https://bugs.webkit.org/show_bug.cgi?id=76812
Reviewed by Enrica Casucci.
Source/WebCore:
The crash was caused by us assuming that every root inline box has at least one leaf,
which isn't true when we create inline boxes for an empty text run with margin, border, etc...
Test: editing/selection/move-into-empty-root-inline-box.html
* editing/visible_units.cpp:
(WebCore::previousLinePosition):
(WebCore::nextLinePosition):
LayoutTests:
Add a regression test for the crash. Unfortunately, we can only test previousLinePosition.
* editing/selection/move-into-empty-root-inline-box-expected.txt: Added.
* editing/selection/move-into-empty-root-inline-box.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@106298
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2012-01-30 Ryosuke Niwa <rniwa@webkit.org>
+
+ Crash in previousLinePosition when moving into a root inline box without leaves
+ https://bugs.webkit.org/show_bug.cgi?id=76812
+
+ Reviewed by Enrica Casucci.
+
+ Add a regression test for the crash. Unfortunately, we can only test previousLinePosition.
+
+ * editing/selection/move-into-empty-root-inline-box-expected.txt: Added.
+ * editing/selection/move-into-empty-root-inline-box.html: Added.
+
2012-01-30 Oliver Hunt <oliver@apple.com>
Unexpected syntax error
--- /dev/null
+
+This tests moving into an empty root inline boxes. The test passes as long as WebKit doesn't crash.
--- /dev/null
+<!DOCTYPE html><html><body><br><label style="margin-left: inherit;"></label><script>
+
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+getSelection().setPosition(document.querySelector('br'), 0);
+getSelection().modify("move","forward","paragraph");
+document.writeln("This tests moving into an empty root inline boxes. The test passes as long as WebKit doesn't crash.");
+
+</script></body></html>
+2012-01-30 Ryosuke Niwa <rniwa@webkit.org>
+
+ Crash in previousLinePosition when moving into a root inline box without leaves
+ https://bugs.webkit.org/show_bug.cgi?id=76812
+
+ Reviewed by Enrica Casucci.
+
+ The crash was caused by us assuming that every root inline box has at least one leaf,
+ which isn't true when we create inline boxes for an empty text run with margin, border, etc...
+
+ Test: editing/selection/move-into-empty-root-inline-box.html
+
+ * editing/visible_units.cpp:
+ (WebCore::previousLinePosition):
+ (WebCore::nextLinePosition):
+
2012-01-30 Levi Weintraub <leviw@chromium.org>
!m_insideRegionPaint assertion in RenderRegion.cpp is invalid
root = box->root()->prevRootBox();
// We want to skip zero height boxes.
// This could happen in case it is a TrailingFloatsRootInlineBox.
- if (!root || !root->logicalHeight())
+ if (!root || !root->logicalHeight() || !root->firstLeafChild())
root = 0;
}
root = box->root()->nextRootBox();
// We want to skip zero height boxes.
// This could happen in case it is a TrailingFloatsRootInlineBox.
- if (!root || !root->logicalHeight())
+ if (!root || !root->logicalHeight() || !root->firstLeafChild())
root = 0;
}
git://git.webkit.org / WebKit-https.git / commitdiff