Crash in WebCore::RenderBlock::removeChild
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 22 Aug 2012 15:34:57 +0000 (15:34 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 22 Aug 2012 15:34:57 +0000 (15:34 +0000)
https://bugs.webkit.org/show_bug.cgi?id=93879

Patch by Raul Hudea <rhudea@adobe.com> on 2012-08-22
Reviewed by Abhishek Arya.

Source/WebCore:

By adding the lifetime state to the RenderNamedFlowThread (r122556), it become possible for the a RenderRegion object to delete its sibling,
the RenderNamedFlowThread. This is unexpected in the rendering world and cause problems in RenderBlock::removeChild where we retain previous
and next sibling pointers.
So, all the RenderNamedFlowThread are created under a RenderFlowThreadContainer object insted of the RenderView. The new object is created only
when the first named flow is created.

Test: fast/regions/remove-flow-thread-crash.html

* CMakeLists.txt:
* GNUmakefile.list.am:
* Target.pri:
* WebCore.gypi:
* WebCore.vcproj/WebCore.vcproj:
* WebCore.xcodeproj/project.pbxproj:
* rendering/FlowThreadController.cpp:
(WebCore::FlowThreadController::FlowThreadController): Added initialization for the new RenderFlowThreadContainer member
(WebCore::FlowThreadController::ensureRenderFlowThreadWithName): Added the creation of the RenderFlowThreadContainer object and use it as a parent for all RenderNamedFlowThreads
(WebCore::FlowThreadController::styleDidChange): Inform all the RenderNamedFlowThreads that the style changed in regions (initially this code was in RenderView, but now all RenderNamedFlowThreads are children of RenderFlowThreadContainer)
(WebCore):
* rendering/FlowThreadController.h:
(WebCore):
(FlowThreadController):
* rendering/RenderFlowThreadContainer.cpp: Added.
(WebCore):
(WebCore::RenderFlowThreadContainer::RenderFlowThreadContainer):
(WebCore::RenderFlowThreadContainer::layout):
* rendering/RenderFlowThreadContainer.h: Added.
* rendering/RenderObject.cpp:
(WebCore::RenderObject::markContainingBlocksForLayout): Skip to RenderView if the current object is an RenderFlowThreadContainer.
* rendering/RenderObject.h:
(WebCore::RenderObject::isRenderFlowThreadContainer):
* rendering/RenderView.cpp:
(WebCore::RenderView::styleDidChange): Moved the code associated to RenderNamedFlowThreads to FlowThreadController:styleDidChange and call it instead.

LayoutTests:

Test the region-flow_thread sibling case

* fast/regions/remove-flow-thread-crash-expected.txt: Added.
* fast/regions/remove-flow-thread-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@126304 268f45cc-cd09-0410-ab3c-d52691b4dbfc

17 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/regions/remove-flow-thread-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/regions/remove-flow-thread-crash.html [new file with mode: 0644]
Source/WebCore/CMakeLists.txt
Source/WebCore/ChangeLog
Source/WebCore/GNUmakefile.list.am
Source/WebCore/Target.pri
Source/WebCore/WebCore.gypi
Source/WebCore/WebCore.vcproj/WebCore.vcproj
Source/WebCore/WebCore.xcodeproj/project.pbxproj
Source/WebCore/rendering/FlowThreadController.cpp
Source/WebCore/rendering/FlowThreadController.h
Source/WebCore/rendering/RenderFlowThreadContainer.cpp [new file with mode: 0644]
Source/WebCore/rendering/RenderFlowThreadContainer.h [new file with mode: 0644]
Source/WebCore/rendering/RenderObject.cpp
Source/WebCore/rendering/RenderObject.h
Source/WebCore/rendering/RenderView.cpp

index 443ce32..275d615 100644 (file)
@@ -1,3 +1,15 @@
+2012-08-22  Raul Hudea  <rhudea@adobe.com>
+
+        Crash in WebCore::RenderBlock::removeChild
+        https://bugs.webkit.org/show_bug.cgi?id=93879
+
+        Reviewed by Abhishek Arya.
+
+        Test the region-flow_thread sibling case
+
+        * fast/regions/remove-flow-thread-crash-expected.txt: Added.
+        * fast/regions/remove-flow-thread-crash.html: Added.
+
 2012-08-22  Sheriff Bot  <webkit.review.bot@gmail.com>
 
