• ojan@chromium.org's avatar
    2009-07-27 Ojan Vafai <ojan@chromium.org> · e4d44e16
    ojan@chromium.org authored
            Reviewed by Darin Adler.
    
            https://bugs.webkit.org/show_bug.cgi?id=27474
            Tests crashes when calling select, setSelectionRange or setting
            selectionStart/selectionEnd on a textarea/input immediately after
            setting display:none.
    
            * fast/dom/text-control-crash-on-select-expected.txt: Added.
            * fast/dom/text-control-crash-on-select.html: Added.
    
    2009-07-27  Ojan Vafai  <ojan@chromium.org>
    
            Reviewed by Darin Adler.
    
            https://bugs.webkit.org/show_bug.cgi?id=27474
            Fixes crashes due to renderer getting destroyed in updateLayout.
            We need to call updateLayout before we call into the renderer.
            Removed the updateLayout call from RenderTextControl and moved it
            into the calling sites.
    
            Also changes updateLayout to updateLayoutIgnorePendingStylesheets so
            this works with pending stylesheets. Unfortunately, this seems to be
            untestable. Loading an external stylesheet and then having an inline
            script hit this code did not result in an pending stylesheets.
    
            The are other cases of this bug in the rendering code. I'll file a
            followup bug to audit the calls to updateLayout.
    
            Test: fast/dom/text-control-crash-on-select.html
    
            * dom/Document.h:
            (WebCore::Document::inStyleRecalc): Added so the ASSERTs in updateFocusAppearance
                and setSelectionRange could deal with cases of reentrancy into updateLayout
                calls. This happens in a couple layout tests.
            * dom/InputElement.cpp:
            (WebCore::InputElement::updateSelectionRange):
            * html/HTMLInputElement.cpp:
            (WebCore::isTextFieldWithRendererAfterUpdateLayout):
            (WebCore::HTMLInputElement::setSelectionStart):
            (WebCore::HTMLInputElement::setSelectionEnd):
            (WebCore::HTMLInputElement::select):
            * html/HTMLTextAreaElement.cpp:
            (WebCore::rendererAfterUpdateLayout):
            (WebCore::HTMLTextAreaElement::setSelectionStart):
            (WebCore::HTMLTextAreaElement::setSelectionEnd):
            (WebCore::HTMLTextAreaElement::select):
            (WebCore::HTMLTextAreaElement::setSelectionRange):
            (WebCore::HTMLTextAreaElement::updateFocusAppearance):
            * rendering/RenderTextControl.cpp:
            (WebCore::RenderTextControl::setSelectionRange):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@46437 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    e4d44e16
Document.cpp 141 KB