<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[198104] releases/WebKitGTK/webkit-2.12/Source/WebCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/198104">198104</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2016-03-14 02:52:02 -0700 (Mon, 14 Mar 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/197716">r197716</a> - Crash in WebCore::RenderElement::containingBlockForObjectInFlow
https://bugs.webkit.org/show_bug.cgi?id=155109
Reviewed by Simon Fraser.
It's unsafe to call containingBlock() on RenderView.
Unable to reproduce.
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::styleWillChange):
(WebCore::RenderBlock::isSelfCollapsingBlock):
(WebCore::RenderBlock::selectionGaps):
* rendering/RenderBox.cpp:
(WebCore::RenderBox::borderBoxRectInRegion):
(WebCore::RenderBox::computePercentageLogicalHeight):
(WebCore::RenderBox::computeReplacedLogicalHeightUsing):
(WebCore::logicalWidthIsResolvable):
(WebCore::RenderBox::percentageLogicalHeightIsResolvableFromBlock):
* rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::hasAutoHeightOrContainingBlockWithAutoHeight):
* rendering/RenderFlowThread.cpp:
(WebCore::RenderFlowThread::adjustedPositionRelativeToOffsetParent):
(WebCore::RenderFlowThread::offsetFromLogicalTopOfFirstRegion):
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::hasCompositedLayerInEnclosingPaginationChain):
(WebCore::RenderLayer::updatePagination):
(WebCore::inContainingBlockChain):
* rendering/RenderMultiColumnFlowThread.cpp:
(WebCore::isValidColumnSpanner):
* rendering/RenderNamedFlowThread.cpp:
(WebCore::RenderNamedFlowThread::decorationsClipRectForBoxInNamedFlowFragment):
* rendering/RenderObject.cpp:
(WebCore::hasFixedPosInNamedFlowContainingBlock):
* rendering/RenderReplaced.cpp:
(WebCore::firstContainingBlockWithLogicalWidth):
* rendering/RenderView.cpp:
(WebCore::RenderView::subtreeSelectionBounds):
(WebCore::RenderView::repaintSubtreeSelection):
(WebCore::RenderView::clearSubtreeSelection):
(WebCore::RenderView::applySubtreeSelection):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCoreChangeLog">releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCorerenderingRenderBlockcpp">releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderBlock.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCorerenderingRenderBoxcpp">releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderBox.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCorerenderingRenderBoxModelObjectcpp">releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderBoxModelObject.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCorerenderingRenderFlowThreadcpp">releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderFlowThread.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCorerenderingRenderLayercpp">releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderLayer.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCorerenderingRenderMultiColumnFlowThreadcpp">releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderMultiColumnFlowThread.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCorerenderingRenderNamedFlowThreadcpp">releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderNamedFlowThread.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCorerenderingRenderObjectcpp">releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderObject.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCorerenderingRenderReplacedcpp">releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderReplaced.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCorerenderingRenderViewcpp">releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderView.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit212SourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog (198103 => 198104)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-03-14 09:46:36 UTC (rev 198103)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-03-14 09:52:02 UTC (rev 198104)
</span><span class="lines">@@ -1,3 +1,47 @@
</span><ins>+2016-03-07 Zalan Bujtas <zalan@apple.com>
+
+ Crash in WebCore::RenderElement::containingBlockForObjectInFlow
+ https://bugs.webkit.org/show_bug.cgi?id=155109
+
+ Reviewed by Simon Fraser.
+
+ It's unsafe to call containingBlock() on RenderView.
+
+ Unable to reproduce.