         Unreviewed, rolling out r126287.
diff --git a/LayoutTests/fast/regions/remove-flow-thread-crash-expected.txt b/LayoutTests/fast/regions/remove-flow-thread-crash-expected.txt
new file mode 100644 (file)
index 0000000..09d09da
--- /dev/null
@@ -0,0 +1,2 @@
+Tests that removing a region that is sibling to the flow doesn't crash.
+PASS
diff --git a/LayoutTests/fast/regions/remove-flow-thread-crash.html b/LayoutTests/fast/regions/remove-flow-thread-crash.html
new file mode 100644 (file)
index 0000000..a8da24c
--- /dev/null
@@ -0,0 +1,20 @@
+<html style="-webkit-flow-from: flow">
+<body>
+<script src="../js/resources/js-test-pre.js"></script>
+<script>
+description("Tests that removing a region that is sibling to the flow doesn't crash.");
+if (window.testRunner)
+  testRunner.dumpAsText();
+
+function runTest() {
+  document.open();
+  document.write("Tests that removing a region that is sibling to the flow doesn't crash.<br>");
+  document.write('PASS');
+  document.close();
+}
+
+window.onload=runTest;
+</script>
+<script src="../js/resources/js-test-post.js"></script>
+</body>
+</html>
\ No newline at end of file
index a7ae94f..de95fe1 100644 (file)
@@ -2027,6 +2027,7 @@ SET(WebCore_SOURCES
     rendering/RenderFlexibleBox.cpp
     rendering/RenderGrid.cpp
     rendering/RenderFlowThread.cpp
+    rendering/RenderFlowThreadContainer.cpp
     rendering/RenderFrame.cpp
     rendering/RenderFrameBase.cpp
     rendering/RenderFrameSet.cpp
index 52a0635..9007875 100644 (file)
@@ -1,3 +1,44 @@
+2012-08-22  Raul Hudea  <rhudea@adobe.com>
+
+        Crash in WebCore::RenderBlock::removeChild
+        https://bugs.webkit.org/show_bug.cgi?id=93879
+
+        Reviewed by Abhishek Arya.
+
+        By adding the lifetime state to the RenderNamedFlowThread (r122556), it become possible for the a RenderRegion object to delete its sibling,
+        the RenderNamedFlowThread. This is unexpected in the rendering world and cause problems in RenderBlock::removeChild where we retain previous
+        and next sibling pointers.
+        So, all the RenderNamedFlowThread are created under a RenderFlowThreadContainer object insted of the RenderView. The new object is created only
+        when the first named flow is created.
+
+        Test: fast/regions/remove-flow-thread-crash.html
+
+        * CMakeLists.txt:
+        * GNUmakefile.list.am:
+        * Target.pri:
+        * WebCore.gypi:
+        * WebCore.vcproj/WebCore.vcproj:
+        * WebCore.xcodeproj/project.pbxproj:
+        * rendering/FlowThreadController.cpp:
+        (WebCore::FlowThreadController::FlowThreadController): Added initialization for the new RenderFlowThreadContainer member
+        (WebCore::FlowThreadController::ensureRenderFlowThreadWithName): Added the creation of the RenderFlowThreadContainer object and use it as a parent for all RenderNamedFlowThreads
+        (WebCore::FlowThreadController::styleDidChange): Inform all the RenderNamedFlowThreads that the style changed in regions (initially this code was in RenderView, but now all RenderNamedFlowThreads are children of RenderFlowThreadContainer)
+        (WebCore):
+        * rendering/FlowThreadController.h:
+        (WebCore):
+        (FlowThreadController):
+        * rendering/RenderFlowThreadContainer.cpp: Added.
+        (WebCore):
+        (WebCore::RenderFlowThreadContainer::RenderFlowThreadContainer):
+        (WebCore::RenderFlowThreadContainer::layout):
+        * rendering/RenderFlowThreadContainer.h: Added.
+        * rendering/RenderObject.cpp:
+        (WebCore::RenderObject::markContainingBlocksForLayout): Skip to RenderView if the current object is an RenderFlowThreadContainer.
+        * rendering/RenderObject.h:
+        (WebCore::RenderObject::isRenderFlowThreadContainer):
+        * rendering/RenderView.cpp:
+        (WebCore::RenderView::styleDidChange): Moved the code associated to RenderNamedFlowThreads to FlowThreadController:styleDidChange and call it instead.
+
 2012-08-22  Rob Buis  <rbuis@rim.com>
 
