-
antti authored
Fix <rdar://problem/5378214> Mail crashes at RenderLayer::paintLayer() when dragging a selection over To Do text ObjC interface does not guarantee that Document::updateRendering() gets called after modification are made to document. This can lead to situation where paint() is invoked with document still dirty which can then crash in number of interesting ways. - add hasChangedChild() as needsLayout() condition. layout() will then call recalcStyle() catching most cases and making sure document is not dirty when entering painting. - protect recalcStyle() and layout() from being executed during painting. There are some cases needsLayout() protection does not cover. No layout test, these states are very hard or impossible to reach using Javascript interface (which generally guarantees that updateRendering() is done right after execution). * dom/Document.cpp: (WebCore::Document::recalcStyle): * page/Frame.cpp: (WebCore::Frame::paint): (WebCore::Frame::setPaintRestriction): (WebCore::Frame::isPainting): (WebCore::FramePrivate::FramePrivate): * page/Frame.h: * page/FramePrivate.h: * page/FrameView.cpp: (WebCore::FrameView::layout): (WebCore::FrameView::needsLayout): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@24878 268f45cc-cd09-0410-ab3c-d52691b4dbfc
6e917c3a