Title: [290615] trunk
- Revision
- 290615
- Author
- commit-qu...@webkit.org
- Date
- 2022-02-28 14:09:24 -0800 (Mon, 28 Feb 2022)
Log Message
Handle widow relayout differently
https://bugs.webkit.org/show_bug.cgi?id=235519
Patch by Rob Buis <rb...@igalia.com> on 2022-02-28
Reviewed by Alan Bujtas.
Source/WebCore:
Handle widow relayout differently to prevent function call recursion.
Test: fast/multicol/widow-many-relayouts-crash.html
* rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::layoutBlock):
(WebCore::RenderBlockFlow::relayoutToAvoidWidows): Deleted.
* rendering/RenderBlockFlow.h:
(WebCore::RenderBlockFlow::didBreakAtLineToAvoidWidow const):
LayoutTests:
* fast/multicol/widow-many-relayouts-crash-expected.txt: Added.
* fast/multicol/widow-many-relayouts-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (290614 => 290615)
--- trunk/LayoutTests/ChangeLog 2022-02-28 21:48:59 UTC (rev 290614)
+++ trunk/LayoutTests/ChangeLog 2022-02-28 22:09:24 UTC (rev 290615)
@@ -1,3 +1,13 @@
+2022-02-28 Rob Buis <rb...@igalia.com>
+
+ Handle widow relayout differently
+ https://bugs.webkit.org/show_bug.cgi?id=235519
+
+ Reviewed by Alan Bujtas.
+
+ * fast/multicol/widow-many-relayouts-crash-expected.txt: Added.
+ * fast/multicol/widow-many-relayouts-crash.html: Added.
+
2022-02-28 Devin Rousso <drou...@apple.com>
Web Inspector: add `IterableWeakSet`
Added: trunk/LayoutTests/fast/multicol/widow-many-relayouts-crash-expected.txt (0 => 290615)
--- trunk/LayoutTests/fast/multicol/widow-many-relayouts-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/multicol/widow-many-relayouts-crash-expected.txt 2022-02-28 22:09:24 UTC (rev 290615)
@@ -0,0 +1 @@
+Test passes if it does not crash.
Added: trunk/LayoutTests/fast/multicol/widow-many-relayouts-crash.html (0 => 290615)
--- trunk/LayoutTests/fast/multicol/widow-many-relayouts-crash.html (rev 0)
+++ trunk/LayoutTests/fast/multicol/widow-many-relayouts-crash.html 2022-02-28 22:09:24 UTC (rev 290615)
@@ -0,0 +1,40 @@
+<style>
+html {
+ font-size: 100ex;
+ widows: 2;
+}
+body {
+ block-size: 300em;
+ -webkit-column-axis: vertical;
+}
+a {
+ padding-right: 100%;
+}
+blockquote {
+ min-width: fit-content;
+}
+tr {
+ block-size: 300em;
+}
+span {
+ font-family: ui-serif;
+ padding-right: 80%;
+}
+</style>
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+_onload_ = () => {
+ let blockquote = document.createElement('blockquote');
+ let span = document.createElement('span');
+ blockquote.append(span);
+ span.append('\uA6F8\uD83D\uDC00擄');
+ span.append(document.createElement('tr'));
+ document.body.append(blockquote);
+ document.body.append(document.createElement('table'));
+ document.execCommand('SelectAll');
+ document.designMode = 'on';
+ document.execCommand('CreateLink', false, '#');
+ document.write("Test passes if it does not crash.");
+};
+</script>
Modified: trunk/Source/WebCore/ChangeLog (290614 => 290615)
--- trunk/Source/WebCore/ChangeLog 2022-02-28 21:48:59 UTC (rev 290614)
+++ trunk/Source/WebCore/ChangeLog 2022-02-28 22:09:24 UTC (rev 290615)
@@ -1,3 +1,20 @@
+2022-02-28 Rob Buis <rb...@igalia.com>
+
+ Handle widow relayout differently
+ https://bugs.webkit.org/show_bug.cgi?id=235519
+
+ Reviewed by Alan Bujtas.
+
+ Handle widow relayout differently to prevent function call recursion.
+
+ Test: fast/multicol/widow-many-relayouts-crash.html
+
+ * rendering/RenderBlockFlow.cpp:
+ (WebCore::RenderBlockFlow::layoutBlock):
+ (WebCore::RenderBlockFlow::relayoutToAvoidWidows): Deleted.