         [BlackBerry] Add RSS content handling support
index b7336cc..6b8044f 100644 (file)
@@ -4869,6 +4869,8 @@ webcore_sources += \
        Source/WebCore/rendering/RenderFlexibleBox.h \
        Source/WebCore/rendering/RenderFlowThread.cpp \
        Source/WebCore/rendering/RenderFlowThread.h \
+       Source/WebCore/rendering/RenderFlowThreadContainer.cpp \
+       Source/WebCore/rendering/RenderFlowThreadContainer.h \
        Source/WebCore/rendering/RenderFrameBase.cpp \
        Source/WebCore/rendering/RenderFrameBase.h \
        Source/WebCore/rendering/RenderFrame.cpp \
index 582fd9e..b6d1d3d 100644 (file)
@@ -1118,6 +1118,7 @@ SOURCES += \
     rendering/RenderFileUploadControl.cpp \
     rendering/RenderFlexibleBox.cpp \
     rendering/RenderFlowThread.cpp \
+    rendering/RenderFlowThreadContainer.cpp \
     rendering/RenderFrame.cpp \
     rendering/RenderFrameBase.cpp \
     rendering/RenderFrameSet.cpp \
index f981f23..1ba2145 100644 (file)
             'rendering/RenderBoxModelObject.h',
             'rendering/RenderEmbeddedObject.h',
             'rendering/RenderFlowThread.h',
+            'rendering/RenderFlowThreadContainer.h',
             'rendering/RenderImage.h',
             'rendering/RenderImageResource.h',
             'rendering/RenderImageResourceStyleImage.h',
             'rendering/RenderFlexibleBox.h',
             'rendering/RenderFlowThread.cpp',
             'rendering/RenderFlowThread.h',
+            'rendering/RenderFlowThreadContainer.cpp',
+            'rendering/RenderFlowThreadContainer.h',
             'rendering/RenderFrame.cpp',
             'rendering/RenderFrame.h',
             'rendering/RenderFrameBase.cpp',
index 46a2cbd..3e6ba93 100755 (executable)
                                >
                        </File>
                        <File
+                               RelativePath="..\rendering\RenderFlowThreadContainer.cpp"
+                               >
+                       </File>
+                       <File
+                               RelativePath="..\rendering\RenderFlowThreadContainer.h"
+                               >
+                       </File>
+                       <File
                                RelativePath="..\rendering\svg\RenderForeignObject.cpp"
                                >
                                <FileConfiguration
index 309c21f..e16e6b8 100644 (file)
                5DFE8F560D16477B0076E937 /* ScheduledAction.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BCA378BA0D15F64200B793D6 /* ScheduledAction.cpp */; };
                5DFE8F570D16477C0076E937 /* ScheduledAction.h in Headers */ = {isa = PBXBuildFile; fileRef = BCA378BB0D15F64200B793D6 /* ScheduledAction.h */; };
                5FC7DC26CFE2563200B85AE4 /* JSEventTarget.h in Headers */ = {isa = PBXBuildFile; fileRef = 5FC7DC26CFE2563200B85AE5 /* JSEventTarget.h */; };
+               603EA36015DD1D7000E150E6 /* RenderFlowThreadContainer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 603EA35E15DD1D7000E150E6 /* RenderFlowThreadContainer.cpp */; };
+               603EA36115DD1D7000E150E6 /* RenderFlowThreadContainer.h in Headers */ = {isa = PBXBuildFile; fileRef = 603EA35F15DD1D7000E150E6 /* RenderFlowThreadContainer.h */; };
                626CDE0E1140424C001E5A68 /* SpatialNavigation.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 626CDE0C1140424C001E5A68 /* SpatialNavigation.cpp */; };
                626CDE0F1140424C001E5A68 /* SpatialNavigation.h in Headers */ = {isa = PBXBuildFile; fileRef = 626CDE0D1140424C001E5A68 /* SpatialNavigation.h */; settings = {ATTRIBUTES = (Private, ); }; };
