[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.21-584-g1e41756

darin at apple.com darin at apple.com
Fri Feb 26 22:15:14 UTC 2010 

The following commit has been merged in the webkit-1.1 branch:
commit b30205d818341c8842910ce97d0c00f26d56383c
Author: darin at apple.com <darin at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Feb 9 02:12:06 2010 +0000

    Crash due to layout not done in case involving removal of absolute positioning
    https://bugs.webkit.org/show_bug.cgi?id=34734
    rdar://problem/7588280
    
    Reviewed by Dan Bernstein.
    
    WebCore:
    
    Test: fast/dynamic/position-change-layout.html
    
    * rendering/RenderObject.cpp:
    (WebCore::RenderObject::styleDidChange): Call markContainingBlocksForLayout in
    a case where the object already needs layout, but might have a new containing
    block and so needs to mark the new containing block.
    
    LayoutTests:
    
    * fast/dynamic/position-change-layout-expected.txt: Added.
    * fast/dynamic/position-change-layout.html: Added.
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@54521 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index c83aded..c520546 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,14 @@
+2010-02-08  Darin Adler  <darin at apple.com>
+
+        Reviewed by Dan Bernstein.
+
+        Crash due to layout not done in case involving removal of absolute positioning
+        https://bugs.webkit.org/show_bug.cgi?id=34734
+        rdar://problem/7588280
+
+        * fast/dynamic/position-change-layout-expected.txt: Added.
+        * fast/dynamic/position-change-layout.html: Added.
+
 2010-02-08  Alexey Proskuryakov  <ap at apple.com>
 
         Reviewed by Darin Adler.
diff --git a/LayoutTests/fast/dynamic/position-change-layout-expected.txt b/LayoutTests/fast/dynamic/position-change-layout-expected.txt
new file mode 100644
index 0000000..b968c81
--- /dev/null
+++ b/LayoutTests/fast/dynamic/position-change-layout-expected.txt
@@ -0,0 +1 @@
+PASS: If there is no crash, the test passed.
diff --git a/LayoutTests/fast/dynamic/position-change-layout.html b/LayoutTests/fast/dynamic/position-change-layout.html
new file mode 100644
index 0000000..8b66d4f
--- /dev/null
+++ b/LayoutTests/fast/dynamic/position-change-layout.html
@@ -0,0 +1,19 @@
+<html> 
+<head>
+    <script>
+        function test()
+        {
+            if (window.layoutTestController)
+                layoutTestController.dumpAsText();
+            var table = document.getElementById('table');
+            table.offsetHeight; // Trigger layout.
+            table.createCaption(); // Add a caption and mark the table as needing layout.
+            table.style.cssText = ''; // Remove the absolute positioning.
+            table.innerHTML = 'PASS: If there is no crash, the test passed.'; // Blow away the caption, knowing the housekeeping won't be done.
+        }
+    </script>
+</head>    
+<body onload="test()">
+    <table border="1" id="table" style="position: absolute; top: 10"></table>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index e5a5b0e..a89951e 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,18 @@
+2010-02-08  Darin Adler  <darin at apple.com>
+
+        Reviewed by Dan Bernstein.
+
+        Crash due to layout not done in case involving removal of absolute positioning
+        https://bugs.webkit.org/show_bug.cgi?id=34734
+        rdar://problem/7588280
+
+        Test: fast/dynamic/position-change-layout.html
+
+        * rendering/RenderObject.cpp:
+        (WebCore::RenderObject::styleDidChange): Call markContainingBlocksForLayout in
+        a case where the object already needs layout, but might have a new containing
+        block and so needs to mark the new containing block.
+
 2010-02-08  Charlie Reis  <creis at chromium.org>
 
         Reviewed by Darin Adler.
diff --git a/WebCore/rendering/RenderObject.cpp b/WebCore/rendering/RenderObject.cpp
index db0fda0..16f552c 100644
--- a/WebCore/rendering/RenderObject.cpp
+++ b/WebCore/rendering/RenderObject.cpp
@@ -1683,6 +1683,15 @@ void RenderObject::styleDidChange(StyleDifference diff, const RenderStyle* oldSt
     
     if (diff == StyleDifferenceLayout) {
         RenderCounter::rendererStyleChanged(this, oldStyle, m_style.get());
+
+        // If the object already needs layout, then setNeedsLayout won't do
+        // any work. But if the containing block has changed, then we may need
+        // to make the new containing blocks for layout. The change that can
+        // directly affect the containing block of this object is a change to
+        // the position style.
+        if (m_needsLayout && oldStyle->position() != m_style->position())
+            markContainingBlocksForLayout();
+
         setNeedsLayoutAndPrefWidthsRecalc();
     } else if (diff == StyleDifferenceLayoutPositionedMovementOnly)
         setNeedsPositionedMovementLayout();

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list