+
+ * rendering/RenderBlock.cpp:
+ (WebCore::RenderBlock::styleWillChange):
+ (WebCore::RenderBlock::isSelfCollapsingBlock):
+ (WebCore::RenderBlock::selectionGaps):
+ * rendering/RenderBox.cpp:
+ (WebCore::RenderBox::borderBoxRectInRegion):
+ (WebCore::RenderBox::computePercentageLogicalHeight):
+ (WebCore::RenderBox::computeReplacedLogicalHeightUsing):
+ (WebCore::logicalWidthIsResolvable):
+ (WebCore::RenderBox::percentageLogicalHeightIsResolvableFromBlock):
+ * rendering/RenderBoxModelObject.cpp:
+ (WebCore::RenderBoxModelObject::hasAutoHeightOrContainingBlockWithAutoHeight):
+ * rendering/RenderFlowThread.cpp:
+ (WebCore::RenderFlowThread::adjustedPositionRelativeToOffsetParent):
+ (WebCore::RenderFlowThread::offsetFromLogicalTopOfFirstRegion):
+ * rendering/RenderLayer.cpp:
+ (WebCore::RenderLayer::hasCompositedLayerInEnclosingPaginationChain):
+ (WebCore::RenderLayer::updatePagination):
+ (WebCore::inContainingBlockChain):
+ * rendering/RenderMultiColumnFlowThread.cpp:
+ (WebCore::isValidColumnSpanner):
+ * rendering/RenderNamedFlowThread.cpp:
+ (WebCore::RenderNamedFlowThread::decorationsClipRectForBoxInNamedFlowFragment):
+ * rendering/RenderObject.cpp:
+ (WebCore::hasFixedPosInNamedFlowContainingBlock):
+ * rendering/RenderReplaced.cpp:
+ (WebCore::firstContainingBlockWithLogicalWidth):
+ * rendering/RenderView.cpp:
+ (WebCore::RenderView::subtreeSelectionBounds):
+ (WebCore::RenderView::repaintSubtreeSelection):
+ (WebCore::RenderView::clearSubtreeSelection):
+ (WebCore::RenderView::applySubtreeSelection):
+
</ins><span class="cx"> 2016-03-07 Daniel Bates <dabates@apple.com>
</span><span class="cx">
</span><span class="cx"> CSP: object-src directive should prohibit creation of nested browsing context
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCorerenderingRenderBlockcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderBlock.cpp (198103 => 198104)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderBlock.cpp 2016-03-14 09:46:36 UTC (rev 198103)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderBlock.cpp 2016-03-14 09:52:02 UTC (rev 198104)
</span><span class="lines">@@ -255,7 +255,8 @@
</span><span class="cx"> // Remove our absolutely positioned descendants from their current containing block.
</span><span class="cx"> // They will be inserted into our positioned objects list during layout.
</span><span class="cx"> auto containingBlock = parent();
</span><del>- while (containingBlock && (containingBlock->style().position() == StaticPosition || (containingBlock->isInline() && !containingBlock->isReplaced())) && !containingBlock->isRenderView()) {
</del><ins>+ while (containingBlock && !is<RenderView>(*containingBlock)
+ && (containingBlock->style().position() == StaticPosition || (containingBlock->isInline() && !containingBlock->isReplaced()))) {
</ins><span class="cx"> if (containingBlock->style().position() == RelativePosition && containingBlock->isInline() && !containingBlock->isReplaced()) {
</span><span class="cx"> containingBlock = containingBlock->containingBlock();
</span><span class="cx"> break;
</span><span class="lines">@@ -836,7 +837,7 @@
</span><span class="cx"> bool hasAutoHeight = logicalHeightLength.isAuto();
</span><span class="cx"> if (logicalHeightLength.isPercentOrCalculated() && !document().inQuirksMode()) {
</span><span class="cx"> hasAutoHeight = true;
</span><del>- for (RenderBlock* cb = containingBlock(); !cb->isRenderView(); cb = cb->containingBlock()) {
</del><ins>+ for (RenderBlock* cb = containingBlock(); cb && !is<RenderView>(*cb); cb = cb->containingBlock()) {
</ins><span class="cx"> if (cb->style().logicalHeight().isFixed() || cb->isTableCell())
</span><span class="cx"> hasAutoHeight = false;
</span><span class="cx"> }
</span><span class="lines">@@ -1842,7 +1843,7 @@
</span><span class="cx"> flippedBlockRect.moveBy(rootBlockPhysicalPosition);
</span><span class="cx"> clipOutPositionedObjects(paintInfo, flippedBlockRect.location(), positionedObjects());
</span><span class="cx"> if (isBody() || isDocumentElementRenderer()) { // The <body> must make sure to examine its containingBlock's positioned objects.
</span><del>- for (RenderBlock* cb = containingBlock(); cb && !cb->isRenderView(); cb = cb->containingBlock())
</del><ins>+ for (RenderBlock* cb = containingBlock(); cb && !is<RenderView>(*cb); cb = cb->containingBlock())
</ins><span class="cx"> clipOutPositionedObjects(paintInfo, LayoutPoint(cb->x(), cb->y()), cb->positionedObjects()); // FIXME: Not right for flipped writing modes.