                628D214C12131ED10055DCFC /* NetworkingContext.h in Headers */ = {isa = PBXBuildFile; fileRef = 628D214B12131ED10055DCFC /* NetworkingContext.h */; settings = {ATTRIBUTES = (Private, ); }; };
                5DB1BC6910715A6400EFAA49 /* TransformSourceLibxslt.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TransformSourceLibxslt.cpp; sourceTree = "<group>"; };
                5DC87EEF11716DF2001C0E6D /* EmptyProtocolDefinitions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = EmptyProtocolDefinitions.h; sourceTree = "<group>"; };
                5FC7DC26CFE2563200B85AE5 /* JSEventTarget.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = JSEventTarget.h; sourceTree = "<group>"; };
+               603EA35E15DD1D7000E150E6 /* RenderFlowThreadContainer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RenderFlowThreadContainer.cpp; sourceTree = "<group>"; };
+               603EA35F15DD1D7000E150E6 /* RenderFlowThreadContainer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RenderFlowThreadContainer.h; sourceTree = "<group>"; };
                626CDE0C1140424C001E5A68 /* SpatialNavigation.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SpatialNavigation.cpp; sourceTree = "<group>"; };
                626CDE0D1140424C001E5A68 /* SpatialNavigation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SpatialNavigation.h; sourceTree = "<group>"; };
                628D214B12131ED10055DCFC /* NetworkingContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NetworkingContext.h; sourceTree = "<group>"; };
                                53C8298C13D8D92700DE2DEB /* RenderFlexibleBox.h */,
                                508CCA4E13CF106B003151F3 /* RenderFlowThread.cpp */,
                                508CCA4D13CF106B003151F3 /* RenderFlowThread.h */,
+                               603EA35E15DD1D7000E150E6 /* RenderFlowThreadContainer.cpp */,
+                               603EA35F15DD1D7000E150E6 /* RenderFlowThreadContainer.h */,
                                A871DECC0A1530C700B12A68 /* RenderFrame.cpp */,
                                A871DECB0A1530C700B12A68 /* RenderFrame.h */,
                                0FD3080C117CF7E700A791F7 /* RenderFrameBase.cpp */,
                                066C77310AB603FD00238CC4 /* RenderFileUploadControl.h in Headers */,
                                53C8298E13D8D92700DE2DEB /* RenderFlexibleBox.h in Headers */,
                                508CCA4F13CF106B003151F3 /* RenderFlowThread.h in Headers */,
+                               603EA36115DD1D7000E150E6 /* RenderFlowThreadContainer.h in Headers */,
                                A871DED30A1530C700B12A68 /* RenderFrame.h in Headers */,
                                0FD3080F117CF7E700A791F7 /* RenderFrameBase.h in Headers */,
                                A871DED10A1530C700B12A68 /* RenderFrameSet.h in Headers */,
                                066C77300AB603FD00238CC4 /* RenderFileUploadControl.cpp in Sources */,
                                53C8298D13D8D92700DE2DEB /* RenderFlexibleBox.cpp in Sources */,
                                508CCA5013CF106B003151F3 /* RenderFlowThread.cpp in Sources */,
+                               603EA36015DD1D7000E150E6 /* RenderFlowThreadContainer.cpp in Sources */,
                                A871DED40A1530C700B12A68 /* RenderFrame.cpp in Sources */,
                                0FD3080E117CF7E700A791F7 /* RenderFrameBase.cpp in Sources */,
                                A871DED20A1530C700B12A68 /* RenderFrameSet.cpp in Sources */,
index dc9432c..71ef91a 100644 (file)
@@ -32,6 +32,7 @@
 #include "FlowThreadController.h"
 
