Fix for 3710721 and 3504114, crashes because of bad ownership model for list markers.
authorhyatt <hyatt@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 26 Aug 2004 17:37:45 +0000 (17:37 +0000)
committerhyatt <hyatt@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 26 Aug 2004 17:37:45 +0000 (17:37 +0000)
        Reviewed by mjs

        * khtml/rendering/render_container.cpp:
        (RenderContainer::detach):
        * khtml/rendering/render_list.cpp:
        (RenderListItem::setStyle):
        (RenderListItem::detach):
        (RenderListItem::updateMarkerLocation):
        * khtml/rendering/render_list.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@7374 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebCore/ChangeLog-2005-08-23
WebCore/khtml/rendering/render_container.cpp
WebCore/khtml/rendering/render_list.cpp
WebCore/khtml/rendering/render_list.h

index 2341955fcdf8717a50da736aa175479ad14846cc..332047e9e64532b1c98ac86f5394ba0108034fc6 100644 (file)
@@ -1,3 +1,17 @@
+2004-08-26  David Hyatt  <hyatt@apple.com>
+
+       Fix for 3710721 and 3504114, crashes because of bad ownership model for list markers.
+       
+        Reviewed by mjs
+
+        * khtml/rendering/render_container.cpp:
+        (RenderContainer::detach):
+        * khtml/rendering/render_list.cpp:
+        (RenderListItem::setStyle):
+        (RenderListItem::detach):
+        (RenderListItem::updateMarkerLocation):
+        * khtml/rendering/render_list.h:
+
 2004-08-26  Ken Kocienda  <kocienda@apple.com>
 
         Reviewed by John
index de491be27b71cc9a27b1f956571cc182801518c3..a0d554e2499b73c1f6e7485d8f10d88d9f2d4ac4 100644 (file)
@@ -66,7 +66,8 @@ void RenderContainer::detach()
         n->removeFromObjectLists();
         n->setParent(0);
         next = n->nextSibling();
-        n->detach();
+        if (!n->isListMarker())
+            n->detach();
     }
     m_first = 0;
     m_last = 0;
index afcda0829d8473227b84e5020adce7a6ee98a4f8..a74df2c657cc47bb88c248edcd87242c08674ae8 100644 (file)
@@ -145,7 +145,6 @@ void RenderListItem::setStyle(RenderStyle *_style)
             m_marker = new (renderArena()) RenderListMarker(document());
             m_marker->setStyle(newStyle);
             m_marker->setListItem(this);
-            _markerInstalledInParent = false;
         }
         else
             m_marker->setStyle(newStyle);
@@ -162,7 +161,7 @@ RenderListItem::~RenderListItem()
 
 void RenderListItem::detach()
 {    
-    if (m_marker && !_markerInstalledInParent) {
+    if (m_marker) {
         m_marker->detach();
         m_marker = 0;
     }
@@ -246,7 +245,6 @@ void RenderListItem::updateMarkerLocation()
             if (!lineBoxParent)
                 lineBoxParent = this;
             lineBoxParent->addChild(m_marker, lineBoxParent->firstChild());
-            _markerInstalledInParent = true;
             if (!m_marker->minMaxKnown())
                 m_marker->calcMinMaxWidth();
             recalcMinMaxWidths();
index 5f6e71344313360463d505c6871ce767a2dd94c9..658e2b1329a5462410cd26a2744abe03f5c5c222 100644 (file)
@@ -117,7 +117,6 @@ protected:
     long int predefVal;
     RenderListMarker *m_marker;
     bool _notInList;
-    bool _markerInstalledInParent;
 };
 
 }; //namespace