Crash in WebCore::RenderBoxModelObject::paddingLeft

https://bugs.webkit.org/show_bug.cgi?id=83889

Patch by Takashi Sakamoto <tasak@google.com> on 2012-05-09
Reviewed by Abhishek Arya.

Source/WebCore:

RenderScrollbar creates RenderScrollbarPart without any parent
renderers. However, if the scrollbar has percent padding styles,
non-null parent renderer is required. So after creating/destroying
RenderScrollbarPart instances, set owningRenderer(creating)/0
(destroying) as its parent renderer.

Test: scrollbars/scrollbar-percent-padding-crash.html
      scrollbars/scrollbar-percent-padding-crash-expected.txt

* rendering/RenderScrollbar.cpp:
(WebCore::RenderScrollbar::updateScrollbarPart):
Added setParent after creating/destroying RenderScrollbarPart.
* rendering/RenderScrollbarPart.cpp:
Made RenderScollbar friend, because setParent is protected and
RenderScrollbar is not inherited from class RenderObject.

LayoutTests:

As just invoking layoutTestController.display() invokes scrollbar's
WebCore::RenderScrollbarPart::paintIntoRect(), adding display() after
invoking layoutTestController.dumpAsText().

* scrollbars/scrollbar-percent-padding-crash.html: Added.
* scrollbars/scrollbar-percent-padding-crash-expected.txt: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@116527 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 476331f1
2012-05-09 Takashi Sakamoto <tasak@google.com>
Crash in WebCore::RenderBoxModelObject::paddingLeft
https://bugs.webkit.org/show_bug.cgi?id=83889
Reviewed by Abhishek Arya.
As just invoking layoutTestController.display() invokes scrollbar's
WebCore::RenderScrollbarPart::paintIntoRect(), adding display() after
invoking layoutTestController.dumpAsText().
* scrollbars/scrollbar-percent-padding-crash.html: Added.
* scrollbars/scrollbar-percent-padding-crash-expected.txt: Added.
2012-05-09 Antti Koivisto <antti@apple.com>
Skip failing test http/tests/loading/post-in-iframe-with-back-navigation.html.
......
Test for bug 83889: This tests that there is no crash when using percentage value for scrollbar's padding property. On success you should see a frame with scrollbars and one PASS message in it.
<!DOCTYPE html>
<html>
<head>
<style>
::-webkit-scrollbar {
-webkit-padding-start: 1%; background: #666 -webkit-gradient(linear, left top, right top, from(rgba(255,255,255,0.5)), color-stop(0.5, rgba(255,255,255,0.1)), color-stop(0.5, rgba(0,0,0,0)), to(rgba(0,0,0,0.01)));
}
</style>
<script>
function runTest() {
if (window.layoutTestController) {
layoutTestController.dumpAsText();
document.body.offsetTop;
layoutTestController.display();
}
};
</script>
</head>
<body onload="runTest()">
<p>Test for <a href="https://bugs.webkit.org/show_bug.cgi?id=83889">bug 83889</a>:
This tests that there is no crash when using percentage value for scrollbar's padding property. On success you should see a frame with scrollbars and one PASS message in it.
<div style="height: 1000px;"></div>
</body>
</html>
2012-05-09 Takashi Sakamoto <tasak@google.com>
Crash in WebCore::RenderBoxModelObject::paddingLeft
https://bugs.webkit.org/show_bug.cgi?id=83889
Reviewed by Abhishek Arya.
RenderScrollbar creates RenderScrollbarPart without any parent
renderers. However, if the scrollbar has percent padding styles,
non-null parent renderer is required. So after creating/destroying
RenderScrollbarPart instances, set owningRenderer(creating)/0
(destroying) as its parent renderer.
Test: scrollbars/scrollbar-percent-padding-crash.html
scrollbars/scrollbar-percent-padding-crash-expected.txt
* rendering/RenderScrollbar.cpp:
(WebCore::RenderScrollbar::updateScrollbarPart):
Added setParent after creating/destroying RenderScrollbarPart.
* rendering/RenderScrollbarPart.cpp:
Made RenderScollbar friend, because setParent is protected and
RenderScrollbar is not inherited from class RenderObject.
2012-05-09 Takashi Sakamoto <tasak@google.com>
ShadowRoot needs applyAuthorStyles
......@@ -270,9 +270,11 @@ void RenderScrollbar::updateScrollbarPart(ScrollbarPart partType, bool destroy)
RenderScrollbarPart* partRenderer = m_parts.get(partType);
if (!partRenderer && needRenderer) {
partRenderer = new (owningRenderer()->renderArena()) RenderScrollbarPart(owningRenderer()->document(), this, partType);
partRenderer->setParent(owningRenderer());
m_parts.set(partType, partRenderer);
} else if (partRenderer && !needRenderer) {
m_parts.remove(partType);
partRenderer->setParent(0);
partRenderer->destroy();
partRenderer = 0;
}
......
......@@ -35,6 +35,8 @@ class RenderScrollbar;
class RenderScrollbarPart : public RenderBlock {
public:
friend class RenderScrollbar;
RenderScrollbarPart(Node*, RenderScrollbar* = 0, ScrollbarPart = NoPart);
virtual ~RenderScrollbarPart();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment