<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[195110] releases/WebKitGTK/webkit-2.10</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/195110">195110</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2016-01-15 02:35:47 -0800 (Fri, 15 Jan 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/193773">r193773</a> - Do not insert positioned renderers to multiple gPositionedDescendantsMap.
https://bugs.webkit.org/show_bug.cgi?id=151878
rdar://problem/22229889
Reviewed by Simon Fraser.
We insert positioned renderers into a static map (RenderBlock::gPositionedDescendantsMap) to keep track of them.
This static map is at block level. A particular absolute positioned object is added to its closest ancestor that
returns true for RenderElement::canContainAbsolutelyPositionedObjects().
canContainAbsolutelyPositionedObjects() returns true if the ancestor is either positioned or has transform.
If this container's style changes so that it's no longer positioned and it has no transform anymore,
we need to clear its static map of positioned objects (they'll get re-inserted to another ancestor at next layout).
This patch addresses the case when the renderer does not have transforms anymore.
Source/WebCore:
Test: fast/block/positioning/crash-when-transform-is-removed.html
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::styleWillChange):
LayoutTests:
* fast/block/positioning/crash-when-transform-is-removed-expected.txt: Added.
* fast/block/positioning/crash-when-transform-is-removed.html: Added.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit210LayoutTestsChangeLog">releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit210SourceWebCoreChangeLog">releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit210SourceWebCorerenderingRenderBlockcpp">releases/WebKitGTK/webkit-2.10/Source/WebCore/rendering/RenderBlock.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit210LayoutTestsfastblockpositioningcrashwhentransformisremovedexpectedtxt">releases/WebKitGTK/webkit-2.10/LayoutTests/fast/block/positioning/crash-when-transform-is-removed-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit210LayoutTestsfastblockpositioningcrashwhentransformisremovedhtml">releases/WebKitGTK/webkit-2.10/LayoutTests/fast/block/positioning/crash-when-transform-is-removed.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit210LayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog (195109 => 195110)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog 2016-01-15 10:32:59 UTC (rev 195109)
+++ releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog 2016-01-15 10:35:47 UTC (rev 195110)
</span><span class="lines">@@ -1,3 +1,23 @@
</span><ins>+2015-12-08 Zalan Bujtas <zalan@apple.com>
+
+ Do not insert positioned renderers to multiple gPositionedDescendantsMap.
+ https://bugs.webkit.org/show_bug.cgi?id=151878
+ rdar://problem/22229889
+
+ Reviewed by Simon Fraser.
+
+ We insert positioned renderers into a static map (RenderBlock::gPositionedDescendantsMap) to keep track of them.
+ This static map is at block level. A particular absolute positioned object is added to its closest ancestor that
+ returns true for RenderElement::canContainAbsolutelyPositionedObjects().
+ canContainAbsolutelyPositionedObjects() returns true if the ancestor is either positioned or has transform.
+ If this container's style changes so that it's no longer positioned and it has no transform anymore,
+ we need to clear its static map of positioned objects (they'll get re-inserted to another ancestor at next layout).
+
+ This patch addresses the case when the renderer does not have transforms anymore.
+
+ * fast/block/positioning/crash-when-transform-is-removed-expected.txt: Added.
+ * fast/block/positioning/crash-when-transform-is-removed.html: Added.
+
</ins><span class="cx"> 2015-12-08 Frederic Wang <fred.wang@free.fr>
</span><span class="cx">
</span><span class="cx"> [cairo] Solid stroke of lines with thickness less than 1 pixel broken after r191658
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit210LayoutTestsfastblockpositioningcrashwhentransformisremovedexpectedtxt"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.10/LayoutTests/fast/block/positioning/crash-when-transform-is-removed-expected.txt (0 => 195110)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.10/LayoutTests/fast/block/positioning/crash-when-transform-is-removed-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.10/LayoutTests/fast/block/positioning/crash-when-transform-is-removed-expected.txt 2016-01-15 10:35:47 UTC (rev 195110)
</span><span class="lines">@@ -0,0 +1 @@
</span><ins>+ PASS if no crash or assert.
