ASSERT in RenderLayer::hitTestContents can fire
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 2 Nov 2012 19:15:30 +0000 (19:15 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 2 Nov 2012 19:15:30 +0000 (19:15 +0000)
commit4e525af68c9f476f060308f75ff8ab4b04500197
tree30d74cffa15b27e2532e565b2ed396a11d07b3de
parent466ae84ecffe23f4046cfabfb352b50f15348436
ASSERT in RenderLayer::hitTestContents can fire
https://bugs.webkit.org/show_bug.cgi?id=99656

Reviewed by Eric Seidel.

Source/WebCore:

The issue is that updateHitTestResult and addNodeToRectBasedTestResult
are using two different nodes. Since they aren't consistent, we violate
assertions about only setting the inner node if we're doing a
rect-based hit test. This patch makes the two consistent.

Test: fast/dom/nodesFromRect/nodesFromRect-continuation-crash.html

* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::nodeForHitTest):
(WebCore):
(WebCore::RenderBlock::nodeAtPoint):
(WebCore::RenderBlock::updateHitTestResult):
* rendering/RenderBlock.h:
(RenderBlock):

LayoutTests:

This test ensures that we don't trigger the assert.

* fast/dom/nodesFromRect/nodesFromRect-continuation-crash-expected.txt: Added.
* fast/dom/nodesFromRect/nodesFromRect-continuation-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@133330 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/dom/nodesFromRect/nodesFromRect-continuation-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/dom/nodesFromRect/nodesFromRect-continuation-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/rendering/RenderBlock.cpp
Source/WebCore/rendering/RenderBlock.h