Title: [111932] releases/WebKitGTK/webkit-1.8
Diff
Modified: releases/WebKitGTK/webkit-1.8/LayoutTests/ChangeLog (111931 => 111932)
--- releases/WebKitGTK/webkit-1.8/LayoutTests/ChangeLog 2012-03-23 23:55:45 UTC (rev 111931)
+++ releases/WebKitGTK/webkit-1.8/LayoutTests/ChangeLog 2012-03-24 00:01:36 UTC (rev 111932)
@@ -1,3 +1,16 @@
+2012-03-23 Ryosuke Niwa <[email protected]>
+
+ Assertion failure in TextIterator::handleTextBox
+ https://bugs.webkit.org/show_bug.cgi?id=78530
+
+ Reviewed by Enrica Casucci.
+
+ Add a regression test. Also rebaseline a crash test.
+
+ * editing/text-iterator/rtl-first-letter-text-iterator-crash-expected.txt: Added.
+ * editing/text-iterator/rtl-first-letter-text-iterator-crash.html: Added.
+ * editing/text-iterator/rtl-selection-crash-expected.txt:
+
2012-03-19 Martin Robinson <[email protected]>
[Cairo] Text extent of shadowed text is calculated incorrectly
Added: releases/WebKitGTK/webkit-1.8/LayoutTests/editing/text-iterator/rtl-first-letter-text-iterator-crash-expected.txt (0 => 111932)
--- releases/WebKitGTK/webkit-1.8/LayoutTests/editing/text-iterator/rtl-first-letter-text-iterator-crash-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-1.8/LayoutTests/editing/text-iterator/rtl-first-letter-text-iterator-crash-expected.txt 2012-03-24 00:01:36 UTC (rev 111932)
@@ -0,0 +1 @@
+PASS. WebKit didn't crash.
Property changes on: releases/WebKitGTK/webkit-1.8/LayoutTests/editing/text-iterator/rtl-first-letter-text-iterator-crash-expected.txt
___________________________________________________________________
Added: svn:eol-style
Added: releases/WebKitGTK/webkit-1.8/LayoutTests/editing/text-iterator/rtl-first-letter-text-iterator-crash.html (0 => 111932)
--- releases/WebKitGTK/webkit-1.8/LayoutTests/editing/text-iterator/rtl-first-letter-text-iterator-crash.html (rev 0)
+++ releases/WebKitGTK/webkit-1.8/LayoutTests/editing/text-iterator/rtl-first-letter-text-iterator-crash.html 2012-03-24 00:01:36 UTC (rev 111932)
@@ -0,0 +1,31 @@
+<style>
+ #el0 {
+ visibility: collapse;
+ }
+ #el1::first-letter {
+ height: 1;
+</style>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function crash(){
+ el0=document.createElement('div')
+ document.body.appendChild(el0)
+ el0.setAttribute('id','el0')
+ el1=document.createElement('div')
+ document.body.appendChild(el1)
+ el1.setAttribute('id','el1')
+ el0.appendChild(document.createTextNode(unescape(Array(40).join('A')+'%ufed5')));
+ el1.appendChild(document.createTextNode(unescape('A%u074b')));
+ document.body.offsetTop;
+ setTimeout(function () {
+ document.body.innerHTML = "PASS. WebKit didn't crash.";
+ layoutTestController.notifyDone();
+ }, 0);
+}
+window.scrollTop;
+window._onload_=crash
+</script>
Property changes on: releases/WebKitGTK/webkit-1.8/LayoutTests/editing/text-iterator/rtl-first-letter-text-iterator-crash.html
___________________________________________________________________
Added: svn:eol-style
Modified: releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog (111931 => 111932)
--- releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog 2012-03-23 23:55:45 UTC (rev 111931)
+++ releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog 2012-03-24 00:01:36 UTC (rev 111932)
@@ -1,3 +1,21 @@
+2012-03-23 Ryosuke Niwa <[email protected]>
+
+ Assertion failure in TextIterator::handleTextBox
+ https://bugs.webkit.org/show_bug.cgi?id=78530
+
+ Reviewed by Eric Seidel.
+
+ The assertion failure was caused by handleTextNodeFirstLetter's updating m_text without clearing
+ m_sortedTextBoxesPosition. Re-structured handleTextNode so that we always reset m_sortedTextBoxesPosition
+ when we have a first-letter.
+
+ Test: editing/text-iterator/rtl-first-letter-text-iterator-crash.html
+
+ * editing/TextIterator.cpp:
+ (WebCore::TextIterator::handleTextNode):
+ (WebCore::TextIterator::handleTextBox):
+ (WebCore::TextIterator::handleTextNodeFirstLetter):
+
2012-03-19 Martin Robinson <[email protected]>
[Cairo] Text extent of shadowed text is calculated incorrectly
Modified: releases/WebKitGTK/webkit-1.8/Source/WebCore/editing/TextIterator.cpp (111931 => 111932)
--- releases/WebKitGTK/webkit-1.8/Source/WebCore/editing/TextIterator.cpp 2012-03-23 23:55:45 UTC (rev 111931)
+++ releases/WebKitGTK/webkit-1.8/Source/WebCore/editing/TextIterator.cpp 2012-03-24 00:01:36 UTC (rev 111932)
@@ -487,25 +487,20 @@
return true;
}
- if (!renderer->firstTextBox() && str.length() > 0) {
- if (!m_handledFirstLetter && renderer->isTextFragment()) {
- handleTextNodeFirstLetter(static_cast<RenderTextFragment*>(renderer));
- if (m_firstLetterText) {
- handleTextBox();
- return false;
- }
- }
+ if (renderer->firstTextBox())
+ m_textBox = renderer->firstTextBox();
+
+ bool shouldHandleFirstLetter = !m_handledFirstLetter && renderer->isTextFragment() && !m_offset;
+ if (shouldHandleFirstLetter)
+ handleTextNodeFirstLetter(static_cast<RenderTextFragment*>(renderer));
+
+ if (!renderer->firstTextBox() && str.length() > 0 && !shouldHandleFirstLetter) {
if (renderer->style()->visibility() != VISIBLE && !m_ignoresStyleVisibility)
return false;
m_lastTextNodeEndedWithCollapsedSpace = true; // entire block is collapsed space
return true;
}
-
- m_textBox = renderer->firstTextBox();
- if (!m_handledFirstLetter && renderer->isTextFragment() && !m_offset)
- handleTextNodeFirstLetter(static_cast<RenderTextFragment*>(renderer));
-
if (m_firstLetterText)
renderer = m_firstLetterText;
@@ -562,6 +557,7 @@
nextTextBox = m_sortedTextBoxes[m_sortedTextBoxesPosition + 1];
} else
nextTextBox = m_textBox->nextTextBox();
+ ASSERT(!nextTextBox || nextTextBox->renderer() == renderer);
if (runStart < runEnd) {
// Handle either a single newline character (which becomes a space),
@@ -630,6 +626,7 @@
m_handledFirstLetter = true;
m_remainingTextBox = m_textBox;
m_textBox = firstLetter->firstTextBox();
+ m_sortedTextBoxes.clear();
m_firstLetterText = firstLetter;
}
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
