Use RenderBox::previousSiblingBox/nextSiblingBox in RenderMultiColumnFlow
authorzalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 13 Mar 2019 23:36:02 +0000 (23:36 +0000)
committerzalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 13 Mar 2019 23:36:02 +0000 (23:36 +0000)
https://bugs.webkit.org/show_bug.cgi?id=195701
<rdar://problem/48448658>

Reviewed by Simon Fraser.

Source/WebCore:

It's safer to use existing RenderBox functions to get sibling boxes.

Test: fast/ruby/crash-when-paginated-ruby.html

* rendering/RenderMultiColumnFlow.cpp:
(WebCore::RenderMultiColumnFlow::nextColumnSetOrSpannerSiblingOf):
(WebCore::RenderMultiColumnFlow::previousColumnSetOrSpannerSiblingOf):

LayoutTests:

* fast/ruby/crash-when-paginated-ruby-expected.txt: Added.
* fast/ruby/crash-when-paginated-ruby.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@242919 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/ruby/crash-when-paginated-ruby-expected.txt [new file with mode: 0644]
LayoutTests/fast/ruby/crash-when-paginated-ruby.html [new file with mode: 0644]
LayoutTests/platform/mac/TestExpectations
Source/WebCore/ChangeLog
Source/WebCore/rendering/RenderMultiColumnFlow.cpp

index adbccfa..5be5643 100644 (file)
@@ -1,3 +1,14 @@
+2019-03-13  Zalan Bujtas  <zalan@apple.com>
+
+        Use RenderBox::previousSiblingBox/nextSiblingBox in RenderMultiColumnFlow
+        https://bugs.webkit.org/show_bug.cgi?id=195701
+        <rdar://problem/48448658>
+
+        Reviewed by Simon Fraser.
+
+        * fast/ruby/crash-when-paginated-ruby-expected.txt: Added.
+        * fast/ruby/crash-when-paginated-ruby.html: Added.
+
 2019-03-13  Wenson Hsieh  <wenson_hsieh@apple.com>
 
         Fix an edge case where HTMLFormElement::removeFormElement is invoked twice with the same element
diff --git a/LayoutTests/fast/ruby/crash-when-paginated-ruby-expected.txt b/LayoutTests/fast/ruby/crash-when-paginated-ruby-expected.txt
new file mode 100644 (file)
index 0000000..ca376ed
--- /dev/null
@@ -0,0 +1 @@
+click me Pass if no crash.
diff --git a/LayoutTests/fast/ruby/crash-when-paginated-ruby.html b/LayoutTests/fast/ruby/crash-when-paginated-ruby.html
new file mode 100644 (file)
index 0000000..0f494cb
--- /dev/null
@@ -0,0 +1,16 @@
+<style>
+ruby {
+    float:left;
+    column-count: 2;
+}
+</style>               
+<ruby id=ruby>content</ruby>
+Pass if no crash.
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+document.body.offsetHeight;
+ruby.innerHTML="<button>click me</button>";    
+styleSheet = document.styleSheets[0];
+styleSheet.addRule('#ruby::before','content: counter(coun2)');
+</script>
index 9cd159d..827187a 100644 (file)
@@ -152,6 +152,7 @@ fast/mediastream/RTCPeerConnection-stats.html [ Skip ]
 
 # Asserts in debug.
 [ Debug ] fast/images/large-size-image-crash.html [ Skip ]
+[ Debug ] fast/ruby/crash-when-paginated-ruby.html [ Skip ]
 
 webkit.org/b/188061 [ Debug ] webgl/2.0.0/conformance2/glsl3/compound-assignment-type-combination.html [ Slow ]
 
index b104a91..f0c9b3c 100644 (file)
@@ -1,3 +1,19 @@
+2019-03-13  Zalan Bujtas  <zalan@apple.com>
+
+        Use RenderBox::previousSiblingBox/nextSiblingBox in RenderMultiColumnFlow
+        https://bugs.webkit.org/show_bug.cgi?id=195701
+        <rdar://problem/48448658>
+
+        Reviewed by Simon Fraser.
+
+        It's safer to use existing RenderBox functions to get sibling boxes.
+
+        Test: fast/ruby/crash-when-paginated-ruby.html
+
+        * rendering/RenderMultiColumnFlow.cpp:
+        (WebCore::RenderMultiColumnFlow::nextColumnSetOrSpannerSiblingOf):
+        (WebCore::RenderMultiColumnFlow::previousColumnSetOrSpannerSiblingOf):
+
 2019-03-13  Keith Rollin  <krollin@apple.com>
 
         Add support for new StagedFrameworks layout
index 06e3c3c..c866c34 100644 (file)
@@ -93,21 +93,16 @@ RenderBox* RenderMultiColumnFlow::firstColumnSetOrSpanner() const
 
 RenderBox* RenderMultiColumnFlow::nextColumnSetOrSpannerSiblingOf(const RenderBox* child)
 {
-    if (!child)
-        return nullptr;
-    if (RenderObject* sibling = child->nextSibling())
-        return downcast<RenderBox>(sibling);
-    return nullptr;
+    return child ? child->nextSiblingBox() : nullptr;
 }
 
 RenderBox* RenderMultiColumnFlow::previousColumnSetOrSpannerSiblingOf(const RenderBox* child)
 {
     if (!child)
         return nullptr;
-    if (RenderObject* sibling = child->previousSibling()) {
-        if (is<RenderFragmentedFlow>(*sibling))
-            return nullptr;
-        return downcast<RenderBox>(sibling);
+    if (auto* sibling = child->previousSiblingBox()) {
+        if (!is<RenderFragmentedFlow>(*sibling))
+            return sibling;
     }
     return nullptr;
 }