[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198
inferno at chromium.org
inferno at chromium.org
Sun Feb 20 22:58:41 UTC 2011
The following commit has been merged in the webkit-1.3 branch:
commit e3baac1e008195c6e1e6cb04c5390be0ed03e3d3
Author: inferno at chromium.org <inferno at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Jan 14 22:40:17 2011 +0000
2011-01-14 Abhishek Arya <inferno at chromium.org>
Reviewed by David Hyatt.
Fix parent block calculation when trying to find top most node
containing "this" float.
https://bugs.webkit.org/show_bug.cgi?id=51711
Replace use of containingBlock and traverse the parents directly
to check for float existence. containingBlock can skip parents and
jump to the RenderView directly which will cause floats to not get
cleared from intermediate parents.
Test: fast/block/float/floats-not-cleared-crash.html
* rendering/RenderBox.cpp:
(WebCore::RenderBox::removeFloatingOrPositionedChildFromBlockLists):
2011-01-14 Abhishek Arya <inferno at chromium.org>
Reviewed by Dave Hyatt.
Tests that we do not crash due to uncleared floats in parent nodes.
https://bugs.webkit.org/show_bug.cgi?id=51711
* fast/block/float/floats-not-cleared-crash-expected.txt: Added.
* fast/block/float/floats-not-cleared-crash.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@75823 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index fb11b82..9aa8226 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2011-01-14 Abhishek Arya <inferno at chromium.org>
+
+ Reviewed by Dave Hyatt.
+
+ Tests that we do not crash due to uncleared floats in parent nodes.
+ https://bugs.webkit.org/show_bug.cgi?id=51711
+
+ * fast/block/float/floats-not-cleared-crash-expected.txt: Added.
+ * fast/block/float/floats-not-cleared-crash.html: Added.
+
2011-01-14 Jessie Berlin <jberlin at apple.com>
REGRESSION (r75660): compositing/reflections/load-video-in-reflection.html crashes on Windows 7
diff --git a/LayoutTests/compositing/overflow/get-transform-from-non-box-container-expected.txt b/LayoutTests/fast/block/float/floats-not-cleared-crash-expected.txt
similarity index 100%
copy from LayoutTests/compositing/overflow/get-transform-from-non-box-container-expected.txt
copy to LayoutTests/fast/block/float/floats-not-cleared-crash-expected.txt
diff --git a/LayoutTests/fast/block/float/floats-not-cleared-crash.html b/LayoutTests/fast/block/float/floats-not-cleared-crash.html
new file mode 100644
index 0000000..f72159d
--- /dev/null
+++ b/LayoutTests/fast/block/float/floats-not-cleared-crash.html
@@ -0,0 +1,26 @@
+<html>
+<script>
+if (window.layoutTestController)
+{
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+window.setTimeout('crash();', 0);
+function crash()
+{
+ document.body.offsetTop;
+
+ block1.style.position = 'absolute';
+ float1.style.display = 'none';
+
+ document.body.offsetTop;
+ block1.innerHTML = "PASS";
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+</script>
+<div id="block1">
+<span id="float1" style="float: left; margin-bottom: 10000px;">
+</div>
+<junk>
+<html>
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index 96d4c7a..f861555 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,21 @@
+2011-01-14 Abhishek Arya <inferno at chromium.org>
+
+ Reviewed by David Hyatt.
+
+ Fix parent block calculation when trying to find top most node
+ containing "this" float.
+ https://bugs.webkit.org/show_bug.cgi?id=51711
+
+ Replace use of containingBlock and traverse the parents directly
+ to check for float existence. containingBlock can skip parents and
+ jump to the RenderView directly which will cause floats to not get
+ cleared from intermediate parents.
+
+ Test: fast/block/float/floats-not-cleared-crash.html
+
+ * rendering/RenderBox.cpp:
+ (WebCore::RenderBox::removeFloatingOrPositionedChildFromBlockLists):
+
2011-01-14 Adam Klein <adamk at chromium.org>
Reviewed by Darin Fisher.
diff --git a/Source/WebCore/rendering/RenderBox.cpp b/Source/WebCore/rendering/RenderBox.cpp
index 5de98e7..dc6d05f 100644
--- a/Source/WebCore/rendering/RenderBox.cpp
+++ b/Source/WebCore/rendering/RenderBox.cpp
@@ -217,26 +217,30 @@ void RenderBox::removeFloatingOrPositionedChildFromBlockLists()
return;
if (isFloating()) {
- RenderBlock* outermostBlock = containingBlock();
- for (RenderBlock* p = outermostBlock; p && !p->isRenderView(); p = p->containingBlock()) {
- if (p->containsFloat(this))
- outermostBlock = p;
+ RenderBlock* parentBlock = 0;
+ for (RenderObject* curr = parent(); curr && !curr->isRenderView(); curr = curr->parent()) {
+ if (curr->isRenderBlock()) {
+ RenderBlock* currBlock = toRenderBlock(curr);
+ if (currBlock->containsFloat(this))
+ parentBlock = currBlock;
+ else
+ break;
+ }
}
- if (outermostBlock) {
- RenderObject* parent = outermostBlock->parent();
+ if (parentBlock) {
+ RenderObject* parent = parentBlock->parent();
if (parent && parent->isFlexibleBox())
- outermostBlock = toRenderBlock(parent);
+ parentBlock = toRenderBlock(parent);
- outermostBlock->markAllDescendantsWithFloatsForLayout(this, false);
+ parentBlock->markAllDescendantsWithFloatsForLayout(this, false);
}
}
if (isPositioned()) {
- RenderObject* p;
- for (p = parent(); p; p = p->parent()) {
- if (p->isRenderBlock())
- toRenderBlock(p)->removePositionedObject(this);
+ for (RenderObject* curr = parent(); curr; curr = curr->parent()) {
+ if (curr->isRenderBlock())
+ toRenderBlock(curr)->removePositionedObject(this);
}
}
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list