[Qt] REGRESSION(101967): It made editing/style/iframe-onload-crash-mac.html timeout
https://bugs.webkit.org/show_bug.cgi?id=73802
Reviewed by Ryosuke Niwa.
Source/WebCore:
Timeout was caused by an infinite in the outer loop of
pushDownInlineStyleAroundNode(). The outer loop variable 'current' should point at the
node containing 'targetNode'. The inner loop traverse the children of 'current'
and discover the children that contains 'targetNode'.
However, before the inner loop, we call removeInlineStyleFromElement() that can
potentially remove the 'current' node from the tree, moving its children to
'current' former parent. For that reason 'child' and 'lastChild' are collected
before this call.
The tricky part is that changing the 'current' children parent, we might trigger
further side-effects, that can remove either 'child' or 'lastChild' from the tree
too. The infinite loop was due to 'child' being off the document, so it's
nextSibling() is 0, and we go another run of outer loop without changing
'current' because the 'targetNode' wasn't in the first child that inner loop
couldn't reach.
When testing Qt on Mac, there was also a crash in RenderTextControl when the font
family was empty, this patch fixes it as well.
* editing/ApplyStyleCommand.cpp:
(WebCore::ApplyStyleCommand::pushDownInlineStyleAroundNode): Use NodeVector
instead of relying on first/last child being valid after
removeInlineStyleFromElement() is called. Skip the child if it has no parent,
this is an indication that it was removed from the tree.
* rendering/RenderTextControl.cpp:
(WebCore::RenderTextControl::hasValidAvgCharWidth): Empty AtomicStrings aren't
supported by HashSet, so we have to early return in this case.
LayoutTests:
* platform/qt/Skipped: Unskipped. Note that it is still skipped for wk2 because
setEditingBehavior is not implemented for WebKitTestRunner yet.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@117463
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
projects / profile / ivi / webkit-efl.git / commit