Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 7cc28df27fbedfbec3e9a270f7c88e496db98636
https://github.com/WebKit/WebKit/commit/7cc28df27fbedfbec3e9a270f7c88e496db98636
Author: Alan Baradlay <[email protected]>
Date: 2023-04-14 (Fri, 14 Apr 2023)
Changed paths:
A LayoutTests/fast/inline/inline-box-invalidation-repaint-crash-expected.txt
A LayoutTests/fast/inline/inline-box-invalidation-repaint-crash.html
M Source/WebCore/rendering/RenderInline.cpp
Log Message:
-----------
[IFC] Repaint may be issued on freshly inserted renderer
https://bugs.webkit.org/show_bug.cgi?id=255430
<rdar://107979394>
Reviewed by Antti Koivisto.
1. Content mutation triggers line layout codepath invalidation
(RenderBlockFlow::invalidateLineLayoutPath).
2. Each invalidation issues repaint on the block subtree.
3. Repaint normally consults renderers for geometry. However in case of inline
boxes (RenderInline)
the enclosing geometry is collected by walking the associated inline structures.
4. Subsequent mutations could lead to issuing a repaint on a freshly
(previously) inserted RenderInline.
Legacy codepath handles this case by returning an empty LayoutRect too.
* LayoutTests/fast/inline/inline-box-invalidation-repaint-crash-expected.txt:
Added.
* LayoutTests/fast/inline/inline-box-invalidation-repaint-crash.html: Added.
* Source/WebCore/rendering/RenderInline.cpp:
(WebCore::RenderInline::linesVisualOverflowBoundingBox const):
Canonical link: https://commits.webkit.org/262957@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
