Skip to site navigation (Press enter)

[webkit-changes] [160837] trunk/Source/WebCore

darin Thu, 19 Dec 2013 09:38:31 -0800

Title: [160837] trunk/Source/WebCore

Revision: 160837
Author: [email protected]
Date: 2013-12-19 09:40:53 -0800 (Thu, 19 Dec 2013)

Log Message

Improve "bad parent" and "bad child list" assertions in line boxes
https://bugs.webkit.org/show_bug.cgi?id=125656


Reviewed by Sam Weinig.

* rendering/InlineBox.cpp:
(WebCore::InlineBox::root): Use parent() function with assertions rather than
using m_parent function, which skips the assertions.
* rendering/RenderText.cpp:
(WebCore::RenderText::removeAndDestroyTextBoxes): Call invalidateParentChildLists
if we are in the optimized document-destruction code path and destroying children
without removing them from their parents.
* rendering/RenderTextLineBoxes.cpp:
(WebCore::RenderTextLineBoxes::invalidateParentChildLists): Added.
* rendering/RenderTextLineBoxes.h: Added invalidateParentChildLists.

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/rendering/InlineBox.cpp
trunk/Source/WebCore/rendering/RenderText.cpp
trunk/Source/WebCore/rendering/RenderTextLineBoxes.cpp
trunk/Source/WebCore/rendering/RenderTextLineBoxes.h

Diff

Modified: trunk/Source/WebCore/ChangeLog (160836 => 160837)


--- trunk/Source/WebCore/ChangeLog	2013-12-19 17:32:49 UTC (rev 160836)
+++ trunk/Source/WebCore/ChangeLog	2013-12-19 17:40:53 UTC (rev 160837)
@@ -1,3 +1,21 @@
+2013-12-16  Darin Adler  <[email protected]>
+
+        Improve "bad parent" and "bad child list" assertions in line boxes
+        https://bugs.webkit.org/show_bug.cgi?id=125656
+
+        Reviewed by Sam Weinig.
+
+        * rendering/InlineBox.cpp:
+        (WebCore::InlineBox::root): Use parent() function with assertions rather than
+        using m_parent function, which skips the assertions.
+        * rendering/RenderText.cpp:
+        (WebCore::RenderText::removeAndDestroyTextBoxes): Call invalidateParentChildLists
+        if we are in the optimized document-destruction code path and destroying children
+        without removing them from their parents.
+        * rendering/RenderTextLineBoxes.cpp:
+        (WebCore::RenderTextLineBoxes::invalidateParentChildLists): Added.
+        * rendering/RenderTextLineBoxes.h: Added invalidateParentChildLists.
+
 2013-12-19  Dan Bernstein  <[email protected]>
 
         <rdar://problem/15696824> [CFNetwork] Loading stops at server redirects

Modified: trunk/Source/WebCore/rendering/InlineBox.cpp (160836 => 160837)


--- trunk/Source/WebCore/rendering/InlineBox.cpp	2013-12-19 17:32:49 UTC (rev 160836)
+++ trunk/Source/WebCore/rendering/InlineBox.cpp	2013-12-19 17:40:53 UTC (rev 160837)
@@ -164,16 +164,16 @@
 
 const RootInlineBox& InlineBox::root() const
 { 
-    if (m_parent)
-        return m_parent->root(); 
+    if (parent())
+        return parent()->root();
     ASSERT_WITH_SECURITY_IMPLICATION(isRootInlineBox());
     return toRootInlineBox(*this);
 }
 
 RootInlineBox& InlineBox::root()
 { 
-    if (m_parent)
-        return m_parent->root(); 
+    if (parent())
+        return parent()->root();
     ASSERT_WITH_SECURITY_IMPLICATION(isRootInlineBox());
     return toRootInlineBox(*this);
 }

Modified: trunk/Source/WebCore/rendering/RenderText.cpp (160836 => 160837)


--- trunk/Source/WebCore/rendering/RenderText.cpp	2013-12-19 17:32:49 UTC (rev 160836)
+++ trunk/Source/WebCore/rendering/RenderText.cpp	2013-12-19 17:40:53 UTC (rev 160837)
@@ -267,6 +267,10 @@
 {
     if (!documentBeingDestroyed())
         m_lineBoxes.removeAllFromParent(*this);
+#if !ASSERT_WITH_SECURITY_IMPLICATION_DISABLED
+    else
+        m_lineBoxes.invalidateParentChildLists();
+#endif
     m_lineBoxes.deleteAll();
 }

Modified: trunk/Source/WebCore/rendering/RenderTextLineBoxes.cpp (160836 => 160837)


--- trunk/Source/WebCore/rendering/RenderTextLineBoxes.cpp	2013-12-19 17:32:49 UTC (rev 160836)
+++ trunk/Source/WebCore/rendering/RenderTextLineBoxes.cpp	2013-12-19 17:40:53 UTC (rev 160837)
@@ -694,4 +694,14 @@
 }
 #endif
 
+#if !ASSERT_WITH_SECURITY_IMPLICATION_DISABLED
+void RenderTextLineBoxes::invalidateParentChildLists()
+{
+    for (auto box = m_first; box; box = box->nextTextBox()) {
+        if (auto parent = box->parent())
+            parent->setHasBadChildList();
+    }
 }
+#endif
+
+}

Modified: trunk/Source/WebCore/rendering/RenderTextLineBoxes.h (160836 => 160837)


--- trunk/Source/WebCore/rendering/RenderTextLineBoxes.h	2013-12-19 17:32:49 UTC (rev 160836)
+++ trunk/Source/WebCore/rendering/RenderTextLineBoxes.h	2013-12-19 17:40:53 UTC (rev 160837)
@@ -82,6 +82,10 @@
     ~RenderTextLineBoxes();
 #endif
 
+#if !ASSERT_WITH_SECURITY_IMPLICATION_DISABLED
+    void invalidateParentChildLists();
+#endif
+
 private:
     void checkConsistency() const;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes