Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(78)

Issue 9263001: Merge 104183 - Source/WebCore: Crash due to reparenting of relpositioned object under anonymous b... (Closed)

Created:
8 years, 11 months ago by Cris Neckar
Modified:
8 years, 11 months ago
Reviewers:
commit-queue
CC:
chromium-reviews
Base URL:
http://svn.webkit.org/repository/webkit/branches/chromium/963/
Visibility:
Public.

Description

Merge 104183 - Source/WebCore: Crash due to reparenting of relpositioned object under anonymous block https://bugs.webkit.org/show_bug.cgi?id=70848 The associated test case creates a condition where a relative positioned renderer is a descendant of an anonymous block for a table column. The anonymous block is the containingBlock() for the relpositioned renderer. Removal of a div causes the anonymous blocks to be merged, and the renderer becomes a descendant of a different block. Since the new containingBlock() has an empty positionedObject list, the relpositioned renderer does not get layout after being dirtied. This patch changes containingBlock() so that it returns the container of an anonymous block for positioned objects, not the anonymous block itself. It also adds an ASSERT to insertPositionedObject() to flag any other cases where something is trying to create a positioned object list on an anonymous block. Patch by Ken Buchanan <kenrb@chromium.org>; on 2012-01-05 Reviewed by David Hyatt. * rendering/RenderBlock.cpp: (WebCore::RenderBlock::insertPositionedObject): * rendering/RenderObject.cpp: (WebCore::RenderObject::containingBlock): LayoutTests: Crash due to reparenting of relpositioned object in table https://bugs.webkit.org/show_bug.cgi?id=70848 Adding test that exercises the crash condition in bug 70848. Patch by Ken Buchanan <kenrb@chromium.org>; on 2012-01-05 Reviewed by David Hyatt. * fast/css/relative-position-replaced-in-table-display-crash-expected.txt: Added * fast/css/relative-position-replaced-in-table-display-crash.html: Added Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=105338

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+7 lines, -1 line) Patch
A + LayoutTests/fast/css/relative-position-replaced-in-table-display-crash.html View 0 chunks +-1 lines, --1 lines 0 comments Download
A + LayoutTests/fast/css/relative-position-replaced-in-table-display-crash-expected.txt View 0 chunks +-1 lines, --1 lines 0 comments Download
M Source/WebCore/rendering/RenderBlock.cpp View 1 chunk +2 lines, -0 lines 0 comments Download
M Source/WebCore/rendering/RenderObject.cpp View 1 chunk +7 lines, -3 lines 0 comments Download

Messages

Total messages: 1 (0 generated)
Cris Neckar
8 years, 11 months ago (2012-01-19 00:12:44 UTC) #1

          

Powered by Google App Engine
This is Rietveld 408576698