2011-02-16 Abhishek Arya <inferno@chromium.org>
authorinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 17 Feb 2011 00:00:48 +0000 (00:00 +0000)
committerinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 17 Feb 2011 00:00:48 +0000 (00:00 +0000)
        Reviewed by James Robinson.

        Tests that we do not crash when finding the text fragment for a first letter.
        https://bugs.webkit.org/show_bug.cgi?id=54568

        * fast/css/first-letter-text-fragment-crash-expected.txt: Added.
        * fast/css/first-letter-text-fragment-crash.html: Added.
2011-02-16  Abhishek Arya  <inferno@chromium.org>

        Reviewed by James Robinson.

        Traverse the next sibling tree to find the text fragment for a first letter.
        https://bugs.webkit.org/show_bug.cgi?id=54568

        We cannot assume that the next sibling to the first letter will a text fragment
        since there can be intermediatary Apple-style-span inline elements wrapping the
        text fragment. So, we traverse the next sibling tree to find it.
        Test: fast/css/first-letter-text-fragment-crash.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::updateFirstLetter):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@78744 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/css/first-letter-text-fragment-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/css/first-letter-text-fragment-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/rendering/RenderBlock.cpp

index fb18ae9..bdd532b 100644 (file)
@@ -1,3 +1,13 @@
+2011-02-16  Abhishek Arya  <inferno@chromium.org>
+
+        Reviewed by James Robinson.
+
+        Tests that we do not crash when finding the text fragment for a first letter.
+        https://bugs.webkit.org/show_bug.cgi?id=54568
+
+        * fast/css/first-letter-text-fragment-crash-expected.txt: Added.
+        * fast/css/first-letter-text-fragment-crash.html: Added.
+
 2011-02-16  Martin Robinson  <mrobinson@igalia.com>
 
         Add the next batch of GTK+ Mozilla test results.
diff --git a/LayoutTests/fast/css/first-letter-text-fragment-crash-expected.txt b/LayoutTests/fast/css/first-letter-text-fragment-crash-expected.txt
new file mode 100644 (file)
index 0000000..7ef22e9
--- /dev/null
@@ -0,0 +1 @@
+PASS
diff --git a/LayoutTests/fast/css/first-letter-text-fragment-crash.html b/LayoutTests/fast/css/first-letter-text-fragment-crash.html
new file mode 100644 (file)
index 0000000..d9c1e75
--- /dev/null
@@ -0,0 +1,19 @@
+<html>
+    <style>
+        .test1:first-letter { content : ""; }
+        .test2:first-letter { text-align : center; }
+    </style>
+    <div class="test1">
+    <div class="test2">
+    PASS 
+    </div>
+    </div>
+    <script>
+        if (window.layoutTestController)
+            layoutTestController.dumpAsText();
+
+        document.execCommand("selectall");
+        document.designMode = "on";
+        document.execCommand("ForeColor", false, "red");
+    </script>
+</html>
index 853bb86..18d6a56 100644 (file)
@@ -1,3 +1,18 @@
+2011-02-16  Abhishek Arya  <inferno@chromium.org>
+
+        Reviewed by James Robinson.
+
+        Traverse the next sibling tree to find the text fragment for a first letter.
+        https://bugs.webkit.org/show_bug.cgi?id=54568
+
+        We cannot assume that the next sibling to the first letter will a text fragment
+        since there can be intermediatary Apple-style-span inline elements wrapping the
+        text fragment. So, we traverse the next sibling tree to find it.
+        Test: fast/css/first-letter-text-fragment-crash.html
+
+        * rendering/RenderBlock.cpp:
+        (WebCore::RenderBlock::updateFirstLetter):
+
 2011-02-16  Martin Robinson  <mrobinson@igalia.com>
 
         Reviewed by Xan Lopez.
index b3786a6..5b93eca 100644 (file)
@@ -5269,13 +5269,25 @@ void RenderBlock::updateFirstLetter()
                 firstLetter->removeChild(child);
                 newFirstLetter->addChild(child, 0);
             }
-            RenderTextFragment* remainingText = toRenderTextFragment(firstLetter->nextSibling());
-            ASSERT(remainingText->node()->renderer() == remainingText);
-            // Replace the old renderer with the new one.
-            remainingText->setFirstLetter(newFirstLetter);
+            
+            RenderTextFragment* remainingText = 0;
+            RenderObject* nextSibling = firstLetter->nextSibling();
+            RenderObject* next = nextSibling;
+            while (next) {
+                if (next->isText() && toRenderText(next)->isTextFragment()) {
+                    remainingText = toRenderTextFragment(next);
+                    break;
+                }
+                next = next->nextSibling();
+            }
+            if (remainingText) {
+                ASSERT(remainingText->node()->renderer() == remainingText);
+                // Replace the old renderer with the new one.
+                remainingText->setFirstLetter(newFirstLetter);
+            }
             firstLetter->destroy();
             firstLetter = newFirstLetter;
-            firstLetterContainer->addChild(firstLetter, remainingText);
+            firstLetterContainer->addChild(firstLetter, nextSibling);
             view()->enableLayoutState();
         } else
             firstLetter->setStyle(pseudoStyle);