[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
hyatt
hyatt at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 08:22:02 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit 532a756e9e49d3f55333f4b6ca87a809459e26dc
Author: hyatt <hyatt at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Jan 14 02:32:21 2004 +0000
Fix for 3527707, crash on w3c css page. Make sure height isn't allowed to be negative when computing
positioned elements' heights. Also bulletproof the crash in case there are other negative height code
paths.
Reviewed by john
* khtml/rendering/render_block.cpp:
(khtml::RenderBlock::layoutBlock):
(khtml::RenderBlock::getAbsoluteRepaintRectIncludingFloats):
* khtml/rendering/render_box.cpp:
(RenderBox::calcAbsoluteVertical):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@5897 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index e1cde92..fb86e17 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,17 @@
+2004-01-13 David Hyatt <hyatt at apple.com>
+
+ Fix for 3527707, crash on w3c css page. Make sure height isn't allowed to be negative when computing
+ positioned elements' heights. Also bulletproof the crash in case there are other negative height code
+ paths.
+
+ Reviewed by john
+
+ * khtml/rendering/render_block.cpp:
+ (khtml::RenderBlock::layoutBlock):
+ (khtml::RenderBlock::getAbsoluteRepaintRectIncludingFloats):
+ * khtml/rendering/render_box.cpp:
+ (RenderBox::calcAbsoluteVertical):
+
2004-01-13 Maciej Stachowiak <mjs at apple.com>
Reviewed by Darin.
diff --git a/WebCore/khtml/rendering/render_block.cpp b/WebCore/khtml/rendering/render_block.cpp
index d82763a..42737ae 100644
--- a/WebCore/khtml/rendering/render_block.cpp
+++ b/WebCore/khtml/rendering/render_block.cpp
@@ -497,7 +497,7 @@ void RenderBlock::layoutBlock(bool relayoutChildren)
if (checkForRepaint)
repaintAfterLayoutIfNeeded(oldBounds, oldFullBounds);
#endif
-
+
setNeedsLayout(false);
}
@@ -1089,7 +1089,10 @@ void RenderBlock::getAbsoluteRepaintRectIncludingFloats(QRect& bounds, QRect& fu
bounds = fullBounds = getAbsoluteRepaintRect();
// Include any overhanging floats (if we know we're the one to paint them).
- if (hasOverhangingFloats()) {
+ // We null-check m_floatingObjects here to catch any cases where m_height ends up negative
+ // for some reason. I think I've caught all those cases, but this way we stay robust and don't
+ // crash. -dwh
+ if (hasOverhangingFloats() && m_floatingObjects) {
FloatingObject* r;
QPtrListIterator<FloatingObject> it(*m_floatingObjects);
for ( ; (r = it.current()); ++it) {
diff --git a/WebCore/khtml/rendering/render_box.cpp b/WebCore/khtml/rendering/render_box.cpp
index fbb55f7..2ebe153 100644
--- a/WebCore/khtml/rendering/render_box.cpp
+++ b/WebCore/khtml/rendering/render_box.cpp
@@ -1359,6 +1359,10 @@ void RenderBox::calcAbsoluteVertical()
if (style()->hidesOverflow() && m_height > h+pab)
m_height = h+pab;
+ // Do not allow the height to be negative. This can happen when someone specifies both top and bottom
+ // but the containing block height is less than top, e.g., top:20px, bottom:0, containing block height 16.
+ m_height = kMax(0, m_height);
+
m_marginTop = mt;
m_marginBottom = mb;
m_y = t + mt + cb->borderTop();
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list