-
ojan@chromium.org authored
Reviewed by Darin Adler. https://bugs.webkit.org/show_bug.cgi?id=27474 Tests crashes when calling select, setSelectionRange or setting selectionStart/selectionEnd on a textarea/input immediately after setting display:none. * fast/dom/text-control-crash-on-select-expected.txt: Added. * fast/dom/text-control-crash-on-select.html: Added. 2009-07-27 Ojan Vafai <ojan@chromium.org> Reviewed by Darin Adler. https://bugs.webkit.org/show_bug.cgi?id=27474 Fixes crashes due to renderer getting destroyed in updateLayout. We need to call updateLayout before we call into the renderer. Removed the updateLayout call from RenderTextControl and moved it into the calling sites. Also changes updateLayout to updateLayoutIgnorePendingStylesheets so this works with pending stylesheets. Unfortunately, this seems to be untestable. Loading an external stylesheet and then having an inline script hit this code did not result in an pending stylesheets. The are other cases of this bug in the rendering code. I'll file a followup bug to audit the calls to updateLayout. Test: fast/dom/text-control-crash-on-select.html * dom/Document.h: (WebCore::Document::inStyleRecalc): Added so the ASSERTs in updateFocusAppearance and setSelectionRange could deal with cases of reentrancy into updateLayout calls. This happens in a couple layout tests. * dom/InputElement.cpp: (WebCore::InputElement::updateSelectionRange): * html/HTMLInputElement.cpp: (WebCore::isTextFieldWithRendererAfterUpdateLayout): (WebCore::HTMLInputElement::setSelectionStart): (WebCore::HTMLInputElement::setSelectionEnd): (WebCore::HTMLInputElement::select): * html/HTMLTextAreaElement.cpp: (WebCore::rendererAfterUpdateLayout): (WebCore::HTMLTextAreaElement::setSelectionStart): (WebCore::HTMLTextAreaElement::setSelectionEnd): (WebCore::HTMLTextAreaElement::select): (WebCore::HTMLTextAreaElement::setSelectionRange): (WebCore::HTMLTextAreaElement::updateFocusAppearance): * rendering/RenderTextControl.cpp: (WebCore::RenderTextControl::setSelectionRange): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@46437 268f45cc-cd09-0410-ab3c-d52691b4dbfc
e4d44e16