+ * rendering/RenderBlockFlow.h:
+ (WebCore::RenderBlockFlow::didBreakAtLineToAvoidWidow const):
+
2022-02-28 Devin Rousso <drou...@apple.com>
Web Inspector: [Flexbox] Add options to show each area's CSS `order` and/or DOM index in the parent flex container
Modified: trunk/Source/WebCore/rendering/RenderBlockFlow.cpp (290614 => 290615)
--- trunk/Source/WebCore/rendering/RenderBlockFlow.cpp 2022-02-28 21:48:59 UTC (rev 290614)
+++ trunk/Source/WebCore/rendering/RenderBlockFlow.cpp 2022-02-28 22:09:24 UTC (rev 290615)
@@ -501,7 +501,7 @@
LayoutUnit repaintLogicalBottom;
LayoutUnit maxFloatLogicalBottom;
const RenderStyle& styleToUse = style();
- {
+ do {
LayoutStateMaintainer statePusher(*this, locationOffset(), hasTransform() || hasReflection() || styleToUse.isFlippedBlocksWritingMode(), pageLogicalHeight, pageLogicalHeightChanged);
preparePaginationBeforeBlockLayout(relayoutChildren);
@@ -531,13 +531,18 @@
layoutInlineChildren(relayoutChildren, repaintLogicalTop, repaintLogicalBottom);
else
layoutBlockChildren(relayoutChildren, maxFloatLogicalBottom);
- }
+ // Expand our intrinsic height to encompass floats.
+ LayoutUnit toAdd = borderAndPaddingAfter() + scrollbarLogicalHeight();
+ if (lowestFloatLogicalBottom() > (logicalHeight() - toAdd) && createsNewFormattingContext())
+ setLogicalHeight(lowestFloatLogicalBottom() + toAdd);
+ if (shouldBreakAtLineToAvoidWidow()) {
+ setEverHadLayout(true);
+ continue;
+ }
+ break;
+ } while (true);
- // Expand our intrinsic height to encompass floats.
- LayoutUnit toAdd = borderAndPaddingAfter() + scrollbarLogicalHeight();
- if (lowestFloatLogicalBottom() > (logicalHeight() - toAdd) && createsNewFormattingContext())
- setLogicalHeight(lowestFloatLogicalBottom() + toAdd);
- if (relayoutForPagination() || relayoutToAvoidWidows()) {
+ if (relayoutForPagination()) {
ASSERT(!shouldBreakAtLineToAvoidWidow());
return;
}
@@ -554,7 +559,7 @@
updateLogicalHeight();
LayoutUnit newHeight = logicalHeight();
{
- // FIXME: This could be removed once relayoutForPagination()/relayoutToAvoidWidows() either stop recursing or we manage to
+ // FIXME: This could be removed once relayoutForPagination() either stop recursing or we manage to
// re-order them.
LayoutStateMaintainer statePusher(*this, locationOffset(), hasTransform() || hasReflection() || styleToUse.isFlippedBlocksWritingMode(), pageLogicalHeight, pageLogicalHeightChanged);
@@ -1729,16 +1734,6 @@
rareBlockFlowData()->m_lineBreakToAvoidWidow = -1;
}
-bool RenderBlockFlow::relayoutToAvoidWidows()
-{
- if (!shouldBreakAtLineToAvoidWidow())
- return false;
-
- setEverHadLayout(true);
- layoutBlock(false);
- return true;
-}
-
bool RenderBlockFlow::hasNextPage(LayoutUnit logicalOffset, PageBoundaryRule pageBoundaryRule) const
{
ASSERT(view().frameView().layoutContext().layoutState() && view().frameView().layoutContext().layoutState()->isPaginated());
Modified: trunk/Source/WebCore/rendering/RenderBlockFlow.h (290614 => 290615)
--- trunk/Source/WebCore/rendering/RenderBlockFlow.h 2022-02-28 21:48:59 UTC (rev 290614)
+++ trunk/Source/WebCore/rendering/RenderBlockFlow.h 2022-02-28 22:09:24 UTC (rev 290615)
@@ -250,7 +250,6 @@
void clearDidBreakAtLineToAvoidWidow();
void setDidBreakAtLineToAvoidWidow();
bool didBreakAtLineToAvoidWidow() const { return hasRareBlockFlowData() && rareBlockFlowData()->m_didBreakAtLineToAvoidWidow; }
- bool relayoutToAvoidWidows();
LegacyRootInlineBox* lineGridBox() const { return hasRareBlockFlowData() ? rareBlockFlowData()->m_lineGridBox.get() : nullptr; }
void setLineGridBox(std::unique_ptr<LegacyRootInlineBox> box)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
