nephele
/
haikuwebkit
1
0
Fork 0
Code Issues Releases Activity
haikuwebkit/LayoutTests/fast/block/float
History
Frédéric Wang 66cb2bec5a Nullptr crash in RenderStyle::shapeOutside() 
https://bugs.webkit.org/show_bug.cgi?id=221382

Patch by Frédéric Wang <fwang@igalia.com> on 2021-03-18
Reviewed by Zalan Bujtas.

Source/WebCore:

Before bug 223041, it was possible to get dangling WeakPtr m_renderer on FloatingObject. This
patch adds debug ASSERT and more regression tests.

Tests: fast/block/float/float-pseudo-element-not-removed-crash.html
       fast/block/float/float-pseudo-element-not-removed-2-crash.html

* rendering/FloatingObjects.h: add nullcheck ASSERT for debug builds.

LayoutTests:

Add regression tests.

* fast/block/float/float-pseudo-element-not-removed-crash-expected.txt: Added.
* fast/block/float/float-pseudo-element-not-removed-crash.html: Added.
* fast/block/float/float-pseudo-element-not-removed-crash2-expected.txt: Added.
* fast/block/float/float-pseudo-element-not-removed-crash2.html: Added.

Canonical link: https://commits.webkit.org/235470@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@274645 268f45cc-cd09-0410-ab3c-d52691b4dbfc
 		2021-03-18 14:44:01 +00:00
..
resources
001.html
002.html
003.html
004.html
005.html
006.html
007.html
008-expected.txt
008.html
009-expected.txt
009.html
010.html
011.html
012.html
013.html
014.html
015.html
016.html
017.html
018.html
019-expected.txt
019.html
020.html
021.html
022.html
023.html
024.html
025.html
026.html
027.html
028.html
029.html
030.html
031.html
032.html
033-expected.txt
033.html
034-expected.txt
034.html
035-expected.txt
035.html
4145535Crash-expected.txt
4145535Crash.html
assert-when-line-has-not-enough-space-left-expected.txt
assert-when-line-has-not-enough-space-left.html
avoidance-percent-width-compat.html
avoidance-percent-width-strict.html
avoidance-rtl-expected.txt
avoidance-rtl.html
avoiding-float-centered.html
br-with-clear-2-expected.txt
br-with-clear-2.html
br-with-clear.html
centered-float-avoidance-complexity.html
clamped-right-float.html
clear-element-too-wide-for-containing-block.html
clear-negative-margin-top-expected.html
clear-negative-margin-top.html
clear-to-fit-expected.png
clear-to-fit-expected.txt
clear-to-fit.html
crash-on-absolute-positioning-expected.txt
crash-on-absolute-positioning.html
crash-replaced-display-block-expected.txt Remove trailing spaces from expected.txt files (excluding WPT for now since that contains too many) 2020-09-27 02:15:19 +00:00
crash-replaced-display-block.html
crash-when-floating-object-is-removed-expected.txt
crash-when-floating-object-is-removed.xhtml
crash-when-intruding-float-has-anonymous-parent-and-detach-expected.txt
crash-when-intruding-float-has-anonymous-parent-and-detach.html
dynamic-unfloat-pref-width.html
editable-text-overlapping-float.html
fit_line_below_floats.html
float-append-child-crash-expected.txt
float-append-child-crash.html
float-avoidance.html
float-first-child-and-clear-sibling-expected.html
float-first-child-and-clear-sibling.html
float-forced-below-other-floats-expected.txt
float-forced-below-other-floats.html
float-in-descendant-formatting-context-expected.txt
float-in-descendant-formatting-context.html
float-in-float-hit-testing.html Remove unneeded whitespace between content and <br> 2020-10-25 19:52:34 +00:00
float-in-float-painting.html Remove unneeded whitespace between content and <br> 2020-10-25 19:52:34 +00:00
float-list-changed-before-layout-crash-expected.txt
float-list-changed-before-layout-crash.html Selection API: Update some more tests so they don't accidentally rely on flaws in WebKit's old implementation 2020-09-20 02:51:28 +00:00
float-moves-between-lines-expected.txt
float-moves-between-lines.html
float-not-removed-crash-expected.txt Remove trailing spaces from expected.txt files (excluding WPT for now since that contains too many) 2020-09-27 02:15:19 +00:00
float-not-removed-crash.html
float-not-removed-crash2-expected.txt
float-not-removed-crash2.html
float-not-removed-from-first-letter-expected.txt
float-not-removed-from-first-letter.html [Testing] Rename test header commands to match names in WebPreferences*.yaml 2020-10-13 17:16:15 +00:00
