Crash in RenderFlowThread::setRegionBoxesRegionStyle
authormihnea@adobe.com <mihnea@adobe.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 13 Feb 2012 23:28:30 +0000 (23:28 +0000)
committermihnea@adobe.com <mihnea@adobe.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 13 Feb 2012 23:28:30 +0000 (23:28 +0000)
commitdaa4f2958bfc654731ddda3603ba2a73f9461aee
tree7d7615bd617340bc6f5b0c4f0bc4d86b558f1625
parentf4a7aafdcba8b3532fbe7935b2adcd2ac3a86054
Crash in RenderFlowThread::setRegionBoxesRegionStyle
https://bugs.webkit.org/show_bug.cgi?id=78298

Reviewed by David Hyatt.

Source/WebCore:

Test: fast/regions/set-box-style-in-region-crash.html

We have to make sure that anonymous block objects get their information in RenderFlowThread
removed properly.

* dom/Node.cpp:
(WebCore::Node::diff):
Correct a comment.
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::collapseAnonymousBoxChild):
Remove the information for anonymous block from render flow thread.
* rendering/RenderFlowThread.cpp:
(WebCore::RenderFlowThread::removeFlowChildInfo):
(WebCore):
(WebCore::RenderFlowThread::setRegionRangeForBox):
Do not set region range if the flow thread does not have regions.
* rendering/RenderFlowThread.h:
* rendering/RenderObject.cpp:
(WebCore::RenderObject::willBeDestroyed):
Add an assert to make sure that after we remove an object, there is no remaining info
in any render flow thread.

LayoutTests:

* fast/regions/set-box-style-in-region-crash-expected.txt: Added.
* fast/regions/set-box-style-in-region-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@107622 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/regions/set-box-style-in-region-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/regions/set-box-style-in-region-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/dom/Node.cpp
Source/WebCore/rendering/RenderBlock.cpp
Source/WebCore/rendering/RenderFlowThread.cpp
Source/WebCore/rendering/RenderFlowThread.h
Source/WebCore/rendering/RenderObject.cpp