Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(86)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/WebCore/rendering/RenderFullScreen.cpp

Issue 9962002: Merge 112596 - Heap-use-after-free in WebCore::InlineFlowBox::deleteLine due to fullscreen issues. (Closed) Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/1084/
Patch Set: Created 8 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2010 Apple Inc. All rights reserved. 2 * Copyright (C) 2010 Apple Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after
106 } 106 }
107 107
108 RenderObject* RenderFullScreen::wrapRenderer(RenderObject* object, Document* doc ument) 108 RenderObject* RenderFullScreen::wrapRenderer(RenderObject* object, Document* doc ument)
109 { 109 {
110 RenderFullScreen* fullscreenRenderer = new (document->renderArena()) RenderF ullScreen(document); 110 RenderFullScreen* fullscreenRenderer = new (document->renderArena()) RenderF ullScreen(document);
111 fullscreenRenderer->setStyle(createFullScreenStyle()); 111 fullscreenRenderer->setStyle(createFullScreenStyle());
112 if (object) { 112 if (object) {
113 if (RenderObject* parent = object->parent()) { 113 if (RenderObject* parent = object->parent()) {
114 parent->addChild(fullscreenRenderer, object); 114 parent->addChild(fullscreenRenderer, object);
115 object->remove(); 115 object->remove();
116 parent->setNeedsLayoutAndPrefWidthsRecalc();
116 } 117 }
117 fullscreenRenderer->addChild(object); 118 fullscreenRenderer->addChild(object);
119 fullscreenRenderer->setNeedsLayoutAndPrefWidthsRecalc();
118 } 120 }
119 document->setFullScreenRenderer(fullscreenRenderer); 121 document->setFullScreenRenderer(fullscreenRenderer);
120 return fullscreenRenderer; 122 return fullscreenRenderer;
121 } 123 }
122 124
123 void RenderFullScreen::unwrapRenderer() 125 void RenderFullScreen::unwrapRenderer()
124 { 126 {
125 if (parent()) { 127 if (parent()) {
126 RenderObject* child; 128 RenderObject* child;
127 while ((child = firstChild())) { 129 while ((child = firstChild())) {
128 child->remove(); 130 child->remove();
129 parent()->addChild(child, this); 131 parent()->addChild(child, this);
132 parent()->setNeedsLayoutAndPrefWidthsRecalc();
130 } 133 }
131 } 134 }
132 if (placeholder()) 135 if (placeholder())
133 placeholder()->remove(); 136 placeholder()->remove();
134 remove(); 137 remove();
135 document()->setFullScreenRenderer(0); 138 document()->setFullScreenRenderer(0);
136 } 139 }
137 140
138 void RenderFullScreen::setPlaceholder(RenderBlock* placeholder) 141 void RenderFullScreen::setPlaceholder(RenderBlock* placeholder)
139 { 142 {
140 m_placeholder = placeholder; 143 m_placeholder = placeholder;
141 } 144 }
142 145
143 void RenderFullScreen::createPlaceholder(PassRefPtr<RenderStyle> style, const La youtRect& frameRect) 146 void RenderFullScreen::createPlaceholder(PassRefPtr<RenderStyle> style, const La youtRect& frameRect)
144 { 147 {
145 if (style->width().isAuto()) 148 if (style->width().isAuto())
146 style->setWidth(Length(frameRect.width(), Fixed)); 149 style->setWidth(Length(frameRect.width(), Fixed));
147 if (style->height().isAuto()) 150 if (style->height().isAuto())
148 style->setHeight(Length(frameRect.height(), Fixed)); 151 style->setHeight(Length(frameRect.height(), Fixed));
149 152
150 if (!m_placeholder) { 153 if (!m_placeholder) {
151 m_placeholder = new (document()->renderArena()) RenderFullScreenPlacehol der(this); 154 m_placeholder = new (document()->renderArena()) RenderFullScreenPlacehol der(this);
152 m_placeholder->setStyle(style); 155 m_placeholder->setStyle(style);
153 if (parent()) 156 if (parent()) {
154 parent()->addChild(m_placeholder, this); 157 parent()->addChild(m_placeholder, this);
158 parent()->setNeedsLayoutAndPrefWidthsRecalc();
159 }
155 } else 160 } else
156 m_placeholder->setStyle(style); 161 m_placeholder->setStyle(style);
157 } 162 }
158 163
159 #endif 164 #endif
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698