</span><span class="cx"> }
</span><span class="cx"> clipOutFloatingObjects(rootBlock, paintInfo, rootBlockPhysicalPosition, offsetFromRootBlock);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCorerenderingRenderBoxcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderBox.cpp (198103 => 198104)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderBox.cpp 2016-03-14 09:46:36 UTC (rev 198103)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderBox.cpp 2016-03-14 09:52:02 UTC (rev 198104)
</span><span class="lines">@@ -246,6 +246,8 @@
</span><span class="cx"> break;
</span><span class="cx">
</span><span class="cx"> currentBox = currentBox->containingBlock();
</span><ins>+ if (!currentBox)
+ break;
</ins><span class="cx"> region = currentBox->clampToStartAndEndRegions(region);
</span><span class="cx"> currentBoxInfo = currentBox->renderBoxRegionInfo(region);
</span><span class="cx"> }
</span><span class="lines">@@ -2950,7 +2952,7 @@
</span><span class="cx"> const RenderBox* containingBlockChild = this;
</span><span class="cx"> LayoutUnit rootMarginBorderPaddingHeight = 0;
</span><span class="cx"> bool isHorizontal = isHorizontalWritingMode();
</span><del>- while (!cb->isRenderView() && skipContainingBlockForPercentHeightCalculation(cb, isHorizontal != cb->isHorizontalWritingMode())) {
</del><ins>+ while (cb && !is<RenderView>(*cb) && skipContainingBlockForPercentHeightCalculation(cb, isHorizontal != cb->isHorizontalWritingMode())) {
</ins><span class="cx"> if (cb->isBody() || cb->isDocumentElementRenderer())
</span><span class="cx"> rootMarginBorderPaddingHeight += cb->marginBefore() + cb->marginAfter() + cb->borderAndPaddingLogicalHeight();
</span><span class="cx"> skippedAutoHeightContainingBlock = true;
</span><span class="lines">@@ -3103,7 +3105,7 @@
</span><span class="cx"> case Calculated:
</span><span class="cx"> {
</span><span class="cx"> auto cb = isOutOfFlowPositioned() ? container() : containingBlock();
</span><del>- while (cb->isAnonymous() && !is<RenderView>(*cb)) {
</del><ins>+ while (cb && cb->isAnonymous() && !is<RenderView>(*cb)) {
</ins><span class="cx"> cb = cb->containingBlock();
</span><span class="cx"> downcast<RenderBlock>(*cb).addPercentHeightDescendant(const_cast<RenderBox&>(*this));
</span><span class="cx"> }
</span><span class="lines">@@ -3133,7 +3135,7 @@
</span><span class="cx"> // table cells using percentage heights.
</span><span class="cx"> // FIXME: This needs to be made block-flow-aware. If the cell and image are perpendicular block-flows, this isn't right.
</span><span class="cx"> // https://bugs.webkit.org/show_bug.cgi?id=46997
</span><del>- while (cb && !cb->isRenderView() && (cb->style().logicalHeight().isAuto() || cb->style().logicalHeight().isPercentOrCalculated())) {
</del><ins>+ while (cb && !is<RenderView>(*cb) && (cb->style().logicalHeight().isAuto() || cb->style().logicalHeight().isPercentOrCalculated())) {
</ins><span class="cx"> if (cb->isTableCell()) {
</span><span class="cx"> // Don't let table cells squeeze percent-height replaced elements
</span><span class="cx"> // <http://bugs.webkit.org/show_bug.cgi?id=15359>
</span><span class="lines">@@ -4637,7 +4639,7 @@
</span><span class="cx"> static bool logicalWidthIsResolvable(const RenderBox& renderBox)
</span><span class="cx"> {
</span><span class="cx"> const RenderBox* box = &renderBox;
</span><del>- while (!box->isRenderView() && !box->isOutOfFlowPositioned()
</del><ins>+ while (box && !is<RenderView>(*box) && !box->isOutOfFlowPositioned()
</ins><span class="cx"> #if ENABLE(CSS_GRID_LAYOUT)
</span><span class="cx"> && !box->hasOverrideContainingBlockLogicalWidth()
</span><span class="cx"> #endif
</span><span class="lines">@@ -4682,7 +4684,7 @@
</span><span class="cx"> const RenderBlock* cb = containingBlock;
</span><span class="cx"> bool inQuirksMode = cb->document().inQuirksMode();
</span><span class="cx"> bool skippedAutoHeightContainingBlock = false;
</span><del>- while (!cb->isRenderView() && !cb->isBody() && !cb->isTableCell() && !cb->isOutOfFlowPositioned() && cb->style().logicalHeight().isAuto()) {
</del><ins>+ while (cb && !is<RenderView>(*cb) && !cb->isBody() && !cb->isTableCell() && !cb->isOutOfFlowPositioned() && cb->style().logicalHeight().isAuto()) {
</ins><span class="cx"> if (!inQuirksMode && !cb->isAnonymousBlock())
</span><span class="cx"> break;
</span><span class="cx"> #if ENABLE(CSS_GRID_LAYOUT)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCorerenderingRenderBoxModelObjectcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderBoxModelObject.cpp (198103 => 198104)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderBoxModelObject.cpp 2016-03-14 09:46:36 UTC (rev 198103)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderBoxModelObject.cpp 2016-03-14 09:52:02 UTC (rev 198104)
</span><span class="lines">@@ -240,7 +240,7 @@
</span><span class="cx"> // Anonymous block boxes are ignored when resolving percentage values that would refer to it:
</span><span class="cx"> // the closest non-anonymous ancestor box is used instead.
