Issue 10383163: Merge 116693 - Crash in computedCSSPadding* functions due to RenderImage::imageDimensionsChanged ca…

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 10383163: Merge 116693 - Crash in computedCSSPadding* functions due to RenderImage::imageDimensionsChanged ca… (Closed)

Created:
8 years, 7 months ago by Julien - ping for review

Modified:
8 years, 7 months ago

Reviewers:
jchaffraix

CC:
chromium-reviews

Base URL:
http://svn.webkit.org/repository/webkit/branches/chromium/1132/

Visibility:
Public.

More Reviews

Description

Merge 116693 - Crash in computedCSSPadding* functions due to RenderImage::imageDimensionsChanged called during attachment https://bugs.webkit.org/show_bug.cgi?id=85912 Reviewed by Eric Seidel. Source/WebCore: Tests: fast/images/link-body-content-imageDimensionChanged-crash.html fast/images/script-counter-imageDimensionChanged-crash.html The bug comes from CSS generated images that could end up calling imageDimensionsChanged during attachment. As the rest of the code (e.g. computedCSSPadding*) would assumes that we are already inserted in the tree, we would crash. The solution is to bail out in this case as newly inserted RenderObject will trigger layout later on and properly handle what we would be doing as part of imageDimensionChanged (the only exception being updating our intrinsic size which should be done as part of imageDimensionsChanged). * rendering/RenderImage.cpp: (WebCore::RenderImage::imageDimensionsChanged): LayoutTests: * fast/images/link-body-content-imageDimensionChanged-crash-expected.txt: Added. * fast/images/link-body-content-imageDimensionChanged-crash.html: Added. * fast/images/script-counter-imageDimensionChanged-crash-expected.txt: Added. * fast/images/script-counter-imageDimensionChanged-crash.html: Added. TBR=jchaffraix@webkit.org Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=116968

Patch Set 1 #

Created: 8 years, 7 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+20 lines, -16 lines)			Patch
A +	LayoutTests/fast/images/link-body-content-imageDimensionChanged-crash.html	View	0 chunks	+-1 lines, --1 lines	0 comments	Download
A +	LayoutTests/fast/images/link-body-content-imageDimensionChanged-crash-expected.txt	View	0 chunks	+-1 lines, --1 lines	0 comments	Download
A +	LayoutTests/fast/images/script-counter-imageDimensionChanged-crash.html	View	0 chunks	+-1 lines, --1 lines	0 comments	Download
A +	LayoutTests/fast/images/script-counter-imageDimensionChanged-crash-expected.txt	View	0 chunks	+-1 lines, --1 lines	0 comments	Download
M	Source/WebCore/rendering/RenderImage.cpp	View	1 chunk	+24 lines, -20 lines	0 comments	Download

Messages

Total messages: 1 (0 generated)

Expand Messages | Collapse Messages