Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(329)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/layout/LayoutTable.cpp

Issue 880113002: Fix crash when establishing an inline continuation inside a block continuation. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Remove assertion in LayoutTable::addChildIgnoringContinuation() - crashed fast/table/crash-bad-chil… Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/layout/LayoutTable.h ('k') | Source/core/rendering/RenderBlock.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1997 Martin Jones (mjones@kde.org) 2 * Copyright (C) 1997 Martin Jones (mjones@kde.org)
3 * (C) 1997 Torben Weis (weis@kde.org) 3 * (C) 1997 Torben Weis (weis@kde.org)
4 * (C) 1998 Waldo Bastian (bastian@kde.org) 4 * (C) 1998 Waldo Bastian (bastian@kde.org)
5 * (C) 1999 Lars Knoll (knoll@kde.org) 5 * (C) 1999 Lars Knoll (knoll@kde.org)
6 * (C) 1999 Antti Koivisto (koivisto@kde.org) 6 * (C) 1999 Antti Koivisto (koivisto@kde.org)
7 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2013 Apple Inc. All rights reserved. 7 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2013 Apple Inc. All rights reserved.
8 * Copyright (C) 2006 Alexey Proskuryakov (ap@nypop.com) 8 * Copyright (C) 2006 Alexey Proskuryakov (ap@nypop.com)
9 * 9 *
10 * This library is free software; you can redistribute it and/or 10 * This library is free software; you can redistribute it and/or
(...skipping 189 matching lines...) Expand 10 before | Expand all | Expand 10 after
200 } 200 }
201 201
202 if (beforeChild && !beforeChild->isTableSection() && needsTableSection(befor eChild)) 202 if (beforeChild && !beforeChild->isTableSection() && needsTableSection(befor eChild))
203 beforeChild = 0; 203 beforeChild = 0;
204 204
205 LayoutTableSection* section = LayoutTableSection::createAnonymousWithParentR enderer(this); 205 LayoutTableSection* section = LayoutTableSection::createAnonymousWithParentR enderer(this);
206 addChild(section, beforeChild); 206 addChild(section, beforeChild);
207 section->addChild(child); 207 section->addChild(child);
208 } 208 }
209 209
210 void LayoutTable::addChildIgnoringContinuation(RenderObject* newChild, RenderObj ect* beforeChild)
211 {
212 // We need to bypass the RenderBlock implementation and instead do a normal addChild() (or we
213 // won't get there at all), so that any missing anonymous table part rendere rs are
214 // inserted. Otherwise we might end up with an insane render tree with inlin es or blocks as
215 // direct children of a table, which will break assumptions made all over th e code, which may
216 // lead to crashers and security issues.
217 addChild(newChild, beforeChild);
218 }
219
210 void LayoutTable::addCaption(const LayoutTableCaption* caption) 220 void LayoutTable::addCaption(const LayoutTableCaption* caption)
211 { 221 {
212 ASSERT(m_captions.find(caption) == kNotFound); 222 ASSERT(m_captions.find(caption) == kNotFound);
213 m_captions.append(const_cast<LayoutTableCaption*>(caption)); 223 m_captions.append(const_cast<LayoutTableCaption*>(caption));
214 } 224 }
215 225
216 void LayoutTable::removeCaption(const LayoutTableCaption* oldCaption) 226 void LayoutTable::removeCaption(const LayoutTableCaption* oldCaption)
217 { 227 {
218 size_t index = m_captions.find(oldCaption); 228 size_t index = m_captions.find(oldCaption);
219 ASSERT(index != kNotFound); 229 ASSERT(index != kNotFound);
(...skipping 1124 matching lines...) Expand 10 before | Expand all | Expand 10 after
1344 const BorderValue& LayoutTable::tableEndBorderAdjoiningCell(const LayoutTableCel l* cell) const 1354 const BorderValue& LayoutTable::tableEndBorderAdjoiningCell(const LayoutTableCel l* cell) const
1345 { 1355 {
1346 ASSERT(cell->isFirstOrLastCellInRow()); 1356 ASSERT(cell->isFirstOrLastCellInRow());
1347 if (hasSameDirectionAs(cell->row())) 1357 if (hasSameDirectionAs(cell->row()))
1348 return style()->borderEnd(); 1358 return style()->borderEnd();
1349 1359
1350 return style()->borderStart(); 1360 return style()->borderStart();
1351 } 1361 }
1352 1362
1353 } 1363 }
OLDNEW
« no previous file with comments | « Source/core/layout/LayoutTable.h ('k') | Source/core/rendering/RenderBlock.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698