beforeAfterParent ? beforeAfterParent->parent() : 0;
 }
 
@@ -418,14 +422,6 @@
                     ASSERT(genChild->isListMarker() || genChild->style()->styleType() == FIRST_LETTER);
                 }
             }
-
-            // Update style on the remaining text fragment after the first-letter.
-            if (beforeAfterParent->style()->styleType() == FIRST_LETTER) {
-                if (RenderObject* nextSibling = beforeAfterParent->nextSibling()) {
-                    if (nextSibling->isText() && nextSibling->style()->styleType() == child->style()->styleType())
-                        nextSibling->setStyle(pseudoElementStyle);
-                }
-            }
         }
         return; // We've updated the generated content. That's all we needed to do.
     }

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to