Skip to site navigation (Press enter)

[webkit-changes] [177066] branches/safari-600.1.4.13-branch

bshafiei Wed, 10 Dec 2014 09:02:11 -0800

Title: [177066] branches/safari-600.1.4.13-branch

Revision: 177066
Author: bshaf...@apple.com
Date: 2014-12-10 09:01:45 -0800 (Wed, 10 Dec 2014)

Log Message

Merged r176295.  rdar://problem/19132009


Modified Paths

branches/safari-600.1.4.13-branch/LayoutTests/ChangeLog
branches/safari-600.1.4.13-branch/Source/WebCore/ChangeLog
branches/safari-600.1.4.13-branch/Source/WebCore/rendering/RenderBlock.cpp


Added Paths

branches/safari-600.1.4.13-branch/LayoutTests/fast/block/selection-block-gap-crash-expected.txt
branches/safari-600.1.4.13-branch/LayoutTests/fast/block/selection-block-gap-crash.html

Diff

Modified: branches/safari-600.1.4.13-branch/LayoutTests/ChangeLog (177065 => 177066)


--- branches/safari-600.1.4.13-branch/LayoutTests/ChangeLog	2014-12-10 16:59:53 UTC (rev 177065)
+++ branches/safari-600.1.4.13-branch/LayoutTests/ChangeLog	2014-12-10 17:01:45 UTC (rev 177066)
@@ -1,5 +1,19 @@
 2014-12-10  Babak Shafiei  <bshaf...@apple.com>
 
+        Merge r176295.
+
+    2014-11-18  David Hyatt  <hy...@apple.com>
+
+            REGRESSION (r167210): Invalid cast in WebCore::RenderBlock::blockSelectionGaps
+            https://bugs.webkit.org/show_bug.cgi?id=137590
+
+            Reviewed by Dean Jackson.
+
+            * fast/block/selection-block-gap-crash-expected.txt: Added.
+            * fast/block/selection-block-gap-crash.html: Added.
+
+2014-12-10  Babak Shafiei  <bshaf...@apple.com>
+
         Merge r175074.
 
     2014-10-22  Said Abou-Hallawa  <sabouhall...@apple.com>

Copied: branches/safari-600.1.4.13-branch/LayoutTests/fast/block/selection-block-gap-crash-expected.txt (from rev 176732, branches/safari-600.3-branch/LayoutTests/fast/block/selection-block-gap-crash-expected.txt) (0 => 177066)


--- branches/safari-600.1.4.13-branch/LayoutTests/fast/block/selection-block-gap-crash-expected.txt	                        (rev 0)
+++ branches/safari-600.1.4.13-branch/LayoutTests/fast/block/selection-block-gap-crash-expected.txt	2014-12-10 17:01:45 UTC (rev 177066)
@@ -0,0 +1 @@
+This test passes if it doesn't crash.

Copied: branches/safari-600.1.4.13-branch/LayoutTests/fast/block/selection-block-gap-crash.html (from rev 176732, branches/safari-600.3-branch/LayoutTests/fast/block/selection-block-gap-crash.html) (0 => 177066)


--- branches/safari-600.1.4.13-branch/LayoutTests/fast/block/selection-block-gap-crash.html	                        (rev 0)
+++ branches/safari-600.1.4.13-branch/LayoutTests/fast/block/selection-block-gap-crash.html	2014-12-10 17:01:45 UTC (rev 177066)
@@ -0,0 +1,11 @@
+This test passes if it doesn't crash.
+<div role="img" id="div"></div>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText()
+var elem = document.getElementById("div"); var parent = elem.parentNode;
+new_elem = document.createElement("frameset");
+new_elem.setAttribute("role", "img");
+parent.insertBefore(new_elem, elem);
+document.execCommand("SelectAll");
+</script>

Modified: branches/safari-600.1.4.13-branch/Source/WebCore/ChangeLog (177065 => 177066)


--- branches/safari-600.1.4.13-branch/Source/WebCore/ChangeLog	2014-12-10 16:59:53 UTC (rev 177065)
+++ branches/safari-600.1.4.13-branch/Source/WebCore/ChangeLog	2014-12-10 17:01:45 UTC (rev 177066)
@@ -1,5 +1,22 @@
 2014-12-10  Babak Shafiei  <bshaf...@apple.com>
 
+        Merge r176295.
+
+    2014-11-18  David Hyatt  <hy...@apple.com>
+
+            REGRESSION (r167210): Invalid cast in WebCore::RenderBlock::blockSelectionGaps
+            https://bugs.webkit.org/show_bug.cgi?id=137590
+
+            Reviewed by Dean Jackson.
+
+            Added fast/block/selection-block-gaps-crash.html
+
+            * rendering/RenderBlock.cpp:
+            (WebCore::RenderBlock::blockSelectionGaps):
+            Check that we really are a RenderBlock before recurring.
+
+2014-12-10  Babak Shafiei  <bshaf...@apple.com>
+
         Merge r175074.
 
     2014-10-22  Said Abou-Hallawa  <sabouhall...@apple.com>

Modified: branches/safari-600.1.4.13-branch/Source/WebCore/rendering/RenderBlock.cpp (177065 => 177066)


--- branches/safari-600.1.4.13-branch/Source/WebCore/rendering/RenderBlock.cpp	2014-12-10 16:59:53 UTC (rev 177065)
+++ branches/safari-600.1.4.13-branch/Source/WebCore/rendering/RenderBlock.cpp	2014-12-10 17:01:45 UTC (rev 177066)
@@ -2039,7 +2039,7 @@
             lastLogicalTop = blockDirectionOffset(rootBlock, offsetFromRootBlock) + curr->logicalBottom();
             lastLogicalLeft = logicalLeftSelectionOffset(rootBlock, curr->logicalBottom(), cache);
             lastLogicalRight = logicalRightSelectionOffset(rootBlock, curr->logicalBottom(), cache);
-        } else if (childState != SelectionNone) {
+        } else if (childState != SelectionNone && is<RenderBlock>(*curr)) {
             // We must be a block that has some selected object inside it.  Go ahead and recur.
             result.unite(toRenderBlock(curr)->selectionGaps(rootBlock, rootBlockPhysicalPosition, LayoutSize(offsetFromRootBlock.width() + curr->x(), offsetFromRootBlock.height() + curr->y()), 
                 lastLogicalTop, lastLogicalLeft, lastLogicalRight, childCache, paintInfo));

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes