Changeset 107733 in webkit


Ignore:
Timestamp:
Feb 14, 2012 2:02:05 PM (12 years ago)
Author:
commit-queue@webkit.org
Message:

Crash from line break iterators in counter content
https://bugs.webkit.org/show_bug.cgi?id=72977

Patch by Ken Buchanan <kenrb@chromium.org> on 2012-02-14
Reviewed by David Hyatt.

Source/WebCore:

Calculating the width of counter text can sometimes cause the
underlying text buffer to change. This patch causes the iterator
to reset appropriately when this happens.

  • rendering/RenderBlockLineLayout.cpp:

(WebCore::RenderBlock::LineBreaker::nextLineBreak):

LayoutTests:

Test that causes asterisk counters to change during layout
and potentially confuse iterators.

  • fast/css/counters/asterisk-counter-update-after-layout-crash-expected.txt: Added
  • fast/css/counters/asterisk-counter-update-after-layout-crash.html: Added
Location:
trunk
Files:
2 added
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r107732 r107733  
     12012-02-14  Ken Buchanan  <kenrb@chromium.org>
     2
     3        Crash from line break iterators in counter content
     4        https://bugs.webkit.org/show_bug.cgi?id=72977
     5
     6        Reviewed by David Hyatt.
     7
     8        Test that causes asterisk counters to change during layout
     9        and potentially confuse iterators.
     10
     11        * fast/css/counters/asterisk-counter-update-after-layout-crash-expected.txt: Added
     12        * fast/css/counters/asterisk-counter-update-after-layout-crash.html: Added
     13
    1142012-02-14  Filip Pizlo  <fpizlo@apple.com>
    215

  • trunk/Source/WebCore/ChangeLog

    r107731 r107733  
     12012-02-14  Ken Buchanan  <kenrb@chromium.org>
     2
     3        Crash from line break iterators in counter content
     4        https://bugs.webkit.org/show_bug.cgi?id=72977
     5
     6        Reviewed by David Hyatt.
     7
     8        Calculating the width of counter text can sometimes cause the
     9        underlying text buffer to change. This patch causes the iterator
     10        to reset appropriately when this happens.
     11
     12        * rendering/RenderBlockLineLayout.cpp:
     13        (WebCore::RenderBlock::LineBreaker::nextLineBreak):
     14
    1152012-02-14  Levi Weintraub  <leviw@chromium.org>
    216

  • trunk/Source/WebCore/rendering/RenderBlockLineLayout.cpp

    r107160 r107733  
    23552355                }
    23562356
    2357                 if (lineBreakIteratorInfo.first != t) {
     2357                if ((lineBreakIteratorInfo.first != t) || (lineBreakIteratorInfo.second.string() != t->characters())) {
    23582358                    lineBreakIteratorInfo.first = t;
    23592359                    lineBreakIteratorInfo.second.reset(t->characters(), t->textLength(), style->locale());
Note: See TracChangeset for help on using the changeset viewer.