Title: [200031] trunk/Source/WebCore
- Revision
- 200031
- Author
- [email protected]
- Date
- 2016-04-25 10:03:04 -0700 (Mon, 25 Apr 2016)
Log Message
REGRESSION(r156846): Crashes with guard malloc
https://bugs.webkit.org/show_bug.cgi?id=156984
Reviewed by Andreas Kling.
RenderElement::cachedFirstLineStyle() returns pointer to local std::unique_ptr.
* rendering/RenderElement.cpp:
(WebCore::RenderElement::uncachedFirstLineStyle):
(WebCore::RenderElement::cachedFirstLineStyle):
(WebCore::RenderElement::firstLineStyle):
(WebCore::firstLineStyleForCachedUncachedType): Deleted.
Don't try to use a single function for the cached and uncached cases. Separate the cases into the calling functions.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (200030 => 200031)
--- trunk/Source/WebCore/ChangeLog 2016-04-25 16:27:34 UTC (rev 200030)
+++ trunk/Source/WebCore/ChangeLog 2016-04-25 17:03:04 UTC (rev 200031)
@@ -1,3 +1,20 @@
+2016-04-25 Antti Koivisto <[email protected]>
+
+ REGRESSION(r156846): Crashes with guard malloc
+ https://bugs.webkit.org/show_bug.cgi?id=156984
+
+ Reviewed by Andreas Kling.
+
+ RenderElement::cachedFirstLineStyle() returns pointer to local std::unique_ptr.
+
+ * rendering/RenderElement.cpp:
+ (WebCore::RenderElement::uncachedFirstLineStyle):
+ (WebCore::RenderElement::cachedFirstLineStyle):
+ (WebCore::RenderElement::firstLineStyle):
+ (WebCore::firstLineStyleForCachedUncachedType): Deleted.
+
+ Don't try to use a single function for the cached and uncached cases. Separate the cases into the calling functions.
+
2016-04-25 Daniel Bates <[email protected]>
REGRESSION (r196012): Subresource may be blocked by Content Security Policy if it only matches 'self'
Modified: trunk/Source/WebCore/rendering/RenderElement.cpp (200030 => 200031)
--- trunk/Source/WebCore/rendering/RenderElement.cpp 2016-04-25 16:27:34 UTC (rev 200030)
+++ trunk/Source/WebCore/rendering/RenderElement.cpp 2016-04-25 17:03:04 UTC (rev 200031)
@@ -210,47 +210,43 @@
Uncached
};
-static std::unique_ptr<RenderStyle> firstLineStyleForCachedUncachedType(StyleCacheState type, const RenderElement& renderer, RenderStyle* style)
+std::unique_ptr<RenderStyle> RenderElement::uncachedFirstLineStyle(RenderStyle* style) const
{
- RenderElement& rendererForFirstLineStyle = renderer.isBeforeOrAfterContent() ? *renderer.parent() : const_cast<RenderElement&>(renderer);
+ if (!view().usesFirstLineRules())
+ return nullptr;
+ RenderElement& rendererForFirstLineStyle = isBeforeOrAfterContent() ? *parent() : const_cast<RenderElement&>(*this);
+
if (rendererForFirstLineStyle.isRenderBlockFlow() || rendererForFirstLineStyle.isRenderButton()) {
- if (RenderBlock* firstLineBlock = rendererForFirstLineStyle.firstLineBlock()) {
- if (type == Cached)
- return RenderStyle::clone(firstLineBlock->getCachedPseudoStyle(FIRST_LINE, style));
- return firstLineBlock->getUncachedPseudoStyle(PseudoStyleRequest(FIRST_LINE), style, firstLineBlock == &renderer ? style : nullptr);
- }
+ if (RenderBlock* firstLineBlock = rendererForFirstLineStyle.firstLineBlock())
+ return firstLineBlock->getUncachedPseudoStyle(PseudoStyleRequest(FIRST_LINE), style, firstLineBlock == this ? style : nullptr);
} else if (!rendererForFirstLineStyle.isAnonymous() && rendererForFirstLineStyle.isRenderInline()) {
RenderStyle& parentStyle = rendererForFirstLineStyle.parent()->firstLineStyle();
- if (&parentStyle != &rendererForFirstLineStyle.parent()->style()) {
- if (type == Cached) {
- // A first-line style is in effect. Cache a first-line style for ourselves.
- rendererForFirstLineStyle.style().setHasPseudoStyle(FIRST_LINE_INHERITED);
- return RenderStyle::clone(rendererForFirstLineStyle.getCachedPseudoStyle(FIRST_LINE_INHERITED, &parentStyle));
- }
+ if (&parentStyle != &rendererForFirstLineStyle.parent()->style())
return rendererForFirstLineStyle.getUncachedPseudoStyle(PseudoStyleRequest(FIRST_LINE_INHERITED), &parentStyle, style);
- }
}
return nullptr;
}
-std::unique_ptr<RenderStyle> RenderElement::uncachedFirstLineStyle(RenderStyle* style) const
-{
- if (!view().usesFirstLineRules())
- return nullptr;
-
- return firstLineStyleForCachedUncachedType(Uncached, *this, style);
-}
-
RenderStyle* RenderElement::cachedFirstLineStyle() const
{
ASSERT(view().usesFirstLineRules());
- RenderStyle& style = this->style();
- if (std::unique_ptr<RenderStyle> firstLineStyle = firstLineStyleForCachedUncachedType(Cached, *this, &style))
- return firstLineStyle.get();
+ RenderElement& rendererForFirstLineStyle = isBeforeOrAfterContent() ? *parent() : const_cast<RenderElement&>(*this);
- return &style;
+ if (rendererForFirstLineStyle.isRenderBlockFlow() || rendererForFirstLineStyle.isRenderButton()) {
+ if (RenderBlock* firstLineBlock = rendererForFirstLineStyle.firstLineBlock())
+ return firstLineBlock->getCachedPseudoStyle(FIRST_LINE, &style());
+ } else if (!rendererForFirstLineStyle.isAnonymous() && rendererForFirstLineStyle.isRenderInline()) {
+ RenderStyle& parentStyle = rendererForFirstLineStyle.parent()->firstLineStyle();
+ if (&parentStyle != &rendererForFirstLineStyle.parent()->style()) {
+ // A first-line style is in effect. Cache a first-line style for ourselves.
+ rendererForFirstLineStyle.style().setHasPseudoStyle(FIRST_LINE_INHERITED);
+ return rendererForFirstLineStyle.getCachedPseudoStyle(FIRST_LINE_INHERITED, &parentStyle);
+ }
+ }
+
+ return &style();
}
RenderStyle& RenderElement::firstLineStyle() const
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
