2010-11-09 Abhishek Arya <inferno@chromium.org>
authorinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 10 Nov 2010 08:24:25 +0000 (08:24 +0000)
committerinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 10 Nov 2010 08:24:25 +0000 (08:24 +0000)
        Reviewed by Dan Bernstein.

        Fieldsets avoid floats. Legend elements are expected to have their parent
        as fieldset. When this not the case, floats get added incorrectly added to the
        legend blocks. This patch tries to prevent those floats addition.
        https://bugs.webkit.org/show_bug.cgi?id=49214

        Test: fast/blockflow/overhanging-float-legend-crash.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::avoidsFloats):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::isLegend):
        * rendering/RenderObject.h:
2010-11-09  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dan Bernstein.

        Tests that we do not crash and avoid floats to be added in legend element
        when it is not enclosed in a fieldset.
        https://bugs.webkit.org/show_bug.cgi?id=49214

        * fast/blockflow/overhanging-float-legend-crash-expected.txt: Added.
        * fast/blockflow/overhanging-float-legend-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@71724 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/blockflow/overhanging-float-legend-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/blockflow/overhanging-float-legend-crash.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/rendering/RenderBox.cpp
WebCore/rendering/RenderObject.cpp
WebCore/rendering/RenderObject.h

index 841738c..a8c79c6 100644 (file)
@@ -1,3 +1,14 @@
+2010-11-09  Abhishek Arya  <inferno@chromium.org>
+
+        Reviewed by Dan Bernstein.
+
+        Tests that we do not crash and avoid floats to be added in legend element
+        when it is not enclosed in a fieldset.
+        https://bugs.webkit.org/show_bug.cgi?id=49214
+
+        * fast/blockflow/overhanging-float-legend-crash-expected.txt: Added.
+        * fast/blockflow/overhanging-float-legend-crash.html: Added.
+
 2010-11-10  Cris Neckar  <cdn@chromium.org>
 
         Reviewed by Nikolas Zimmermann.
diff --git a/LayoutTests/fast/blockflow/overhanging-float-legend-crash-expected.txt b/LayoutTests/fast/blockflow/overhanging-float-legend-crash-expected.txt
new file mode 100644 (file)
index 0000000..69cfc5a
--- /dev/null
@@ -0,0 +1,2 @@
+PASS
+
diff --git a/LayoutTests/fast/blockflow/overhanging-float-legend-crash.html b/LayoutTests/fast/blockflow/overhanging-float-legend-crash.html
new file mode 100644 (file)
index 0000000..969dc22
--- /dev/null
@@ -0,0 +1,31 @@
+<html>\r
+    <script>\r
+    if (window.layoutTestController)\r
+    {\r
+        layoutTestController.dumpAsText();\r
+        layoutTestController.waitUntilDone();\r
+    }\r
+\r
+    window.setTimeout('crash();', 0);\r
+\r
+    function crash()\r
+    {\r
+        block1.style.position = 'absolute';\r
+        float1.style.display = 'none';\r
+        document.body.offsetTop;\r
\r
+        document.getElementById("result").innerHTML = "PASS";\r
+        if (window.layoutTestController)\r
+            layoutTestController.notifyDone();\r
+    }\r
+    </script>\r
+    <div id="result"></div>\r
+    <div id="block1">\r
+        <span id="float1" style="float:left; margin-bottom:10000px;"></span>\r
+    </div>\r
+    <legend>\r
+        <fieldset></fieldset>\r
+        <junk>\r
+    </legend>\r
+</html>\r
+\r
index d3de0d3..2641446 100644 (file)
@@ -1,3 +1,20 @@
+2010-11-09  Abhishek Arya  <inferno@chromium.org>
+
+        Reviewed by Dan Bernstein.
+
+        Fieldsets avoid floats. Legend elements are expected to have their parent
+        as fieldset. When this not the case, floats get added incorrectly added to the
+        legend blocks. This patch tries to prevent those floats addition.
+        https://bugs.webkit.org/show_bug.cgi?id=49214
+
+        Test: fast/blockflow/overhanging-float-legend-crash.html
+
+        * rendering/RenderBox.cpp:
+        (WebCore::RenderBox::avoidsFloats):
+        * rendering/RenderObject.cpp:
+        (WebCore::RenderObject::isLegend):
+        * rendering/RenderObject.h:
+
 2010-11-10  Cris Neckar  <cdn@chromium.org>
 
         Reviewed by Nikolas Zimmermann.
index 561cbc6..f4aaf0e 100644 (file)
@@ -3091,7 +3091,7 @@ bool RenderBox::shrinkToAvoidFloats() const
 
 bool RenderBox::avoidsFloats() const
 {
-    return isReplaced() || hasOverflowClip() || isHR() || isWritingModeRoot();
+    return isReplaced() || hasOverflowClip() || isHR() || isLegend() || isWritingModeRoot();
 }
 
 void RenderBox::addShadowOverflow()
index d53c7ce..7f1af62 100644 (file)
@@ -257,6 +257,15 @@ bool RenderObject::isHR() const
     return node() && node()->hasTagName(hrTag);
 }
 
+bool RenderObject::isLegend() const
+{
+    return node() && (node()->hasTagName(legendTag)
+#if ENABLE(WML)
+                      || node()->hasTagName(WMLNames::insertedLegendTag)
+#endif
+                     );
+}
+
 bool RenderObject::isHTMLMarquee() const
 {
     return node() && node()->renderer() == this && node()->hasTagName(marqueeTag);
index e79d7e4..bfc62fe 100644 (file)
@@ -288,6 +288,7 @@ public:
     bool isRoot() const { return document()->documentElement() == m_node; }
     bool isBody() const;
     bool isHR() const;
+    bool isLegend() const;
 
     bool isHTMLMarquee() const;