Title: [121081] branches/chromium/1180
- Revision
- 121081
- Author
- [email protected]
- Date
- 2012-06-22 17:56:03 -0700 (Fri, 22 Jun 2012)
Log Message
Merge 121072 - REGRESSION(r116446): Crash in RenderBoxModelObject::adjustedPositionRelativeToOffsetParent
https://bugs.webkit.org/show_bug.cgi?id=89785
Reviewed by Abhishek Arya.
Source/WebCore:
Test: fullscreen/full-screen-crash-offsetLeft.html
* rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::adjustedPositionRelativeToOffsetParent):
Added a NULL-check for parent() as it can be NULL in fullscreen mode. Also updated a stale
comment while touching the code.
LayoutTests:
* fullscreen/full-screen-crash-offsetLeft-expected.html: Added.
* fullscreen/full-screen-crash-offsetLeft.html: Added.
[email protected]
Review URL: https://chromiumcodereview.appspot.com/10659009
Modified Paths
Added Paths
Diff
Copied: branches/chromium/1180/LayoutTests/fullscreen/full-screen-crash-offsetLeft-expected.txt (from rev 121072, trunk/LayoutTests/fullscreen/full-screen-crash-offsetLeft-expected.txt) (0 => 121081)
--- branches/chromium/1180/LayoutTests/fullscreen/full-screen-crash-offsetLeft-expected.txt (rev 0)
+++ branches/chromium/1180/LayoutTests/fullscreen/full-screen-crash-offsetLeft-expected.txt 2012-06-23 00:56:03 UTC (rev 121081)
@@ -0,0 +1,5 @@
+Bug 89785: REGRESSION(r116446): Crash in RenderBoxModelObject::adjustedPositionRelativeToOffsetParent
+
+PASSED, the page didn't crash.
+END OF TEST
+
Copied: branches/chromium/1180/LayoutTests/fullscreen/full-screen-crash-offsetLeft.html (from rev 121072, trunk/LayoutTests/fullscreen/full-screen-crash-offsetLeft.html) (0 => 121081)
--- branches/chromium/1180/LayoutTests/fullscreen/full-screen-crash-offsetLeft.html (rev 0)
+++ branches/chromium/1180/LayoutTests/fullscreen/full-screen-crash-offsetLeft.html 2012-06-23 00:56:03 UTC (rev 121081)
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<body>
+<video></video>
+<p><a href="" 89785</a>: REGRESSION(r116446): Crash in RenderBoxModelObject::adjustedPositionRelativeToOffsetParent</p>
+<script src=""
+<script>
+ if ("webkitRequestFullScreen" in Element.prototype) {
+ if (!window.testRunner)
+ consoleWrite("To manually test this bug, switch to fullscreen. It shouldn't crash.");
+
+ video = document.getElementsByTagName("video")[0];
+ var fullscreenChanged = function(event)
+ {
+ video.offsetLeft;
+ video.offsetTop;
+ consoleWrite("PASSED, the page didn't crash.");
+ endTest();
+ };
+ document.addEventListener('webkitfullscreenchange', fullscreenChanged);
+
+ runWithKeyDown(function () {
+ video.webkitRequestFullScreen();
+ });
+ } else {
+ consoleWrite("FAILED, couldn't find webkitRequestFullScreen.");
+ endTest();
+ }
+</script>
+</body>
+</html>
Modified: branches/chromium/1180/Source/WebCore/rendering/RenderBoxModelObject.cpp (121080 => 121081)
--- branches/chromium/1180/Source/WebCore/rendering/RenderBoxModelObject.cpp 2012-06-23 00:36:27 UTC (rev 121080)
+++ branches/chromium/1180/Source/WebCore/rendering/RenderBoxModelObject.cpp 2012-06-23 00:56:03 UTC (rev 121081)
@@ -517,11 +517,11 @@
LayoutPoint RenderBoxModelObject::adjustedPositionRelativeToOffsetParent(const LayoutPoint& startPoint) const
{
- // If the element is the HTML body element or does not have an associated box
+ // If the element is the HTML body element or doesn't have a parent
// return 0 and stop this algorithm.
- if (isBody())
+ if (isBody() || !parent())
return LayoutPoint();
-
+
LayoutPoint referencePoint = startPoint;
referencePoint.move(parent()->offsetForColumns(referencePoint));
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
