Changeset 76201 in webkit


Ignore:
Timestamp:
Jan 19, 2011 8:19:50 PM (13 years ago)
Author:
yuzo@google.com
Message:

2011-01-19 Yuzo Fujishima <yuzo@google.com>

Reviewed by Kent Tamura.

Fix for Bug 52279 - WebCore::RenderBlock::updateFirstLetter crashes for anonymous blocks
https://bugs.webkit.org/show_bug.cgi?id=52279

  • fast/css/first-letter-anonymous-block-crash-expected.txt: Added.
  • fast/css/first-letter-anonymous-block-crash.html: Added.

2011-01-19 Yuzo Fujishima <yuzo@google.com>

Reviewed by Kent Tamura.

Fix for Bug 52279 - WebCore::RenderBlock::updateFirstLetter crashes for anonymous blocks
https://bugs.webkit.org/show_bug.cgi?id=52279

In constructing text fragments to handle first-letter rule, first add
the text for the non-first letters and then remove the original text,
rather than the other way around. Otherwise, the text can be added to
an anoymous block that is different from the original one. This breaks
the assumption that a first letter render object has a non-null sibling
for the non-first letters and causes a crash.

Test: fast/css/first-letter-anonymous-block-crash.html

  • rendering/RenderBlock.cpp: (WebCore::RenderBlock::updateFirstLetter):
Location:
trunk
Files:
2 added
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r76198 r76201  
     12011-01-19  Yuzo Fujishima  <yuzo@google.com>
     2
     3        Reviewed by Kent Tamura.
     4
     5        Fix for Bug 52279 - WebCore::RenderBlock::updateFirstLetter crashes for anonymous blocks
     6        https://bugs.webkit.org/show_bug.cgi?id=52279
     7
     8        * fast/css/first-letter-anonymous-block-crash-expected.txt: Added.
     9        * fast/css/first-letter-anonymous-block-crash.html: Added.
     10
    1112011-01-19  James Robinson  <jamesr@chromium.org>
    212
  • trunk/Source/WebCore/ChangeLog

    r76198 r76201  
     12011-01-19  Yuzo Fujishima  <yuzo@google.com>
     2
     3        Reviewed by Kent Tamura.
     4
     5        Fix for Bug 52279 - WebCore::RenderBlock::updateFirstLetter crashes for anonymous blocks
     6        https://bugs.webkit.org/show_bug.cgi?id=52279
     7
     8        In constructing text fragments to handle first-letter rule, first add
     9        the text for the non-first letters and then remove the original text,
     10        rather than the other way around. Otherwise, the text can be added to
     11        an anoymous block that is different from the original one. This breaks
     12        the assumption that a first letter render object has a non-null sibling
     13        for the non-first letters and causes a crash.
     14
     15        Test: fast/css/first-letter-anonymous-block-crash.html
     16
     17        * rendering/RenderBlock.cpp:
     18        (WebCore::RenderBlock::updateFirstLetter):
     19
    1202011-01-19  James Robinson  <jamesr@chromium.org>
    221
  • trunk/Source/WebCore/rendering/RenderBlock.cpp

    r76170 r76201  
    52525252            remainingText->node()->setRenderer(remainingText);
    52535253
    5254         RenderObject* nextObj = textObj->nextSibling();
     5254        firstLetterContainer->addChild(remainingText, textObj);
    52555255        firstLetterContainer->removeChild(textObj);
    5256         firstLetterContainer->addChild(remainingText, nextObj);
    52575256        remainingText->setFirstLetter(firstLetter);
    52585257       
Note: See TracChangeset for help on using the changeset viewer.