Context Navigation

← Previous Changeset
Next Changeset →

Changeset 255448 in webkit

Timestamp:

Jan 30, 2020 12:59:52 PM (4 years ago)

Author:

commit-queue@webkit.org

Message:

Crash in RenderElement::selectionPseudoStyle with detail element set to display: contents
https://bugs.webkit.org/show_bug.cgi?id=206705

Patch by Doug Kelly <Doug Kelly> on 2020-01-30
Reviewed by Zalan Bujtas.

Source/WebCore:

Check the element for a valid renderer before calling getUncachedPseudoStyle(), and if the
element is set to "display: contents", walk up to the parent element until we're at the root
or the element is not set to "display: contents".

Test: fast/css/display-contents-detail-selection.html

rendering/RenderElement.cpp:

(WebCore::RenderElement::selectionPseudoStyle const):

LayoutTests:

fast/css/display-contents-detail-selection-expected.txt: Added.
fast/css/display-contents-detail-selection.html: Added.

Location:

trunk

Files:

: 2 added
: 3 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/fast/css/display-contents-detail-selection-expected.txt (added)
LayoutTests/fast/css/display-contents-detail-selection.html (added)
Source/WebCore/ChangeLog (modified) (1 diff)
Source/WebCore/rendering/RenderElement.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r255441
+                      r255448
+-01-30  Doug Kelly  <dougk@apple.com>
+        Crash in RenderElement::selectionPseudoStyle with detail element set to display: contents
+        https://bugs.webkit.org/show_bug.cgi?id=206705
+        Reviewed by Zalan Bujtas.
+        * fast/css/display-contents-detail-selection-expected.txt: Added.
+        * fast/css/display-contents-detail-selection.html: Added.
 -01-30  Truitt Savell  <tsavell@apple.com>

trunk/Source/WebCore/ChangeLog

-                      r255439
+                      r255448
+-01-30  Doug Kelly  <dougk@apple.com>
+        Crash in RenderElement::selectionPseudoStyle with detail element set to display: contents
+        https://bugs.webkit.org/show_bug.cgi?id=206705
+        Reviewed by Zalan Bujtas.
+        Check the element for a valid renderer before calling getUncachedPseudoStyle(), and if the
+        element is set to "display: contents", walk up to the parent element until we're at the root
+        or the element is not set to "display: contents".
+        Test: fast/css/display-contents-detail-selection.html
+        * rendering/RenderElement.cpp:
+        (WebCore::RenderElement::selectionPseudoStyle const):
 -01-30  Ryan Haddad  <ryanhaddad@apple.com>

trunk/Source/WebCore/rendering/RenderElement.cpp

-                      r254187
+                      r255448
     if (ShadowRoot* root = element()->containingShadowRoot()) {
         if (root->mode() == ShadowRootMode::UserAgent) {
+            if (Element* shadowHost = element()->shadowHost())
+                return shadowHost->renderer()->getUncachedPseudoStyle({ PseudoId::Selection });
+            auto* currentElement = element()->shadowHost();
+            // When an element has display: contents, this element doesn't have a renderer
+            // and its children will render as children of the parent element.
+            while (currentElement && currentElement->hasDisplayContents())
+                currentElement = currentElement->parentElement();
+            if (currentElement && currentElement->renderer())
+                return currentElement->renderer()->getUncachedPseudoStyle({ PseudoId::Selection });
+        }
+    }

Note: See TracChangeset for help on using the changeset viewer.