REGRESSION(r156846): Crashes with guard malloc
authorantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 25 Apr 2016 17:03:04 +0000 (17:03 +0000)
committerantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 25 Apr 2016 17:03:04 +0000 (17:03 +0000)
https://bugs.webkit.org/show_bug.cgi?id=156984

Reviewed by Andreas Kling.

RenderElement::cachedFirstLineStyle() returns pointer to local std::unique_ptr.

* rendering/RenderElement.cpp:
(WebCore::RenderElement::uncachedFirstLineStyle):
(WebCore::RenderElement::cachedFirstLineStyle):
(WebCore::RenderElement::firstLineStyle):
(WebCore::firstLineStyleForCachedUncachedType): Deleted.

    Don't try to use a single function for the cached and uncached cases. Separate the cases into the calling functions.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@200031 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/rendering/RenderElement.cpp

index bca313f..b74449d 100644 (file)
@@ -1,3 +1,20 @@
+2016-04-25  Antti Koivisto  <antti@apple.com>
+
+        REGRESSION(r156846): Crashes with guard malloc
+        https://bugs.webkit.org/show_bug.cgi?id=156984
+
+        Reviewed by Andreas Kling.
+
+        RenderElement::cachedFirstLineStyle() returns pointer to local std::unique_ptr.
+
+        * rendering/RenderElement.cpp:
+        (WebCore::RenderElement::uncachedFirstLineStyle):
+        (WebCore::RenderElement::cachedFirstLineStyle):
+        (WebCore::RenderElement::firstLineStyle):
+        (WebCore::firstLineStyleForCachedUncachedType): Deleted.
+
+            Don't try to use a single function for the cached and uncached cases. Separate the cases into the calling functions.
+
 2016-04-25  Daniel Bates  <dabates@apple.com>
 
         REGRESSION (r196012): Subresource may be blocked by Content Security Policy if it only matches 'self'
index d818cdf..e7d6926 100644 (file)
@@ -210,47 +210,43 @@ enum StyleCacheState {
     Uncached
 };
 
-static std::unique_ptr<RenderStyle> firstLineStyleForCachedUncachedType(StyleCacheState type, const RenderElement& renderer, RenderStyle* style)
+std::unique_ptr<RenderStyle> RenderElement::uncachedFirstLineStyle(RenderStyle* style) const
 {
-    RenderElement& rendererForFirstLineStyle = renderer.isBeforeOrAfterContent() ? *renderer.parent() : const_cast<RenderElement&>(renderer);
+    if (!view().usesFirstLineRules())
+        return nullptr;
+
+    RenderElement& rendererForFirstLineStyle = isBeforeOrAfterContent() ? *parent() : const_cast<RenderElement&>(*this);
 
     if (rendererForFirstLineStyle.isRenderBlockFlow() || rendererForFirstLineStyle.isRenderButton()) {
-        if (RenderBlock* firstLineBlock = rendererForFirstLineStyle.firstLineBlock()) {
-            if (type == Cached)
-                return RenderStyle::clone(firstLineBlock->getCachedPseudoStyle(FIRST_LINE, style));
-            return firstLineBlock->getUncachedPseudoStyle(PseudoStyleRequest(FIRST_LINE), style, firstLineBlock == &renderer ? style : nullptr);
-        }
+        if (RenderBlock* firstLineBlock = rendererForFirstLineStyle.firstLineBlock())
+            return firstLineBlock->getUncachedPseudoStyle(PseudoStyleRequest(FIRST_LINE), style, firstLineBlock == this ? style : nullptr);
     } else if (!rendererForFirstLineStyle.isAnonymous() && rendererForFirstLineStyle.isRenderInline()) {
         RenderStyle& parentStyle = rendererForFirstLineStyle.parent()->firstLineStyle();
-        if (&parentStyle != &rendererForFirstLineStyle.parent()->style()) {
-            if (type == Cached) {
-                // A first-line style is in effect. Cache a first-line style for ourselves.
-                rendererForFirstLineStyle.style().setHasPseudoStyle(FIRST_LINE_INHERITED);
-                return RenderStyle::clone(rendererForFirstLineStyle.getCachedPseudoStyle(FIRST_LINE_INHERITED, &parentStyle));
-            }
+        if (&parentStyle != &rendererForFirstLineStyle.parent()->style())
             return rendererForFirstLineStyle.getUncachedPseudoStyle(PseudoStyleRequest(FIRST_LINE_INHERITED), &parentStyle, style);
-        }
     }
     return nullptr;
 }
 
-std::unique_ptr<RenderStyle> RenderElement::uncachedFirstLineStyle(RenderStyle* style) const
-{
-    if (!view().usesFirstLineRules())
-        return nullptr;
-
-    return firstLineStyleForCachedUncachedType(Uncached, *this, style);
-}
-
 RenderStyle* RenderElement::cachedFirstLineStyle() const
 {
     ASSERT(view().usesFirstLineRules());
 
-    RenderStyle& style = this->style();
-    if (std::unique_ptr<RenderStyle> firstLineStyle = firstLineStyleForCachedUncachedType(Cached, *this, &style))
-        return firstLineStyle.get();
+    RenderElement& rendererForFirstLineStyle = isBeforeOrAfterContent() ? *parent() : const_cast<RenderElement&>(*this);
+
+    if (rendererForFirstLineStyle.isRenderBlockFlow() || rendererForFirstLineStyle.isRenderButton()) {
+        if (RenderBlock* firstLineBlock = rendererForFirstLineStyle.firstLineBlock())
+            return firstLineBlock->getCachedPseudoStyle(FIRST_LINE, &style());
+    } else if (!rendererForFirstLineStyle.isAnonymous() && rendererForFirstLineStyle.isRenderInline()) {
+        RenderStyle& parentStyle = rendererForFirstLineStyle.parent()->firstLineStyle();
+        if (&parentStyle != &rendererForFirstLineStyle.parent()->style()) {
+            // A first-line style is in effect. Cache a first-line style for ourselves.
+            rendererForFirstLineStyle.style().setHasPseudoStyle(FIRST_LINE_INHERITED);
+            return rendererForFirstLineStyle.getCachedPseudoStyle(FIRST_LINE_INHERITED, &parentStyle);
+        }
+    }
 
-    return &style;
+    return &style();
 }
 
 RenderStyle& RenderElement::firstLineStyle() const