Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(275)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/WebCore/rendering/RenderBox.cpp

Issue 9071024: Merge 102875 - Crash due to incorrect parsing of isolates (Closed) Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/963/
Patch Set: Created 8 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/WebCore/rendering/RenderBlockLineLayout.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2005 Allan Sandfeld Jensen (kde@carewolf.com) 4 * (C) 2005 Allan Sandfeld Jensen (kde@carewolf.com)
5 * (C) 2005, 2006 Samuel Weinig (sam.weinig@gmail.com) 5 * (C) 2005, 2006 Samuel Weinig (sam.weinig@gmail.com)
6 * Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010 Apple Inc. All rights reserv ed. 6 * Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010 Apple Inc. All rights reserv ed.
7 * 7 *
8 * This library is free software; you can redistribute it and/or 8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Library General Public 9 * modify it under the terms of the GNU Library General Public
10 * License as published by the Free Software Foundation; either 10 * License as published by the Free Software Foundation; either
(...skipping 1459 matching lines...) Expand 10 before | Expand all | Expand 10 after
1470 layer()->setStaticBlockPosition(box->logicalTop()); 1470 layer()->setStaticBlockPosition(box->logicalTop());
1471 if (style()->hasStaticBlockPosition(box->isHorizontal())) 1471 if (style()->hasStaticBlockPosition(box->isHorizontal()))
1472 setChildNeedsLayout(true, false); // Just go ahead and mark the positioned object as needing layout, so it will update its position properly. 1472 setChildNeedsLayout(true, false); // Just go ahead and mark the positioned object as needing layout, so it will update its position properly.
1473 } 1473 }
1474 1474
1475 // Nuke the box. 1475 // Nuke the box.
1476 box->remove(); 1476 box->remove();
1477 box->destroy(renderArena()); 1477 box->destroy(renderArena());
1478 } else if (isReplaced()) { 1478 } else if (isReplaced()) {
1479 setLocation(roundedLayoutPoint(box->topLeft())); 1479 setLocation(roundedLayoutPoint(box->topLeft()));
1480 // m_inlineBoxWrapper should already be 0. Deleting it is a safeguard ag ainst security issues.
1480 ASSERT(!m_inlineBoxWrapper); 1481 ASSERT(!m_inlineBoxWrapper);
1482 if (m_inlineBoxWrapper)
1483 deleteLineBoxWrapper();
1481 m_inlineBoxWrapper = box; 1484 m_inlineBoxWrapper = box;
1482 } 1485 }
1483 } 1486 }
1484 1487
1485 void RenderBox::deleteLineBoxWrapper() 1488 void RenderBox::deleteLineBoxWrapper()
1486 { 1489 {
1487 if (m_inlineBoxWrapper) { 1490 if (m_inlineBoxWrapper) {
1488 if (!documentBeingDestroyed()) 1491 if (!documentBeingDestroyed())
1489 m_inlineBoxWrapper->remove(); 1492 m_inlineBoxWrapper->remove();
1490 m_inlineBoxWrapper->destroy(renderArena()); 1493 m_inlineBoxWrapper->destroy(renderArena());
(...skipping 2402 matching lines...) Expand 10 before | Expand all | Expand 10 after
3893 RenderBlock* containerBlock = containingBlock(); 3896 RenderBlock* containerBlock = containingBlock();
3894 if (!containerBlock || containerBlock == this) 3897 if (!containerBlock || containerBlock == this)
3895 return locationOffset(); 3898 return locationOffset();
3896 3899
3897 LayoutRect rect(frameRect()); 3900 LayoutRect rect(frameRect());
3898 containerBlock->flipForWritingMode(rect); // FIXME: This is wrong if we are an absolutely positioned object enclosed by a relative-positioned inline. 3901 containerBlock->flipForWritingMode(rect); // FIXME: This is wrong if we are an absolutely positioned object enclosed by a relative-positioned inline.
3899 return LayoutSize(rect.x(), rect.y()); 3902 return LayoutSize(rect.x(), rect.y());
3900 } 3903 }
3901 3904
3902 } // namespace WebCore 3905 } // namespace WebCore
OLDNEW
« no previous file with comments | « Source/WebCore/rendering/RenderBlockLineLayout.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698