Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 71a3ca51f4bf66a4d6eaf94b8d011c29d949bdb0
https://github.com/WebKit/WebKit/commit/71a3ca51f4bf66a4d6eaf94b8d011c29d949bdb0
Author: Alan Baradlay <[email protected]>
Date: 2025-04-23 (Wed, 23 Apr 2025)
Changed paths:
A
LayoutTests/fast/inline/inline-box-becomes-relative-positioned-crash-expected.txt
A LayoutTests/fast/inline/inline-box-becomes-relative-positioned-crash.html
M Source/WebCore/rendering/RenderInline.cpp
Log Message:
-----------
RenderInline::imageChanged repaints even when there's no layer
https://bugs.webkit.org/show_bug.cgi?id=291391
rdar://147939623
Reviewed by Simon Fraser.
In RenderLayerModelObject::styleDidChange, for a brief period of time renderer
is in this inconsistent state
where style already has the relative position set (as well as the cached bit on
RenderObject) but we don't yet have an associated layer.
Calls to layer() fail, while in this inconsistent state (e.g. if we attempt to
extract relative position offset).
While accessing layer is mostly guarded by hasLayer(),
RenderInline::offsetForInFlowPositionedInline assumes there's always one.
*
LayoutTests/fast/inline/inline-box-becomes-relative-positioned-crash-expected.txt:
Added.
* LayoutTests/fast/inline/inline-box-becomes-relative-positioned-crash.html:
Added.
* Source/WebCore/rendering/RenderInline.cpp:
(WebCore::RenderInline::offsetForInFlowPositionedInline const):
Canonical link: https://commits.webkit.org/294021@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
