Changeset 179750 in webkit
- Timestamp:
- Feb 6, 2015 10:56:48 AM (9 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r179739 r179750 1 2015-02-06 Maciej Stachowiak <mjs@apple.com> 2 3 REGRESSION(r179706): Caused memory corruption on some tests (Requested by _ap_ on #webkit). 4 https://bugs.webkit.org/show_bug.cgi?id=141324 5 6 Reviewed by Alexey Proskuryakov. 7 8 No new tests. This is caught by existing tests under ASAN, and I don't know how to reproduce 9 it without ASAN. 10 11 * rendering/RenderLineBoxList.cpp: 12 (WebCore::RenderLineBoxList::dirtyLinesFromChangedChild): Give up 13 and just always invalidate the next line. It's too hard to come up 14 with the condition that catches all needed cases, doesn't itself 15 cause a crash, and isn't overzealous. And we do this for the 16 previous line anyway. Also clean up the code a bit since it 17 confusingly reuses a variable, and declares it uninitialized, for 18 no good reason. 19 1 20 2015-02-05 Dhi Aurrahman <diorahman@rockybars.com> 2 21 -
trunk/Source/WebCore/rendering/RenderLineBoxList.cpp
r179706 r179750 379 379 // If we found a line box, then dirty it. 380 380 if (box) { 381 RootInlineBox* adjacentBox;382 381 box->markDirty(); 383 382 … … 389 388 // despite the name, actually returns the first RenderObject after the BR. 390 389 // <rdar://problem/3849947> "Typing after pasting line does not appear until after window resize." 391 adjacentBox = box->prevRootBox(); 392 if (adjacentBox) 393 adjacentBox->markDirty(); 394 adjacentBox = box->nextRootBox(); 395 // If |child| has been inserted before the first element in the linebox, but after collapsed leading 396 // space, the search for |child|'s linebox will go past the leading space to the previous linebox and select that 397 // one as |box|. If we hit that situation here, dirty the |box| actually containing the child too. 398 bool insertedAfterLeadingSpace = box->lineBreakObj() == child.previousSibling(); 399 if (adjacentBox && (adjacentBox->lineBreakObj()->isDescendantOf(&child) || child.isBR() || (current && current->isBR()) 400 || insertedAfterLeadingSpace || isIsolated(container.style().unicodeBidi()))) 401 adjacentBox->markDirty(); 390 if (RootInlineBox* prevBox = box->prevRootBox()) 391 prevBox->markDirty(); 392 393 // FIXME: We shouldn't need to always dirty the next line. This is only strictly 394 // necessary some of the time, in situations involving BRs. 395 if (RootInlineBox* nextBox = box->nextRootBox()) 396 nextBox->markDirty(); 402 397 } 403 398 }
Note: See TracChangeset
for help on using the changeset viewer.