</span><span class="cx"> RenderBlock* cb = containingBlock();
</span><del>- while (cb->isAnonymous() && !cb->isRenderView())
</del><ins>+ while (cb && !is<RenderView>(*cb) && cb->isAnonymous())
</ins><span class="cx"> cb = cb->containingBlock();
</span><span class="cx">
</span><span class="cx"> // Matching RenderBox::percentageLogicalHeightIsResolvableFromBlock() by
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCorerenderingRenderFlowThreadcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderFlowThread.cpp (198103 => 198104)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderFlowThread.cpp 2016-03-14 09:46:36 UTC (rev 198103)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderFlowThread.cpp 2016-03-14 09:52:02 UTC (rev 198104)
</span><span class="lines">@@ -443,7 +443,7 @@
</span><span class="cx"> // and if so, drop the object's top position (which was computed relative to its containing block
</span><span class="cx"> // and is no longer valid) and recompute it using the region in which it flows as reference.
</span><span class="cx"> bool wasComputedRelativeToOtherRegion = false;
</span><del>- while (objContainingBlock && !objContainingBlock->isRenderNamedFlowThread()) {
</del><ins>+ while (objContainingBlock && !is<RenderView>(*objContainingBlock) && !objContainingBlock->isRenderNamedFlowThread()) {
</ins><span class="cx"> // Check if this object is in a different region.
</span><span class="cx"> RenderRegion* parentStartRegion = nullptr;
</span><span class="cx"> RenderRegion* parentEndRegion = nullptr;
</span><span class="lines">@@ -1225,7 +1225,7 @@
</span><span class="cx">
</span><span class="cx"> // As a last resort, take the slow path.
</span><span class="cx"> LayoutRect blockRect(0, 0, currentBlock->width(), currentBlock->height());
</span><del>- while (currentBlock && !currentBlock->isRenderFlowThread()) {
</del><ins>+ while (currentBlock && !is<RenderView>(*currentBlock) && !currentBlock->isRenderFlowThread()) {
</ins><span class="cx"> RenderBlock* containerBlock = currentBlock->containingBlock();
</span><span class="cx"> ASSERT(containerBlock);
</span><span class="cx"> if (!containerBlock)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCorerenderingRenderLayercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderLayer.cpp (198103 => 198104)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderLayer.cpp 2016-03-14 09:46:36 UTC (rev 198103)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderLayer.cpp 2016-03-14 09:52:02 UTC (rev 198104)
</span><span class="lines">@@ -1056,8 +1056,7 @@
</span><span class="cx">
</span><span class="cx"> // Otherwise we have to go up the containing block chain. Find the first enclosing
</span><span class="cx"> // containing block layer ancestor, and check that.
</span><del>- RenderView* renderView = &renderer().view();
- for (RenderBlock* containingBlock = renderer().containingBlock(); containingBlock && containingBlock != renderView; containingBlock = containingBlock->containingBlock()) {
</del><ins>+ for (const auto* containingBlock = renderer().containingBlock(); containingBlock && !is<RenderView>(*containingBlock); containingBlock = containingBlock->containingBlock()) {
</ins><span class="cx"> if (containingBlock->hasLayer())
</span><span class="cx"> return containingBlock->layer()->hasCompositedLayerInEnclosingPaginationChain();
</span><span class="cx"> }
</span><span class="lines">@@ -1093,9 +1092,7 @@
</span><span class="cx">
</span><span class="cx"> // For the new columns code, we want to walk up our containing block chain looking for an enclosing layer. Once
</span><span class="cx"> // we find one, then we just check its pagination status.
