Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(301)

Unified Diff: Source/WebCore/rendering/RenderBlock.cpp

Issue 9249043: Merge 104123 - Crash due to first-letter block processing (Closed) Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/912/
Patch Set: Created 8 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: Source/WebCore/rendering/RenderBlock.cpp
===================================================================
--- Source/WebCore/rendering/RenderBlock.cpp (revision 105348)
+++ Source/WebCore/rendering/RenderBlock.cpp (working copy)
@@ -5616,38 +5616,14 @@
RenderTextFragment* remainingText = 0;
RenderObject* nextSibling = firstLetter->nextSibling();
- RenderObject* next = nextSibling;
- while (next) {
- if (next->isText() && toRenderText(next)->isTextFragment()) {
- remainingText = toRenderTextFragment(next);
- break;
- }
- next = next->nextSibling();
- }
- if (!remainingText && firstLetterContainer->isAnonymousBlock()) {
- // The remaining text fragment could have been wrapped in a different anonymous block since creation
- RenderObject* nextChild;
- next = firstLetterContainer->nextSibling();
- while (next && !remainingText) {
- if (next->isAnonymousBlock()) {
- nextChild = next->firstChild();
- while (nextChild) {
- if (nextChild->isText() && toRenderText(nextChild)->isTextFragment()
- && (toRenderTextFragment(nextChild)->firstLetter() == firstLetter)) {
- remainingText = toRenderTextFragment(nextChild);
- break;
- }
- nextChild = nextChild->nextSibling();
- }
- } else
- break;
- next = next->nextSibling();
- }
- }
+ RenderObject* remainingTextObject = toRenderBoxModelObject(firstLetter)->firstLetterRemainingText();
+ if (remainingTextObject && remainingTextObject->isText() && toRenderText(remainingTextObject)->isTextFragment())
+ remainingText = toRenderTextFragment(remainingTextObject);
if (remainingText) {
ASSERT(remainingText->isAnonymous() || remainingText->node()->renderer() == remainingText);
// Replace the old renderer with the new one.
remainingText->setFirstLetter(newFirstLetter);
+ toRenderBoxModelObject(newFirstLetter)->setFirstLetterRemainingText(remainingText);
}
firstLetter->destroy();
firstLetter = newFirstLetter;
@@ -5725,6 +5701,7 @@
firstLetterContainer->addChild(remainingText, textObj);
firstLetterContainer->removeChild(textObj);
remainingText->setFirstLetter(firstLetter);
+ toRenderBoxModelObject(firstLetter)->setFirstLetterRemainingText(remainingText);
// construct text fragment for the first letter
RenderTextFragment* letter =

Powered by Google App Engine
This is Rietveld 408576698