third_party/WebKit/Source/core/layout/FloatingObjects.cpp - Issue 2455973005: Copy float list of ruby base when merging it with a sibling

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/WebKit/Source/core/layout/FloatingObjects.cpp

Issue 2455973005: Copy float list of ruby base when merging it with a sibling (Closed)

Patch Set: Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « third_party/WebKit/Source/core/layout/FloatingObjects.h ('k') | third_party/WebKit/Source/core/layout/LayoutRubyBase.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/core/layout/FloatingObjects.cpp

diff --git a/third_party/WebKit/Source/core/layout/FloatingObjects.cpp b/third_party/WebKit/Source/core/layout/FloatingObjects.cpp

index 544099b4ba5ad82d533d53b3d23ba63eff60fd39..8bbbad58dae4f6073db872b4be1c2f12f7eb70f1 100644

--- a/third_party/WebKit/Source/core/layout/FloatingObjects.cpp

+++ b/third_party/WebKit/Source/core/layout/FloatingObjects.cpp

@@ -73,8 +73,7 @@ FloatingObject::FloatingObject(LayoutBox* layoutObject,

const LayoutRect& frameRect,

bool shouldPaint,

bool isDescendant,

- bool isLowestNonOverhangingFloatInChild,

- bool performingUnsafeClone)

+ bool isLowestNonOverhangingFloatInChild)

: m_layoutObject(layoutObject),

m_originatingLine(nullptr),

m_frameRect(frameRect),

@@ -87,16 +86,7 @@ FloatingObject::FloatingObject(LayoutBox* layoutObject,

m_isInPlacedTree(false)

#endif

{

- m_shouldPaint = shouldPaint;

- // TODO(chrishtr): Avoid the following hack when performing an unsafe clone.

- // This avoids a use-after-free bug due to the fact that we sometimes fail to

- // remove floats from their container when detaching (crbug.com/619380).

- // This is actually a bug in the floats detach machinery, which needs to be

- // fixed, in which case this workaround can be removed. In any case, it should

- // be safe because moving floats from one owner to another should cause

- // layout, which will in turn update the m_shouldPaint property.

- if (!performingUnsafeClone)

- m_shouldPaint = m_shouldPaint || shouldPaintForCompositedLayoutPart();

+ m_shouldPaint = shouldPaint || shouldPaintForCompositedLayoutPart();

}

bool FloatingObject::shouldPaintForCompositedLayoutPart() {

@@ -144,9 +134,9 @@ std::unique_ptr<FloatingObject> FloatingObject::copyToNewContainer(

}

std::unique_ptr<FloatingObject> FloatingObject::unsafeClone() const {

- std::unique_ptr<FloatingObject> cloneObject = wrapUnique(

- new FloatingObject(layoutObject(), getType(), m_frameRect, m_shouldPaint,

- m_isDescendant, false, true));

+ std::unique_ptr<FloatingObject> cloneObject =

+ wrapUnique(new FloatingObject(layoutObject(), getType(), m_frameRect,

+ m_shouldPaint, m_isDescendant, false));

cloneObject->m_isPlaced = m_isPlaced;

return cloneObject;

}