[webkit-changes] [105911] trunk

Wed, 25 Jan 2012 12:22:00 -0800

Title: [105911] trunk
Revision
105911
Author
[email protected]
Date
2012-01-25 12:21:52 -0800 (Wed, 25 Jan 2012)

Log Message

Unreviewed, rolling out r105828.
http://trac.webkit.org/changeset/105828
https://bugs.webkit.org/show_bug.cgi?id=77036

Caused many crashes in ClusterFuzz and PerformanceTests
(Requested by inferno-sec on #webkit).

Patch by Sheriff Bot <[email protected]> on 2012-01-25

Source/WebCore: 

* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::removeChild):
* rendering/RenderBlock.h:
(RenderBlock):

LayoutTests: 

* fast/css-generated-content/float-first-letter-siblings-convert-to-inline-expected.txt: Removed.
* fast/css-generated-content/float-first-letter-siblings-convert-to-inline.html: Removed.

Modified Paths

Removed Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (105910 => 105911)


--- trunk/LayoutTests/ChangeLog	2012-01-25 20:21:18 UTC (rev 105910)
+++ trunk/LayoutTests/ChangeLog	2012-01-25 20:21:52 UTC (rev 105911)
@@ -1,3 +1,15 @@
+2012-01-25  Sheriff Bot  <[email protected]>
+
+        Unreviewed, rolling out r105828.
+        http://trac.webkit.org/changeset/105828
+        https://bugs.webkit.org/show_bug.cgi?id=77036
+
+        Caused many crashes in ClusterFuzz and PerformanceTests
+        (Requested by inferno-sec on #webkit).
+
+        * fast/css-generated-content/float-first-letter-siblings-convert-to-inline-expected.txt: Removed.
+        * fast/css-generated-content/float-first-letter-siblings-convert-to-inline.html: Removed.
+
 2012-01-25  Adam Barth  <[email protected]>
 
         This test is actually flaky by timing out, not by failing.

Deleted: trunk/LayoutTests/fast/css-generated-content/float-first-letter-siblings-convert-to-inline-expected.txt (105910 => 105911)


--- trunk/LayoutTests/fast/css-generated-content/float-first-letter-siblings-convert-to-inline-expected.txt	2012-01-25 20:21:18 UTC (rev 105910)
+++ trunk/LayoutTests/fast/css-generated-content/float-first-letter-siblings-convert-to-inline-expected.txt	2012-01-25 20:21:52 UTC (rev 105911)
@@ -1 +0,0 @@
-PASS if no crash or assert

Deleted: trunk/LayoutTests/fast/css-generated-content/float-first-letter-siblings-convert-to-inline.html (105910 => 105911)


--- trunk/LayoutTests/fast/css-generated-content/float-first-letter-siblings-convert-to-inline.html	2012-01-25 20:21:18 UTC (rev 105910)
+++ trunk/LayoutTests/fast/css-generated-content/float-first-letter-siblings-convert-to-inline.html	2012-01-25 20:21:52 UTC (rev 105911)
@@ -1,34 +0,0 @@
-<style>
-.inlineFL::first-letter { overflow: visible; }
-.absolutePosition { position: absolute; }
-.floatFL:first-letter { float: right; }
-</style>
-<script>
-function recreateFirstLetterBlock() {
-  document.getElementById("parent").setAttribute('class', 'inlineFL');
-  if (window.layoutTestController)
-    layoutTestController.notifyDone();
-}
-function removeDiv() {
-  // This causes the parent to only have inline (and floating) children
-  document.getElementById("parent").removeChild(document.getElementById("child"));
-  setTimeout("recreateFirstLetterBlock();", 10);
-}
-
-function changeDivStyle() {
-  document.getElementById("child").setAttribute('class', 'inlineFL');
-  setTimeout("removeDiv();", 10);
-}
-function startTest() {
-  setTimeout("changeDivStyle();", 10);
-  if (window.layoutTestController) {
-    layoutTestController.waitUntilDone();
-    layoutTestController.dumpAsText();
-  }
-}
-window._onload_ = startTest;
-</script>
-<div id="parent" class="floatFL">
-  <div id="child" class="absolutePosition"></div>
-  PASS if no crash or assert
-</div>

Modified: trunk/Source/WebCore/ChangeLog (105910 => 105911)


