Changeset 140206 in webkit
- Timestamp:
- Jan 18, 2013 2:12:53 PM (11 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r140202 r140206 1 2013-01-18 Abhishek Arya <inferno@chromium.org> 2 3 Heap-use-after-free in WebCore::RenderObject::isDescendantOf 4 https://bugs.webkit.org/show_bug.cgi?id=107226 5 6 Reviewed by David Hyatt. 7 8 * fast/block/float/overhanging-float-not-removed-crash-expected.txt: Added. 9 * fast/block/float/overhanging-float-not-removed-crash.html: Added. 10 1 11 2013-01-18 Chris Hopman <cjhopman@google.com> 2 12 -
trunk/Source/WebCore/ChangeLog
r140202 r140206 1 2013-01-18 Abhishek Arya <inferno@chromium.org> 2 3 Heap-use-after-free in WebCore::RenderObject::isDescendantOf 4 https://bugs.webkit.org/show_bug.cgi?id=107226 5 6 Reviewed by David Hyatt. 7 8 Test: fast/block/float/overhanging-float-not-removed-crash.html 9 10 * rendering/RenderBox.cpp: 11 (WebCore::RenderBox::removeFloatingOrPositionedChildFromBlockLists): 12 Skip anonymous blocks in the chain to get the enclosing block and 13 be able to correctly mark the overhanging floats in the next siblings. 14 1 15 2013-01-18 Chris Hopman <cjhopman@google.com> 2 16 -
trunk/Source/WebCore/rendering/RenderBox.cpp
r140068 r140206 180 180 181 181 if (parentBlock) { 182 // Need to skip anonymous blocks in our ancestor chain since our overhanging floats 183 // can be in the next siblings of enclosing block. 184 while (parentBlock && parentBlock->isAnonymousBlock()) 185 parentBlock = parentBlock->containingBlock(); 186 ASSERT(parentBlock); 187 182 188 RenderObject* parent = parentBlock->parent(); 183 189 if (parent && parent->isFlexibleBoxIncludingDeprecated())
Note: See TracChangeset
for help on using the changeset viewer.