</span><del>- RenderView* renderView = &renderer().view();
- RenderBlock* containingBlock;
- for (containingBlock = renderer().containingBlock(); containingBlock && containingBlock != renderView; containingBlock = containingBlock->containingBlock()) {
</del><ins>+ for (const auto* containingBlock = renderer().containingBlock(); containingBlock && !is<RenderView>(*containingBlock); containingBlock = containingBlock->containingBlock()) {
</ins><span class="cx"> if (containingBlock->hasLayer()) {
</span><span class="cx"> // Content inside a transform is not considered to be paginated, since we simply
</span><span class="cx"> // paint the transform multiple times in each column, so we don't have to use
</span><span class="lines">@@ -3804,9 +3801,7 @@
</span><span class="cx"> {
</span><span class="cx"> if (startLayer == endLayer)
</span><span class="cx"> return true;
</span><del>-
- RenderView* view = &startLayer->renderer().view();
- for (RenderBlock* currentBlock = startLayer->renderer().containingBlock(); currentBlock && currentBlock != view; currentBlock = currentBlock->containingBlock()) {
</del><ins>+ for (const auto* currentBlock = startLayer->renderer().containingBlock(); currentBlock && !is<RenderView>(*currentBlock); currentBlock = currentBlock->containingBlock()) {
</ins><span class="cx"> if (currentBlock->layer() == endLayer)
</span><span class="cx"> return true;
</span><span class="cx"> }
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCorerenderingRenderMultiColumnFlowThreadcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderMultiColumnFlowThread.cpp (198103 => 198104)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderMultiColumnFlowThread.cpp 2016-03-14 09:46:36 UTC (rev 198103)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderMultiColumnFlowThread.cpp 2016-03-14 09:52:02 UTC (rev 198104)
</span><span class="lines">@@ -255,7 +255,7 @@
</span><span class="cx"> return false;
</span><span class="cx">
</span><span class="cx"> // This looks like a spanner, but if we're inside something unbreakable, it's not to be treated as one.
</span><del>- for (RenderBox* ancestor = downcast<RenderBox>(*descendant).containingBlock(); ancestor; ancestor = ancestor->containingBlock()) {
</del><ins>+ for (RenderBox* ancestor = downcast<RenderBox>(*descendant).containingBlock(); ancestor && !is<RenderView>(*ancestor); ancestor = ancestor->containingBlock()) {
</ins><span class="cx"> if (ancestor->isRenderFlowThread()) {
</span><span class="cx"> // Don't allow any intervening non-multicol fragmentation contexts. The spec doesn't say
</span><span class="cx"> // anything about disallowing this, but it's just going to be too complicated to
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCorerenderingRenderNamedFlowThreadcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderNamedFlowThread.cpp (198103 => 198104)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderNamedFlowThread.cpp 2016-03-14 09:46:36 UTC (rev 198103)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderNamedFlowThread.cpp 2016-03-14 09:52:02 UTC (rev 198104)
</span><span class="lines">@@ -298,7 +298,7 @@
</span><span class="cx"> // Take the scrolled offset of this object's parents into consideration.
</span><span class="cx"> IntSize scrolledContentOffset;
</span><span class="cx"> RenderBlock* containingBlock = box.containingBlock();
</span><del>- while (containingBlock) {
</del><ins>+ while (containingBlock && !is<RenderView>(*containingBlock)) {
</ins><span class="cx"> if (containingBlock->isRenderNamedFlowThread()) {
</span><span class="cx"> // We've reached the flow thread, take the scrolled offset of the region into consideration.
