2009-07-27 Ojan Vafai <ojan@chromium.org>
authorojan@chromium.org <ojan@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 27 Jul 2009 22:45:37 +0000 (22:45 +0000)
committerojan@chromium.org <ojan@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 27 Jul 2009 22:45:37 +0000 (22:45 +0000)
commita3671c27947186195d00936b0a3fbe3631a4ed0b
treeeeb4b8b6f64603ed017817cd1d56293707302c2f
parent13de78296ed24da4a013aaad2dded483733eb5de
2009-07-27  Ojan Vafai  <ojan@chromium.org>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=27474
        Tests crashes when calling select, setSelectionRange or setting
        selectionStart/selectionEnd on a textarea/input immediately after
        setting display:none.

        * fast/dom/text-control-crash-on-select-expected.txt: Added.
        * fast/dom/text-control-crash-on-select.html: Added.

2009-07-27  Ojan Vafai  <ojan@chromium.org>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=27474
        Fixes crashes due to renderer getting destroyed in updateLayout.
        We need to call updateLayout before we call into the renderer.
        Removed the updateLayout call from RenderTextControl and moved it
        into the calling sites.

        Also changes updateLayout to updateLayoutIgnorePendingStylesheets so
        this works with pending stylesheets. Unfortunately, this seems to be
        untestable. Loading an external stylesheet and then having an inline
        script hit this code did not result in an pending stylesheets.

        The are other cases of this bug in the rendering code. I'll file a
        followup bug to audit the calls to updateLayout.

        Test: fast/dom/text-control-crash-on-select.html

        * dom/Document.h:
        (WebCore::Document::inStyleRecalc): Added so the ASSERTs in updateFocusAppearance
            and setSelectionRange could deal with cases of reentrancy into updateLayout
            calls. This happens in a couple layout tests.
        * dom/InputElement.cpp:
        (WebCore::InputElement::updateSelectionRange):
        * html/HTMLInputElement.cpp:
        (WebCore::isTextFieldWithRendererAfterUpdateLayout):
        (WebCore::HTMLInputElement::setSelectionStart):
        (WebCore::HTMLInputElement::setSelectionEnd):
        (WebCore::HTMLInputElement::select):
        * html/HTMLTextAreaElement.cpp:
        (WebCore::rendererAfterUpdateLayout):
        (WebCore::HTMLTextAreaElement::setSelectionStart):
        (WebCore::HTMLTextAreaElement::setSelectionEnd):
        (WebCore::HTMLTextAreaElement::select):
        (WebCore::HTMLTextAreaElement::setSelectionRange):
        (WebCore::HTMLTextAreaElement::updateFocusAppearance):
        * rendering/RenderTextControl.cpp:
        (WebCore::RenderTextControl::setSelectionRange):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@46437 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/dom/text-control-crash-on-select-expected.txt [new file with mode: 0644]
LayoutTests/fast/dom/text-control-crash-on-select.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/dom/Document.cpp
WebCore/dom/Document.h
WebCore/dom/InputElement.cpp
WebCore/html/HTMLInputElement.cpp
WebCore/html/HTMLTextAreaElement.cpp
WebCore/rendering/RenderTextControl.cpp