review.tizen.org Git - profile/ivi/webkit-efl.git/commit

Fix the use of stale text fragments
https://bugs.webkit.org/show_bug.cgi?id=80729

Patch by Philip Rogers <pdr@google.com> on 2012-03-13
Reviewed by Nikolas Zimmermann.

Source/WebCore:

Previously, we were allowing SVGTextFragments to get out of sync with the
actual text in RenderSVGInlineTextBox. This patch reuses the dirty line
box code in RenderText::setTextWithOffset to force
clearTextFragments() when setTextWithOffset is called, preventing the use
of stale SVGTextFragments.

Test: svg/custom/delete-text-crash.html

* rendering/InlineBox.h:
(InlineBox):
* rendering/svg/SVGInlineTextBox.cpp:
(WebCore::SVGInlineTextBox::dirtyLineBoxes):
(WebCore):
* rendering/svg/SVGInlineTextBox.h:
(SVGInlineTextBox):

LayoutTests:

* svg/custom/delete-text-crash-expected.png: Added.
* svg/custom/delete-text-crash-expected.txt: Added.
* svg/custom/delete-text-crash.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@110593 268f45cc-cd09-0410-ab3c-d52691b4dbfc

author	schenney@chromium.org <schenney@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Tue, 13 Mar 2012 19:48:20 +0000 (19:48 +0000)
committer	schenney@chromium.org <schenney@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Tue, 13 Mar 2012 19:48:20 +0000 (19:48 +0000)
commit	0c0c8aea38cf8019ade457825d50a85109399592
tree	d84ca8f82021fa934e58878b102a9ef8b8a9798f	tree \| snapshot
parent	583fea57a4d7ff3d5b26c296b1241dee1f93a7f3	commit \| diff

LayoutTests/ChangeLog		diff \| blob \| history
LayoutTests/svg/custom/delete-text-crash-expected.png	[new file with mode: 0644]	blob
LayoutTests/svg/custom/delete-text-crash-expected.txt	[new file with mode: 0644]	blob
LayoutTests/svg/custom/delete-text-crash.html	[new file with mode: 0644]	blob
Source/WebCore/ChangeLog		diff \| blob \| history
Source/WebCore/rendering/InlineBox.h		diff \| blob \| history
Source/WebCore/rendering/svg/SVGInlineTextBox.cpp		diff \| blob \| history
Source/WebCore/rendering/svg/SVGInlineTextBox.h		diff \| blob \| history