</span><span class="cx"> ASSERT(containingBlock == this);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCorerenderingRenderObjectcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderObject.cpp (198103 => 198104)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderObject.cpp 2016-03-14 09:46:36 UTC (rev 198103)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderObject.cpp 2016-03-14 09:52:02 UTC (rev 198104)
</span><span class="lines">@@ -525,7 +525,7 @@
</span><span class="cx"> ASSERT(renderer->flowThreadState() != RenderObject::NotInsideFlowThread);
</span><span class="cx">
</span><span class="cx"> RenderObject* curr = const_cast<RenderObject*>(renderer);
</span><del>- while (curr) {
</del><ins>+ while (curr && !is<RenderView>(*curr)) {
</ins><span class="cx"> if (curr->fixedPositionedWithNamedFlowContainingBlock())
</span><span class="cx"> return true;
</span><span class="cx"> curr = curr->containingBlock();
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCorerenderingRenderReplacedcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderReplaced.cpp (198103 => 198104)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderReplaced.cpp 2016-03-14 09:46:36 UTC (rev 198103)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderReplaced.cpp 2016-03-14 09:52:02 UTC (rev 198104)
</span><span class="lines">@@ -251,7 +251,7 @@
</span><span class="cx"> if (!containingBlock)
</span><span class="cx"> return 0;
</span><span class="cx">
</span><del>- for (; !containingBlock->isRenderView() && !containingBlock->isBody(); containingBlock = containingBlock->containingBlock()) {
</del><ins>+ for (; containingBlock && !is<RenderView>(*containingBlock) && !containingBlock->isBody(); containingBlock = containingBlock->containingBlock()) {
</ins><span class="cx"> if (containingBlock->style().logicalWidth().isSpecified())
</span><span class="cx"> return containingBlock;
</span><span class="cx"> }
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCorerenderingRenderViewcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderView.cpp (198103 => 198104)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderView.cpp 2016-03-14 09:46:36 UTC (rev 198103)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/rendering/RenderView.cpp 2016-03-14 09:52:02 UTC (rev 198104)
</span><span class="lines">@@ -764,7 +764,7 @@
</span><span class="cx"> // Blocks are responsible for painting line gaps and margin gaps. They must be examined as well.
</span><span class="cx"> selectedObjects.set(os, std::make_unique<RenderSelectionInfo>(*os, clipToVisibleContent));
</span><span class="cx"> RenderBlock* cb = os->containingBlock();
</span><del>- while (cb && !cb->isRenderView()) {
</del><ins>+ while (cb && !is<RenderView>(*cb)) {
</ins><span class="cx"> std::unique_ptr<RenderSelectionInfo>& blockInfo = selectedObjects.add(cb, nullptr).iterator->value;
</span><span class="cx"> if (blockInfo)
</span><span class="cx"> break;
</span><span class="lines">@@ -817,7 +817,7 @@
</span><span class="cx"> RenderSelectionInfo(*o, true).repaint();
</span><span class="cx">
</span><span class="cx"> // Blocks are responsible for painting line gaps and margin gaps. They must be examined as well.
</span><del>- for (RenderBlock* block = o->containingBlock(); block && !block->isRenderView(); block = block->containingBlock()) {
</del><ins>+ for (RenderBlock* block = o->containingBlock(); block && !is<RenderView>(*block); block = block->containingBlock()) {
</ins><span class="cx"> if (!processedBlocks.add(block).isNewEntry)
</span><span class="cx"> break;
</span><span class="cx"> RenderSelectionInfo(*block, true).repaint();
</span><span class="lines">@@ -953,7 +953,7 @@
</span><span class="cx"> oldSelectionData.selectedObjects.set(os, std::make_unique<RenderSelectionInfo>(*os, true));
</span><span class="cx"> if (blockRepaintMode == RepaintNewXOROld) {
</span><span class="cx"> RenderBlock* cb = os->containingBlock();
</span><del>- while (cb && !cb->isRenderView()) {
</del><ins>+ while (cb && !is<RenderView>(*cb)) {
</ins><span class="cx"> std::unique_ptr<RenderBlockSelectionInfo>& blockInfo = oldSelectionData.selectedBlocks.add(cb, nullptr).iterator->value;
</span><span class="cx"> if (blockInfo)
</span><span class="cx"> break;
</span><span class="lines">@@ -1018,7 +1018,7 @@
</span><span class="cx"> newSelectedObjects.set(currentRenderer, WTFMove(selectionInfo));
</span><span class="cx">
</span><span class="cx"> RenderBlock* containingBlock = currentRenderer->containingBlock();
</span><del>- while (containingBlock && !containingBlock->isRenderView()) {
</del><ins>+ while (containingBlock && !is<RenderView>(*containingBlock)) {
</ins><span class="cx"> std::unique_ptr<RenderBlockSelectionInfo>& blockInfo = newSelectedBlocks.add(containingBlock, nullptr).iterator->value;
</span><span class="cx"> if (blockInfo)
</span><span class="cx"> break;
</span></span></pre>
</div>
</div>
</body>
</html>