[webkit-changes] [WebKit/WebKit] 7cc28d: [IFC] Repaint may be issued on freshly inserted re...
Alan Baradlay
noreply at github.com
Fri Apr 14 05:58:48 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 7cc28df27fbedfbec3e9a270f7c88e496db98636
https://github.com/WebKit/WebKit/commit/7cc28df27fbedfbec3e9a270f7c88e496db98636
Author: Alan Baradlay <zalan at apple.com>
Date: 2023-04-14 (Fri, 14 Apr 2023)
Changed paths:
A LayoutTests/fast/inline/inline-box-invalidation-repaint-crash-expected.txt
A LayoutTests/fast/inline/inline-box-invalidation-repaint-crash.html
M Source/WebCore/rendering/RenderInline.cpp
Log Message:
-----------
[IFC] Repaint may be issued on freshly inserted renderer
https://bugs.webkit.org/show_bug.cgi?id=255430
<rdar://107979394>
Reviewed by Antti Koivisto.
1. Content mutation triggers line layout codepath invalidation (RenderBlockFlow::invalidateLineLayoutPath).
2. Each invalidation issues repaint on the block subtree.
3. Repaint normally consults renderers for geometry. However in case of inline boxes (RenderInline)
the enclosing geometry is collected by walking the associated inline structures.
4. Subsequent mutations could lead to issuing a repaint on a freshly (previously) inserted RenderInline.
Legacy codepath handles this case by returning an empty LayoutRect too.
* LayoutTests/fast/inline/inline-box-invalidation-repaint-crash-expected.txt: Added.
* LayoutTests/fast/inline/inline-box-invalidation-repaint-crash.html: Added.
* Source/WebCore/rendering/RenderInline.cpp:
(WebCore::RenderInline::linesVisualOverflowBoundingBox const):
Canonical link: https://commits.webkit.org/262957@main
More information about the webkit-changes
mailing list