Changeset 77988 in webkit

Timestamp:

Feb 8, 2011 4:25:53 PM (13 years ago)

Author:

yael.aharon@nokia.com

Message:

2011-02-08 Yael Aharon <​yael.aharon@nokia.com>

Reviewed by Antti Koivisto.

Crash when logging into gmail.com with frame flattening turned on.
​https://bugs.webkit.org/show_bug.cgi?id=52449

• fast/frames/flattening/iframe-flattening-crash-expected.txt: Added.
• fast/frames/flattening/iframe-flattening-crash.html: Added.
• fast/frames/flattening/iframe-flattening-selection-crash-expected.txt: Added.
• fast/frames/flattening/iframe-flattening-selection-crash.html: Added.
• fast/frames/flattening/resources/iframe-flattening-crash.html: Added.

2011-02-08 Yael Aharon <​yael.aharon@nokia.com>

Reviewed by Antti Koivisto.

Crash when logging into gmail.com with frame flattening turned on.
​https://bugs.webkit.org/show_bug.cgi?id=52449

Frame flattening algorithm requires that layout always starts from the main frame, since layout of
subframes impacts the layout of their parents.
There are places in the code that call view->layout() not on the main frame.
Instead of changing all the callsites, I changed FrameView::layout()
to force layout from the main frame if frame flattening is enabled.
In addition, postLayoutTasks can trigger relayout, so make it use the timer even more.
Move the call to SelectionController::updateAppearance() to performPostLayoutTasks(),
because calling the from layout() leads to a crash in pages that have a selection in an iframe.

Tests: fast/frames/flattening/iframe-flattening-crash.html

fast/frames/flattening/iframe-flattening-selection-crash.html

• page/FrameView.cpp: (WebCore::FrameView::layout): (WebCore::FrameView::performPostLayoutTasks):

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/frames/flattening/iframe-flattening-crash-expected.txt (added)
• LayoutTests/fast/frames/flattening/iframe-flattening-crash.html (added)
• LayoutTests/fast/frames/flattening/iframe-flattening-selection-crash-expected.txt (added)
• LayoutTests/fast/frames/flattening/iframe-flattening-selection-crash.html (added)
• LayoutTests/fast/frames/flattening/resources/iframe-flattening-crash.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/page/FrameView.cpp (modified) (6 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2011-02-08  Yael Aharon  <yael.aharon@nokia.com>
+
+        Reviewed by Antti Koivisto.
+
+        Crash when logging into gmail.com with frame flattening turned on.
+        https://bugs.webkit.org/show_bug.cgi?id=52449
+
+        * fast/frames/flattening/iframe-flattening-crash-expected.txt: Added.
+        * fast/frames/flattening/iframe-flattening-crash.html: Added.
+        * fast/frames/flattening/iframe-flattening-selection-crash-expected.txt: Added.
+        * fast/frames/flattening/iframe-flattening-selection-crash.html: Added.
+        * fast/frames/flattening/resources/iframe-flattening-crash.html: Added.
+
 2011-02-08  Andy Estes  <aestes@apple.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-02-08  Yael Aharon  <yael.aharon@nokia.com>
+
+        Reviewed by Antti Koivisto.
+
+        Crash when logging into gmail.com with frame flattening turned on.
+        https://bugs.webkit.org/show_bug.cgi?id=52449
+
+        Frame flattening algorithm requires that layout always starts from the main frame, since layout of
+        subframes impacts the layout of their parents. 
+        There are places in the code that call view->layout() not on the main frame.
+        Instead of changing all the callsites, I changed FrameView::layout()
+        to force layout from the main frame if frame flattening is enabled.
+        In addition, postLayoutTasks can trigger relayout, so make it use the timer even more.
+        Move the call to SelectionController::updateAppearance() to performPostLayoutTasks(), 
+        because calling the from layout() leads to a crash in pages that have a selection in an iframe.
+
+        Tests: fast/frames/flattening/iframe-flattening-crash.html
+               fast/frames/flattening/iframe-flattening-selection-crash.html
+
+        * page/FrameView.cpp:
+        (WebCore::FrameView::layout):
+        (WebCore::FrameView::performPostLayoutTasks):
+
 2011-02-08  Andy Estes  <aestes@apple.com>
 

trunk/Source/WebCore/page/FrameView.cpp

@@ -726 +726 @@
         return;
 
+    bool inSubframeLayoutWithFrameFlattening = parent() && m_frame->settings() && m_frame->settings()->frameFlatteningEnabled();
+
+    if (inSubframeLayoutWithFrameFlattening) {
+        if (parent()->isFrameView()) {
+            FrameView* parentView =   static_cast<FrameView*>(parent());
+            if (!parentView->m_nestedLayoutCount) {
+                while (parentView->parent() && parentView->parent()->isFrameView())
+                    parentView = static_cast<FrameView*>(parentView->parent());
+                parentView->layout(allowSubtree);
+                return;
+            }
+        }
+    }
+
     m_layoutTimer.stop();
     m_delayedLayout = false;
@@ -758 +772 @@
     m_layoutSchedulingEnabled = false;
 
-    if (!m_nestedLayoutCount && !m_inSynchronousPostLayout && m_hasPendingPostLayoutTasks) {
+    if (!m_nestedLayoutCount && !m_inSynchronousPostLayout && m_hasPendingPostLayoutTasks && !inSubframeLayoutWithFrameFlattening) {
         // This is a new top-level layout. If there are any remaining tasks from the previous
         // layout, finish them now.
@@ -896 +910 @@
     m_layoutRoot = 0;
 
-    m_frame->selection()->setCaretRectNeedsUpdate();
-    m_frame->selection()->updateAppearance();
-   
     m_layoutSchedulingEnabled = true;
 
@@ -937 +948 @@
 
     if (!m_hasPendingPostLayoutTasks) {
-        if (!m_inSynchronousPostLayout) {
+        if (!m_inSynchronousPostLayout && !inSubframeLayoutWithFrameFlattening) {
             m_inSynchronousPostLayout = true;
             // Calls resumeScheduledEvents()
@@ -944 +955 @@
         }
 
-        if (!m_hasPendingPostLayoutTasks && (needsLayout() || m_inSynchronousPostLayout)) {
+        if (!m_hasPendingPostLayoutTasks && (needsLayout() || m_inSynchronousPostLayout || inSubframeLayoutWithFrameFlattening)) {
             // If we need layout or are already in a synchronous call to postLayoutTasks(), 
             // defer widget updates and event dispatch until after we return. postLayoutTasks()
@@ -1849 +1860 @@
 {
     m_hasPendingPostLayoutTasks = false;
+
+    m_frame->selection()->setCaretRectNeedsUpdate();
+    m_frame->selection()->updateAppearance();
 
     if (m_firstLayoutCallbackPending) {