| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
| 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
| 4 * (C) 2005 Allan Sandfeld Jensen (kde@carewolf.com) | 4 * (C) 2005 Allan Sandfeld Jensen (kde@carewolf.com) |
| 5 * (C) 2005, 2006 Samuel Weinig (sam.weinig@gmail.com) | 5 * (C) 2005, 2006 Samuel Weinig (sam.weinig@gmail.com) |
| 6 * Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010 Apple Inc. All rights reserv
ed. | 6 * Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010 Apple Inc. All rights reserv
ed. |
| 7 * | 7 * |
| 8 * This library is free software; you can redistribute it and/or | 8 * This library is free software; you can redistribute it and/or |
| 9 * modify it under the terms of the GNU Library General Public | 9 * modify it under the terms of the GNU Library General Public |
| 10 * License as published by the Free Software Foundation; either | 10 * License as published by the Free Software Foundation; either |
| (...skipping 271 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 282 if (!parentBlock || currBlock->containsFloat(this)) | 282 if (!parentBlock || currBlock->containsFloat(this)) |
| 283 parentBlock = currBlock; | 283 parentBlock = currBlock; |
| 284 } | 284 } |
| 285 } | 285 } |
| 286 | 286 |
| 287 if (parentBlock) { | 287 if (parentBlock) { |
| 288 RenderObject* parent = parentBlock->parent(); | 288 RenderObject* parent = parentBlock->parent(); |
| 289 if (parent && parent->isDeprecatedFlexibleBox()) | 289 if (parent && parent->isDeprecatedFlexibleBox()) |
| 290 parentBlock = toRenderBlock(parent); | 290 parentBlock = toRenderBlock(parent); |
| 291 | 291 |
| 292 parentBlock->markSiblingsWithFloatsForLayout(this); |
| 292 parentBlock->markAllDescendantsWithFloatsForLayout(this, false); | 293 parentBlock->markAllDescendantsWithFloatsForLayout(this, false); |
| 293 } | 294 } |
| 294 } | 295 } |
| 295 | 296 |
| 296 if (isPositioned()) { | 297 if (isPositioned()) { |
| 297 for (RenderObject* curr = parent(); curr; curr = curr->parent()) { | 298 for (RenderObject* curr = parent(); curr; curr = curr->parent()) { |
| 298 if (curr->isRenderBlock()) | 299 if (curr->isRenderBlock()) |
| 299 toRenderBlock(curr)->removePositionedObject(this); | 300 toRenderBlock(curr)->removePositionedObject(this); |
| 300 } | 301 } |
| 301 } | 302 } |
| (...skipping 3594 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3896 RenderBlock* containerBlock = containingBlock(); | 3897 RenderBlock* containerBlock = containingBlock(); |
| 3897 if (!containerBlock || containerBlock == this) | 3898 if (!containerBlock || containerBlock == this) |
| 3898 return locationOffset(); | 3899 return locationOffset(); |
| 3899 | 3900 |
| 3900 LayoutRect rect(frameRect()); | 3901 LayoutRect rect(frameRect()); |
| 3901 containerBlock->flipForWritingMode(rect); // FIXME: This is wrong if we are
an absolutely positioned object enclosed by a relative-positioned inline. | 3902 containerBlock->flipForWritingMode(rect); // FIXME: This is wrong if we are
an absolutely positioned object enclosed by a relative-positioned inline. |
| 3902 return LayoutSize(rect.x(), rect.y()); | 3903 return LayoutSize(rect.x(), rect.y()); |
| 3903 } | 3904 } |
| 3904 | 3905 |
| 3905 } // namespace WebCore | 3906 } // namespace WebCore |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9251029:
Merge 105120 - Heap-use-after-free in WebCore::RenderBlock::selectionGaps (Closed)
Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/963/