https://bugs.webkit.org/show_bug.cgi?id=110622
Reviewed by David Hyatt.
Source/WebCore:
Merge https://chromium.googlesource.com/chromium/blink/+/
998ad358eed702b873dd54697b3fa3f952e0feb7
Inserting an element before the fullscreened element could crash if it caused a containing inline to be split,
since the splitting logic doesn't expect the fullscreened element to be wrapped in a RenderFullScreen. This patch changes
inline splitting to be aware of RenderFullScreen.
Test: fullscreen/full-screen-inline-split-crash.html
* rendering/RenderInline.cpp:
(WebCore::RenderInline::splitInlines):
LayoutTests:
Add a regression test.
* fullscreen/full-screen-inline-split-crash-expected.txt: Added.
* fullscreen/full-screen-inline-split-crash.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@150531
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2013-05-22 Ryosuke Niwa <rniwa@webkit.org>
+
+ REGRESSION: ASSERTION FAILED: obj->isRenderInline() || obj == this, Bad cast in WebCore::RenderBlock::createLineBoxes
+ https://bugs.webkit.org/show_bug.cgi?id=110622
+
+ Reviewed by David Hyatt.
+
+ Add a regression test.
+
+ * fullscreen/full-screen-inline-split-crash-expected.txt: Added.
+ * fullscreen/full-screen-inline-split-crash.html: Added.
+
2013-05-22 Simon Fraser <simon.fraser@apple.com>
New Flickr doesn't get fast scrolling but should
--- /dev/null
+Test that inserting a node before a full-screened element doesn't cause a crash.
+END OF TEST
+
--- /dev/null
+<script src="full-screen-test.js"></script>
+<body>
+ Test that inserting a node before a full-screened element doesn't cause a crash.
+ <span><span id="toBeMadeFullScreen"></span></span>
+</body>
+<script>
+
+// Use window.eventSender to fake a user-action, allowing full-screen.
+document.addEventListener("keypress", function() {
+ toBeMadeFullScreen.webkitRequestFullScreen();
+}, false);
+eventSender.keyDown(" ", []);
+
+document.addEventListener("webkitfullscreenchange", function() {
+ toBeMadeFullScreen.parentNode.insertBefore(document.createElement('div'), toBeMadeFullScreen);
+ setTimeout(endTest(), 0);
+}, false);
+</script>
+2013-05-22 Ryosuke Niwa <rniwa@webkit.org>
+
+ REGRESSION: ASSERTION FAILED: obj->isRenderInline() || obj == this, Bad cast in WebCore::RenderBlock::createLineBoxes
+ https://bugs.webkit.org/show_bug.cgi?id=110622
+
+ Reviewed by David Hyatt.
+
+ Merge https://chromium.googlesource.com/chromium/blink/+/998ad358eed702b873dd54697b3fa3f952e0feb7
+
+ Inserting an element before the fullscreened element could crash if it caused a containing inline to be split,
+ since the splitting logic doesn't expect the fullscreened element to be wrapped in a RenderFullScreen. This patch changes
+ inline splitting to be aware of RenderFullScreen.
+
+ Test: fullscreen/full-screen-inline-split-crash.html
+
+ * rendering/RenderInline.cpp:
+ (WebCore::RenderInline::splitInlines):
+
2013-05-22 Simon Fraser <simon.fraser@apple.com>
Fix issues with focus rings on search fields
#include "RenderArena.h"
#include "RenderBlock.h"
#include "RenderFlowThread.h"
+#include "RenderFullScreen.h"
#include "RenderGeometryMap.h"
#include "RenderLayer.h"
#include "RenderTheme.h"
RenderInline* cloneInline = clone();
cloneInline->setContinuation(oldCont);
+ // If we're splitting the inline containing the fullscreened element,
+ // |beforeChild| may be the renderer for the fullscreened element. However,
+ // that renderer is wrapped in a RenderFullScreen, so |this| is not its
+ // parent. Since the splitting logic expects |this| to be the parent, set
+ // |beforeChild| to be the RenderFullScreen.
+ const Element* fullScreenElement = document()->webkitCurrentFullScreenElement();
+ if (fullScreenElement && beforeChild && beforeChild->node() == fullScreenElement)
+ beforeChild = document()->fullScreenRenderer();
+
// Now take all of the children from beforeChild to the end and remove
// them from |this| and place them in the clone.
RenderObject* o = beforeChild;
git://git.webkit.org / WebKit-https.git / commitdiff