Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(547)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/layout/BidiRunForLine.cpp

Issue 1328633002: Fix nested 'unicode-bidi: isolate' can cause infinite loop (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Add const (eae's nit) Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « LayoutTests/fast/text/international/unicode-bidi-isolate-nested-crash-expected.html ('k') | Source/core/layout/line/InlineIterator.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/layout/BidiRunForLine.cpp
diff --git a/Source/core/layout/BidiRunForLine.cpp b/Source/core/layout/BidiRunForLine.cpp
index 9944f663c43c817410c7e32f0ed5392b0e0d2687..3a65ac884ed7ad21d7875979973e73040abc2f0a 100644
--- a/Source/core/layout/BidiRunForLine.cpp
+++ b/Source/core/layout/BidiRunForLine.cpp
@@ -137,11 +137,25 @@ void constructBidiRunsForLine(InlineBidiResolver& topResolver,
// of the resolver owning the runs.
ASSERT(&topResolver.runs() == &bidiRuns);
ASSERT(topResolver.position() != endOfLine);
- LayoutObject* currentRoot = topResolver.position().root();
+ const LayoutObject* currentRoot = topResolver.position().root();
topResolver.createBidiRunsForLine(endOfLine, override,
previousLineBrokeCleanly);
+ struct BidiRunsWithRoot {
+ const LayoutObject* root;
+ Vector<BidiRun*> isolatedRuns;
+ };
+ Vector<BidiRunsWithRoot> isolatedRunsStack;
+
+ while (true) {
+ if (topResolver.isolatedRuns().isEmpty()) {
+ if (isolatedRunsStack.isEmpty())
+ break;
+ topResolver.isolatedRuns().appendVector(isolatedRunsStack.last().isolatedRuns);
+ ASSERT(!topResolver.isolatedRuns().isEmpty());
+ currentRoot = isolatedRunsStack.last().root;
+ isolatedRunsStack.removeLast();
+ }
- while (!topResolver.isolatedRuns().isEmpty()) {
// It does not matter which order we resolve the runs as long as we
// resolve them all.
BidiRun* isolatedRun = topResolver.isolatedRuns().last();
@@ -157,7 +171,8 @@ void constructBidiRunsForLine(InlineBidiResolver& topResolver,
// but that would be a layering violation for BidiResolver (which knows
// nothing about LayoutObject).
LayoutInline* isolatedInline = toLayoutInline(
- highestContainingIsolateWithinRoot(LineLayoutItem(startObj), LineLayoutItem(currentRoot)));
+ highestContainingIsolateWithinRoot(LineLayoutItem(startObj),
+ LineLayoutItem(const_cast<LayoutObject*>(currentRoot))));
ASSERT(isolatedInline);
InlineBidiResolver isolatedResolver;
@@ -199,12 +214,13 @@ void constructBidiRunsForLine(InlineBidiResolver& topResolver,
if (isolatedResolver.runs().runCount())
bidiRuns.replaceRunWithRuns(isolatedRun, isolatedResolver.runs());
- // If we encountered any nested isolate runs, just move them
- // to the top resolver's list for later processing.
+ // If we encountered any nested isolate runs, save them for later
+ // processing.
if (!isolatedResolver.isolatedRuns().isEmpty()) {
- topResolver.isolatedRuns().appendVector(
+ isolatedRunsStack.resize(isolatedRunsStack.size() + 1);
+ isolatedRunsStack.last().isolatedRuns.appendVector(
isolatedResolver.isolatedRuns());
- currentRoot = isolatedInline;
+ isolatedRunsStack.last().root = isolatedInline;
restoreIsolatedMidpointStates(topResolver, isolatedResolver);
}
}
« no previous file with comments | « LayoutTests/fast/text/international/unicode-bidi-isolate-nested-crash-expected.html ('k') | Source/core/layout/line/InlineIterator.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698