 #include "RenderFlowThread.h"
+#include "RenderFlowThreadContainer.h"
 #include "RenderNamedFlowThread.h"
 #include "WebKitNamedFlow.h"
 #include "WebKitNamedFlowCollection.h"
@@ -47,6 +48,7 @@ PassOwnPtr<FlowThreadController> FlowThreadController::create(RenderView* view)
 FlowThreadController::FlowThreadController(RenderView* view)
     : m_view(view)
     , m_currentRenderFlowThread(0)
+    , m_flowThreadContainer(0)
     , m_isRenderNamedFlowThreadOrderDirty(false)
 {
 }
@@ -57,6 +59,11 @@ FlowThreadController::~FlowThreadController()
 
 RenderNamedFlowThread* FlowThreadController::ensureRenderFlowThreadWithName(const AtomicString& name)
 {
+    if (!m_flowThreadContainer) {
+        m_flowThreadContainer = new (m_view->renderArena()) RenderFlowThreadContainer(m_view->document());
+        m_flowThreadContainer->setStyle(RenderFlowThread::createFlowThreadStyle(m_view->style()));
+        m_view->addChild(m_flowThreadContainer);
+    }
     if (!m_renderNamedFlowThreadList)
         m_renderNamedFlowThreadList = adoptPtr(new RenderNamedFlowThreadList());
     else {
@@ -76,14 +83,23 @@ RenderNamedFlowThread* FlowThreadController::ensureRenderFlowThreadWithName(cons
     flowRenderer->setStyle(RenderFlowThread::createFlowThreadStyle(m_view->style()));
     m_renderNamedFlowThreadList->add(flowRenderer);
 
-    // Keep the flow renderer as a child of RenderView.
-    m_view->addChild(flowRenderer);
+    // Keep the flow renderer as a child of RenderFlowThreadContainer.
+    m_flowThreadContainer->addChild(flowRenderer);
 
     setIsRenderNamedFlowThreadOrderDirty(true);
 
     return flowRenderer;
 }
 
+void FlowThreadController::styleDidChange()
+{
+    RenderStyle* viewStyle = m_view->style();
+    for (RenderNamedFlowThreadList::iterator iter = m_renderNamedFlowThreadList->begin(); iter != m_renderNamedFlowThreadList->end(); ++iter) {
+        RenderNamedFlowThread* flowRenderer = *iter;
+        flowRenderer->setStyle(RenderFlowThread::createFlowThreadStyle(viewStyle));
+    }
+}
+
 void FlowThreadController::layoutRenderNamedFlowThreads()
 {
     ASSERT(m_renderNamedFlowThreadList);
index d48c879..58edb2c 100644 (file)
@@ -37,6 +37,7 @@
 namespace WebCore {
 
 class RenderFlowThread;
+class RenderFlowThreadContainer;
 class RenderNamedFlowThread;
 
 typedef ListHashSet<RenderNamedFlowThread*> RenderNamedFlowThreadList;
@@ -61,10 +62,10 @@ public:
     const RenderNamedFlowThreadList* renderNamedFlowThreadList() const { return m_renderNamedFlowThreadList.get(); }
     bool hasRenderNamedFlowThreads() const { return m_renderNamedFlowThreadList && !m_renderNamedFlowThreadList->isEmpty(); }
     void layoutRenderNamedFlowThreads();
+    void styleDidChange();
 
     void registerNamedFlowContentNode(Node*, RenderNamedFlowThread*);
     void unregisterNamedFlowContentNode(Node*);
-    
     void removeFlowThread(RenderNamedFlowThread*);
 
