Changeset 32861 in webkit


Ignore:
Timestamp:
May 4, 2008 9:44:54 PM (16 years ago)
Author:
Antti Koivisto
Message:

2008-05-02 Antti Koivisto <Antti Koivisto>

Reviewed by Mitz.

Fix <rdar://problem/5840475>
CrashTracer: [USER] 2 crashes in Safari at com.apple.WebCore: WebCore::RenderBlock::insertPositionedObject


Non-block objects can have transforms so containingBlock() could end up returning null.
RenderObject::container() needs to match.

Test: fast/transforms/container-transform-crash.html

  • rendering/RenderObject.cpp: (WebCore::RenderObject::containingBlock): (WebCore::RenderObject::container):
Location:
trunk/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/WebCore/ChangeLog

    r32857 r32861  
     12008-05-02  Antti Koivisto  <antti@apple.com>
     2
     3        Reviewed by Mitz.
     4
     5        Fix <rdar://problem/5840475>
     6        CrashTracer: [USER] 2 crashes in Safari at com.apple.WebCore: WebCore::RenderBlock::insertPositionedObject
     7       
     8        Non-block objects can have transforms so containingBlock() could end up returning null.
     9        RenderObject::container() needs to match.
     10
     11        Test: fast/transforms/container-transform-crash.html
     12
     13        * rendering/RenderObject.cpp:
     14        (WebCore::RenderObject::containingBlock):
     15        (WebCore::RenderObject::container):
     16
    1172008-05-04  Sam Weinig  <sam@webkit.org>
    218

  • trunk/WebCore/rendering/RenderObject.cpp

    r32722 r32861  
    797797    RenderObject* o = parent();
    798798    if (!isText() && m_style->position() == FixedPosition) {
    799         while (o && !o->isRenderView() && !o->hasTransform())
     799        while (o && !o->isRenderView() && !(o->hasTransform() && o->isRenderBlock()))
    800800            o = o->parent();
    801801    } else if (!isText() && m_style->position() == AbsolutePosition) {
    802         while (o && (o->style()->position() == StaticPosition || (o->isInline() && !o->isReplaced())) && !o->isRenderView() && !o->hasTransform()) {
     802        while (o && (o->style()->position() == StaticPosition || (o->isInline() && !o->isReplaced())) && !o->isRenderView() && !(o->hasTransform() && o->isRenderBlock())) {
    803803            // For relpositioned inlines, we return the nearest enclosing block.  We don't try
    804804            // to return the inline itself.  This allows us to avoid having a positioned objects
     
    24572457        // aren't we'll get the root of our little subtree (most likely
    24582458        // we'll just return 0).
    2459         while (o && o->parent() && !o->hasTransform())
     2459        while (o && o->parent() && !(o->hasTransform() && o->isRenderBlock()))
    24602460            o = o->parent();
    24612461    } else if (pos == AbsolutePosition) {
     
    24632463        // we may not have one if we're part of an uninstalled subtree.  We'll
    24642464        // climb as high as we can though.
    2465         while (o && o->style()->position() == StaticPosition && !o->isRenderView() && !o->hasTransform())
     2465        while (o && o->style()->position() == StaticPosition && !o->isRenderView() && !(o->hasTransform() && o->isRenderBlock()))
    24662466            o = o->parent();
    24672467    }
Note: See TracChangeset for help on using the changeset viewer.