[webkit-changes] [104237] branches/safari-534.54-branch

Thu, 05 Jan 2012 16:12:16 -0800

Title: [104237] branches/safari-534.54-branch

Diff

Modified: branches/safari-534.54-branch/LayoutTests/ChangeLog (104236 => 104237)


--- branches/safari-534.54-branch/LayoutTests/ChangeLog	2012-01-06 00:01:07 UTC (rev 104236)
+++ branches/safari-534.54-branch/LayoutTests/ChangeLog	2012-01-06 00:12:08 UTC (rev 104237)
@@ -1,5 +1,28 @@
 2011-1-5  Lucas Forschler  <[email protected]>
 
+    Merge 99462
+
+    2011-11-07  Ken Buchanan <[email protected]>
+
+            Crash due to mixed direction text runs
+            https://bugs.webkit.org/show_bug.cgi?id=66015
+
+            Reviewed by David Hyatt.
+
+            In some cases extra bidi runs were being added because appendRun() was being called
+            after the last run of the line was already appended.
+
+            This converts a previous fix for this bug to an ASSERT, because the check is
+            unnecessary, though it is a symptom that text runs have somehow gotten messed up.
+
+            * rendering/InlineIterator.h:
+            (WebCore::InlineBidiResolver::appendRun): Abort append if we've already appended the last
+            run of the line
+            * rendering/RenderBox.cpp:
+            (WebCore::RenderBox::positionLineBox): Revert the previous patch, change to an assert
+
+2011-1-5  Lucas Forschler  <[email protected]>
+
     Merge 98763
 
     2011-10-28  Ken Buchanan <[email protected]>

Copied: branches/safari-534.54-branch/LayoutTests/fast/text/international/bidi-neutral-in-mixed-direction-run-crash-expected.txt (from rev 99462, trunk/LayoutTests/fast/text/international/bidi-neutral-in-mixed-direction-run-crash-expected.txt) (0 => 104237)


--- branches/safari-534.54-branch/LayoutTests/fast/text/international/bidi-neutral-in-mixed-direction-run-crash-expected.txt	                        (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/fast/text/international/bidi-neutral-in-mixed-direction-run-crash-expected.txt	2012-01-06 00:12:08 UTC (rev 104237)
@@ -0,0 +1 @@
+PASS, if no crash or exceptions thrown

Copied: branches/safari-534.54-branch/LayoutTests/fast/text/international/bidi-neutral-in-mixed-direction-run-crash.html (from rev 99462, trunk/LayoutTests/fast/text/international/bidi-neutral-in-mixed-direction-run-crash.html) (0 => 104237)


--- branches/safari-534.54-branch/LayoutTests/fast/text/international/bidi-neutral-in-mixed-direction-run-crash.html	                        (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/fast/text/international/bidi-neutral-in-mixed-direction-run-crash.html	2012-01-06 00:12:08 UTC (rev 104237)
@@ -0,0 +1,25 @@
+<html>
+<style>
+    body { direction: rtl; padding-left: 100%; }
+</style>
+<script>
+    if (window.layoutTestController) {
+        layoutTestController.dumpAsText();
+        layoutTestController.waitUntilDone();
+    }
+
+    function runTest() {
+        document.body.innerHTML = "PASS, if no crash or exceptions thrown";
+
+        if (window.layoutTestController)
+            layoutTestController.notifyDone();
+    }
+
+    setTimeout("runTest()", 0);
+</script>
+0<span>
+<image>
+A 0<div></div>
+</span>
+</html>
+

Modified: branches/safari-534.54-branch/Source/WebCore/ChangeLog (104236 => 104237)


--- branches/safari-534.54-branch/Source/WebCore/ChangeLog	2012-01-06 00:01:07 UTC (rev 104236)
+++ branches/safari-534.54-branch/Source/WebCore/ChangeLog	2012-01-06 00:12:08 UTC (rev 104237)
@@ -1,5 +1,21 @@
 2011-1-5  Lucas Forschler  <[email protected]>
 
+    Merge 99462
+
+    2011-11-07  Ken Buchanan <[email protected]>
+
+            Crash due to mixed direction text runs
+            https://bugs.webkit.org/show_bug.cgi?id=66015
+
+            Reviewed by David Hyatt.
+
+            Test for bug fix.
+
+            * fast/text/international/bidi-neutral-in-mixed-direction-run-crash.html: Added
+            * fast/text/international/bidi-neutral-in-mixed-direction-run-cras-expected.txt: Added
+
+2011-1-5  Lucas Forschler  <[email protected]>
+
     Merge 99439
 
     2011-11-07  Jessie Berlin  <[email protected]>

Modified: branches/safari-534.54-branch/Source/WebCore/rendering/InlineIterator.h (104236 => 104237)


--- branches/safari-534.54-branch/Source/WebCore/rendering/InlineIterator.h	2012-01-06 00:01:07 UTC (rev 104236)
+++ branches/safari-534.54-branch/Source/WebCore/rendering/InlineIterator.h	2012-01-06 00:12:08 UTC (rev 104237)
@@ -305,7 +305,7 @@
 template <>
 inline void InlineBidiResolver::appendRun()
 {
-    if (!m_emptyRun && !m_eor.atEnd()) {
+    if (!m_emptyRun && !m_eor.atEnd() && !m_reachedEndOfLine) {
         int start = m_sor.m_pos;
         RenderObject* obj = m_sor.m_obj;
         while (obj && obj != m_eor.m_obj && obj != endOfLine.m_obj) {

Modified: branches/safari-534.54-branch/Source/WebCore/rendering/RenderBox.cpp (104236 => 104237)


--- branches/safari-534.54-branch/Source/WebCore/rendering/RenderBox.cpp	2012-01-06 00:01:07 UTC (rev 104236)
+++ branches/safari-534.54-branch/Source/WebCore/rendering/RenderBox.cpp	2012-01-06 00:12:08 UTC (rev 104237)
@@ -1388,8 +1388,7 @@
         box->destroy(renderArena());
     } else if (isReplaced()) {
         setLocation(roundedIntPoint(FloatPoint(box->x(), box->y())));
-        if (m_inlineBoxWrapper)
-            deleteLineBoxWrapper();
+        ASSERT(!m_inlineBoxWrapper);
         m_inlineBoxWrapper = box;
     }
 }

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to