 protected:
@@ -73,6 +74,7 @@ protected:
 private:
     RenderView* m_view;
     RenderFlowThread* m_currentRenderFlowThread;
+    RenderFlowThreadContainer* m_flowThreadContainer;
     bool m_isRenderNamedFlowThreadOrderDirty;
     OwnPtr<RenderNamedFlowThreadList> m_renderNamedFlowThreadList;
     // maps a content node to its render flow thread.
diff --git a/Source/WebCore/rendering/RenderFlowThreadContainer.cpp b/Source/WebCore/rendering/RenderFlowThreadContainer.cpp
new file mode 100644 (file)
index 0000000..680ac4e
--- /dev/null
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2012 Adobe Systems Incorporated. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above
+ *    copyright notice, this list of conditions and the following
+ *    disclaimer.
+ * 2. Redistributions in binary form must reproduce the above
+ *    copyright notice, this list of conditions and the following
+ *    disclaimer in the documentation and/or other materials
+ *    provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
+ * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include "RenderFlowThreadContainer.h"
+
+namespace WebCore {
+
+RenderFlowThreadContainer::RenderFlowThreadContainer(Node* node)
+: RenderFlowThread(node)
+{
+}
+
+void RenderFlowThreadContainer::layout()
+{
+    ASSERT(needsLayout());
+    setNeedsLayout(false);
+}
+
+} // namespace WebCore
diff --git a/Source/WebCore/rendering/RenderFlowThreadContainer.h b/Source/WebCore/rendering/RenderFlowThreadContainer.h
new file mode 100644 (file)
index 0000000..5a958ce
--- /dev/null
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2012 Adobe Systems Incorporated. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above
+ *    copyright notice, this list of conditions and the following
+ *    disclaimer.
+ * 2. Redistributions in binary form must reproduce the above
+ *    copyright notice, this list of conditions and the following
+ *    disclaimer in the documentation and/or other materials
+ *    provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
+ * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef RenderFlowThreadContainer_h
+#define RenderFlowThreadContainer_h
+
+
+#include "RenderFlowThread.h"
+
+namespace WebCore {
+
+class RenderFlowThreadContainer: public RenderFlowThread {
+public:
+    RenderFlowThreadContainer(Node*);
+    virtual ~RenderFlowThreadContainer() { };
+
+    virtual void layout() OVERRIDE;
+    virtual bool isRenderFlowThreadContainer() const OVERRIDE  { return true; }
+
+private:
+    virtual const char* renderName() const { return "RenderFlowThreadContainer"; }
+};
+
+} // namespace WebCore
+
+#endif // RenderFlowThread_h
index 23d6cb8..391c119 100755 (executable)
@@ -640,9 +640,9 @@ void RenderObject::markContainingBlocksForLayout(bool scheduleRelayout, RenderOb
         if (!container && !object->isRenderView())
             return;
         if (!last->isText() && last->style()->isOutOfFlowPositioned()) {
-            bool willSkipRelativelyPositionedInlines = !object->isRenderBlock() || object->isAnonymousBlock();
-            // Skip relatively positioned inlines and anonymous blocks to get to the enclosing RenderBlock.
-            while (object && (!object->isRenderBlock() || object->isAnonymousBlock()))
+            bool willSkipRelativelyPositionedInlines = !object->isRenderBlock() || object->isAnonymousBlock() || object->isRenderFlowThreadContainer();
+            // Skip relatively positioned inlines and anonymous blocks (and the flow threads container) to get to the enclosing RenderBlock.
+            while (object && (!object->isRenderBlock() || object->isAnonymousBlock() || object->isRenderFlowThreadContainer()))
                 object = object->container();
             if (!object || object->posChildNeedsLayout())
                 return;
index 266c838..3ca2a22 100644 (file)
@@ -369,6 +369,7 @@ public:
 #endif
 
     virtual bool isRenderFlowThread() const { return false; }
+    virtual bool isRenderFlowThreadContainer() const { return false; }
     virtual bool isRenderNamedFlowThread() const { return false; }
     
     virtual bool isRenderMultiColumnBlock() const { return false; }
index 048f6e1..0b59a05 100644 (file)
@@ -928,13 +928,8 @@ CustomFilterGlobalContext* RenderView::customFilterGlobalContext()
 void RenderView::styleDidChange(StyleDifference diff, const RenderStyle* oldStyle)
 {
     RenderBlock::styleDidChange(diff, oldStyle);
-    
-    for (RenderObject* renderer = firstChild(); renderer; renderer = renderer->nextSibling()) {
-        if (renderer->isRenderNamedFlowThread()) {
-            RenderNamedFlowThread* flowRenderer = toRenderNamedFlowThread(renderer);
-            flowRenderer->setStyle(RenderFlowThread::createFlowThreadStyle(style()));
-        }
-    }
+    if (hasRenderNamedFlowThreads())
+        flowThreadController()->styleDidChange();
 }
 
 bool RenderView::hasRenderNamedFlowThreads() const