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit210LayoutTestsfastblockpositioningcrashwhentransformisremovedhtml"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.10/LayoutTests/fast/block/positioning/crash-when-transform-is-removed.html (0 => 195110)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.10/LayoutTests/fast/block/positioning/crash-when-transform-is-removed.html (rev 0)
+++ releases/WebKitGTK/webkit-2.10/LayoutTests/fast/block/positioning/crash-when-transform-is-removed.html 2016-01-15 10:35:47 UTC (rev 195110)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<body style="transform: translateX(0);">
+<img style="position: absolute;">
+PASS if no crash or assert.
+</body>
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+document.body.offsetHeight;
+document.body.setAttribute("style","");
+document.body.offsetHeight;
+document.getElementsByTagName("img")[0].setAttribute("style","");
+</script>
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit210SourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog (195109 => 195110)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog 2016-01-15 10:32:59 UTC (rev 195109)
+++ releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog 2016-01-15 10:35:47 UTC (rev 195110)
</span><span class="lines">@@ -1,3 +1,25 @@
</span><ins>+2015-12-08 Zalan Bujtas <zalan@apple.com>
+
+ Do not insert positioned renderers to multiple gPositionedDescendantsMap.
+ https://bugs.webkit.org/show_bug.cgi?id=151878
+ rdar://problem/22229889
+
+ Reviewed by Simon Fraser.
+
+ We insert positioned renderers into a static map (RenderBlock::gPositionedDescendantsMap) to keep track of them.
+ This static map is at block level. A particular absolute positioned object is added to its closest ancestor that
+ returns true for RenderElement::canContainAbsolutelyPositionedObjects().
+ canContainAbsolutelyPositionedObjects() returns true if the ancestor is either positioned or has transform.
+ If this container's style changes so that it's no longer positioned and it has no transform anymore,
+ we need to clear its static map of positioned objects (they'll get re-inserted to another ancestor at next layout).
+
+ This patch addresses the case when the renderer does not have transforms anymore.
+
+ Test: fast/block/positioning/crash-when-transform-is-removed.html
+
+ * rendering/RenderBlock.cpp:
+ (WebCore::RenderBlock::styleWillChange):
+
</ins><span class="cx"> 2015-12-08 Frederic Wang <fred.wang@free.fr>
</span><span class="cx">
</span><span class="cx"> [cairo] Solid stroke of lines with thickness less than 1 pixel broken after r191658
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit210SourceWebCorerenderingRenderBlockcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.10/Source/WebCore/rendering/RenderBlock.cpp (195109 => 195110)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.10/Source/WebCore/rendering/RenderBlock.cpp 2016-01-15 10:32:59 UTC (rev 195109)
+++ releases/WebKitGTK/webkit-2.10/Source/WebCore/rendering/RenderBlock.cpp 2016-01-15 10:35:47 UTC (rev 195110)
</span><span class="lines">@@ -242,11 +242,14 @@
</span><span class="cx">
</span><span class="cx"> setReplaced(newStyle.isDisplayInlineType());
</span><span class="cx">
</span><ins>+ if (oldStyle && oldStyle->hasTransformRelatedProperty() && !newStyle.hasTransformRelatedProperty())
+ removePositionedObjects(nullptr, NewContainingBlock);
+
</ins><span class="cx"> if (oldStyle && parent() && diff == StyleDifferenceLayout && oldStyle->position() != newStyle.position()) {
</span><span class="cx"> if (newStyle.position() == StaticPosition)
</span><span class="cx"> // Clear our positioned objects list. Our absolutely positioned descendants will be
</span><span class="cx"> // inserted into our containing block's positioned objects list during layout.
</span><del>- removePositionedObjects(0, NewContainingBlock);
</del><ins>+ removePositionedObjects(nullptr, NewContainingBlock);
</ins><span class="cx"> else if (oldStyle->position() == StaticPosition) {
</span><span class="cx"> // Remove our absolutely positioned descendants from their current containing block.
</span><span class="cx"> // They will be inserted into our positioned objects list during layout.
</span></span></pre>
</div>
</div>
</body>
</html>