[webkit-changes] [295083] trunk

Wed, 01 Jun 2022 01:54:54 -0700

Title: [295083] trunk
Revision
295083
Author
an...@apple.com
Date
2022-06-01 01:54:10 -0700 (Wed, 01 Jun 2022)

Log Message

Assertion in RenderTreeBuilder::attachToRenderElementInternal
https://bugs.webkit.org/show_bug.cgi?id=239823
<rdar://92390285>

Reviewed by Alan Bujtas.

* LayoutTests/fast/css/display-content-with-pending-stylesheet-crash-expected.txt: Added.
* LayoutTests/fast/css/display-content-with-pending-stylesheet-crash.html: Added.
* Source/WebCore/style/StyleTreeResolver.cpp:
(WebCore::Style::TreeResolver::resolveElement):

We can't skip resolution for elements that we have already computed style for. This includes elements with display:contents.

Canonical link: https://commits.webkit.org/251178@main

Modified Paths

Added Paths

Diff

Added: trunk/LayoutTests/fast/css/display-content-with-pending-stylesheet-crash-expected.txt (0 => 295083)


--- trunk/LayoutTests/fast/css/display-content-with-pending-stylesheet-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/css/display-content-with-pending-stylesheet-crash-expected.txt	2022-06-01 08:54:10 UTC (rev 295083)
@@ -0,0 +1,2 @@
+This test passes if it doesn't crash.
+

Added: trunk/LayoutTests/fast/css/display-content-with-pending-stylesheet-crash.html (0 => 295083)


--- trunk/LayoutTests/fast/css/display-content-with-pending-stylesheet-crash.html	                        (rev 0)
+++ trunk/LayoutTests/fast/css/display-content-with-pending-stylesheet-crash.html	2022-06-01 08:54:10 UTC (rev 295083)
@@ -0,0 +1,28 @@
+<style>
+  :nth-last-child(odd) {
+    display: contents;
+  }
+</style>
+<script>
+  if (window.testRunner)
+     testRunner.dumpAsText();
+  _onload_ = () => {
+    let q0 = document.createElement('q');
+    document.body.append(q0);
+    let span0 = document.createElement('span');
+    q0.append(span0);
+    q0.append(document.createElement('div'));
+    span0.append(document.createElement('div'));
+    span0.append(document.createElement('div'));
+    document.body.offsetTop;
+    document.styleSheets[0].insertRule(`xx { yy: zz; }`);
+    let link0 = document.createElement('link');
+    link0.href = ""
+    link0.rel = 'stylesheet';
+    document.head.append(link0);
+    document.body.append(document.createElement('div'));
+  };
+</script>
+<body>
+This test passes if it doesn't crash.
+</body>

Modified: trunk/Source/WebCore/style/StyleTreeResolver.cpp (295082 => 295083)


--- trunk/Source/WebCore/style/StyleTreeResolver.cpp	2022-06-01 07:04:25 UTC (rev 295082)
+++ trunk/Source/WebCore/style/StyleTreeResolver.cpp	2022-06-01 08:54:10 UTC (rev 295083)
@@ -208,7 +208,7 @@
 
 auto TreeResolver::resolveElement(Element& element, ResolutionType resolutionType) -> std::pair<ElementUpdate, DescendantsToResolve>
 {
-    if (m_didSeePendingStylesheet && !element.renderer() && !m_document.isIgnoringPendingStylesheets()) {
+    if (m_didSeePendingStylesheet && !element.renderOrDisplayContentsStyle() && !m_document.isIgnoringPendingStylesheets()) {
         m_document.setHasNodesWithMissingStyle();
         return { };
     }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to