--- trunk/Source/WebCore/ChangeLog	2012-01-25 20:21:18 UTC (rev 105910)
+++ trunk/Source/WebCore/ChangeLog	2012-01-25 20:21:52 UTC (rev 105911)
@@ -1,3 +1,17 @@
+2012-01-25  Sheriff Bot  <[email protected]>
+
+        Unreviewed, rolling out r105828.
+        http://trac.webkit.org/changeset/105828
+        https://bugs.webkit.org/show_bug.cgi?id=77036
+
+        Caused many crashes in ClusterFuzz and PerformanceTests
+        (Requested by inferno-sec on #webkit).
+
+        * rendering/RenderBlock.cpp:
+        (WebCore::RenderBlock::removeChild):
+        * rendering/RenderBlock.h:
+        (RenderBlock):
+
 2012-01-25  Shawn Singh  <[email protected]>
 
         Fix the semantics of passing contentsVisible flag to GraphicsLayers

Modified: trunk/Source/WebCore/rendering/RenderBlock.cpp (105910 => 105911)


--- trunk/Source/WebCore/rendering/RenderBlock.cpp	2012-01-25 20:21:18 UTC (rev 105910)
+++ trunk/Source/WebCore/rendering/RenderBlock.cpp	2012-01-25 20:21:52 UTC (rev 105911)
@@ -1025,17 +1025,6 @@
            && prev->isAnonymousColumnSpanBlock() == next->isAnonymousColumnSpanBlock();
 }
 
-void RenderBlock::collapseAnonymousBoxChild(RenderBlock* parent, RenderObject* child)
-{
-    parent->setNeedsLayoutAndPrefWidthsRecalc();
-    parent->setChildrenInline(child->childrenInline());
-    RenderBlock* anonBlock = toRenderBlock(parent->children()->removeChildNode(parent, child, child->hasLayer()));
-    anonBlock->moveAllChildrenTo(parent, child->hasLayer());
-    // Delete the now-empty block's lines and nuke it.
-    anonBlock->deleteLineBoxTree();
-    anonBlock->destroy();
-}
-
 void RenderBlock::removeChild(RenderObject* oldChild)
 {
     // If this child is a block, and if our previous and next siblings are
@@ -1092,17 +1081,13 @@
         // The removal has knocked us down to containing only a single anonymous
         // box.  We can go ahead and pull the content right back up into our
         // box.
-        collapseAnonymousBoxChild(this, child);
-    } else if ((prev && prev->isAnonymousBlock()) || (next && next->isAnonymousBlock())) {
-        // It's possible that the removal has knocked us down to a single anonymous
-        // block with pseudo-style element siblings (e.g. first-letter). If these
-        // are floating or positioned, then we need to pull the content up also.
-        RenderBlock* anonBlock = toRenderBlock((prev && prev->isAnonymousBlock()) ? prev : next);
-        if ((anonBlock->previousSibling() || anonBlock->nextSibling())
-            && (!anonBlock->previousSibling() || (anonBlock->previousSibling()->style()->styleType() != NOPSEUDO && anonBlock->previousSibling()->isFloatingOrPositioned()))
-            && (!anonBlock->nextSibling() || (anonBlock->nextSibling()->style()->styleType() != NOPSEUDO && anonBlock->nextSibling()->isFloatingOrPositioned()))) {
-            collapseAnonymousBoxChild(this, anonBlock);
-        }
+        setNeedsLayoutAndPrefWidthsRecalc();
+        setChildrenInline(child->childrenInline());
+        RenderBlock* anonBlock = toRenderBlock(children()->removeChildNode(this, child, child->hasLayer()));
+        anonBlock->moveAllChildrenTo(this, child->hasLayer());
+        // Delete the now-empty block's lines and nuke it.
+        anonBlock->deleteLineBoxTree();
+        anonBlock->destroy();
     }
 
     if (!firstChild() && !documentBeingDestroyed()) {

Modified: trunk/Source/WebCore/rendering/RenderBlock.h (105910 => 105911)


--- trunk/Source/WebCore/rendering/RenderBlock.h	2012-01-25 20:21:18 UTC (rev 105910)
+++ trunk/Source/WebCore/rendering/RenderBlock.h	2012-01-25 20:21:52 UTC (rev 105911)
@@ -461,8 +461,6 @@
     void makeChildrenNonInline(RenderObject* insertionPoint = 0);
     virtual void removeLeftoverAnonymousBlock(RenderBlock* child);
 
-    static void collapseAnonymousBoxChild(RenderBlock* parent, RenderObject* child);
-
     virtual void dirtyLinesFromChangedChild(RenderObject* child) { m_lineBoxes.dirtyLinesFromChangedChild(this, child); }
 
     void addChildToContinuation(RenderObject* newChild, RenderObject* beforeChild);

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to