float-not-removed-from-next-sibling-crash-expected.txt
float-not-removed-from-next-sibling-crash.html
float-not-removed-from-next-sibling-expected.png
float-not-removed-from-next-sibling-expected.txt
float-not-removed-from-next-sibling.html
float-not-removed-from-next-sibling2-expected.png
float-not-removed-from-next-sibling2-expected.txt
float-not-removed-from-next-sibling2.html
float-not-removed-from-next-sibling3.html
float-not-removed-from-next-sibling4.html
float-not-removed-from-next-sibling5-expected.txt
float-not-removed-from-next-sibling5.html
float-not-removed-from-pre-block-expected.txt Remove trailing spaces from expected.txt files (excluding WPT for now since that contains too many) 2020-09-27 02:15:19 +00:00
float-not-removed-from-pre-block.html
float-on-line-obeys-container-padding-expected.html
float-on-line-obeys-container-padding.html
float-on-zero-height-line-expected.txt
float-on-zero-height-line.html
float-originating-line-deleted-crash-expected.txt
float-originating-line-deleted-crash.html
float-overflow-hidden-containing-block-width-expected.txt
float-overflow-hidden-containing-block-width.html
float-overhangs-root-expected.txt
float-overhangs-root.html
float-pseudo-element-not-removed-2-crash-expected.txt Nullptr crash in RenderStyle::shapeOutside() 2021-03-18 14:44:01 +00:00
float-pseudo-element-not-removed-2-crash.html Nullptr crash in RenderStyle::shapeOutside() 2021-03-18 14:44:01 +00:00
float-pseudo-element-not-removed-crash-expected.txt Nullptr crash in RenderStyle::shapeOutside() 2021-03-18 14:44:01 +00:00
float-pseudo-element-not-removed-crash.html Nullptr crash in RenderStyle::shapeOutside() 2021-03-18 14:44:01 +00:00
float-with-anonymous-previous-sibling-expected.html
float-with-anonymous-previous-sibling.html
float-with-fractional-height-expected.html
float-with-fractional-height-vertical-lr-expected.html
float-with-fractional-height-vertical-lr.html
float-with-fractional-height.html
float-with-shape-outside-crash-expected.txt Remove trailing spaces from expected.txt files (excluding WPT for now since that contains too many) 2020-09-27 02:15:19 +00:00
float-with-shape-outside-crash.html
floats-and-text-indent-rl.html
floats-and-text-indent.html
floats-do-not-overhang-from-block-formatting-context-expected.txt Remove trailing spaces from expected.txt files (excluding WPT for now since that contains too many) 2020-09-27 02:15:19 +00:00
floats-do-not-overhang-from-block-formatting-context.html
floats-in-clean-line-crash-expected.txt
floats-in-clean-line-crash.html
floats-not-cleared-crash-expected.txt
floats-not-cleared-crash.html
floats-not-cleared-from-grand-parents-expected.txt
floats-not-cleared-from-grand-parents.html
floats-offset-image-quirk-expected.html
floats-offset-image-quirk-lineheight-expected.html
floats-offset-image-quirk-lineheight.html
floats-offset-image-quirk.html
floats-offset-image-strict-expected.html
floats-offset-image-strict-lineheight-expected.html
floats-offset-image-strict-lineheight.html
floats-offset-image-strict.html
floats-offset-inline-block-quirk-lineheight-expected.html
floats-offset-inline-block-quirk-lineheight.html
floats-offset-inline-block-strict-lineheight-expected.html
floats-offset-inline-block-strict-lineheight.html
floats-offset-linebox-contain-block-expected.html
floats-offset-linebox-contain-block.html
floats-offset-linebox-contain-inline-expected.html
floats-offset-linebox-contain-inline.html
floats-with-margin-should-not-wrap-expected.txt
floats-with-margin-should-not-wrap.html
floats-with-negative-horizontal-margin-expected.html
floats-with-negative-horizontal-margin.html
floats-wrap-inside-inline-001-expected.html
floats-wrap-inside-inline-001.htm
floats-wrap-inside-inline-002-expected.html
floats-wrap-inside-inline-002.htm
floats-wrap-inside-inline-003-expected.html
floats-wrap-inside-inline-003.htm
floats-wrap-inside-inline-004-expected.html
floats-wrap-inside-inline-004.htm
floats-wrap-inside-inline-005-expected.html
floats-wrap-inside-inline-006-expected.html
floats-wrap-inside-inline-006.html
floats-wrap-inside-inline-007-expected.html
floats-wrap-inside-inline-007.html
hit-test-on-overlapping-floats-expected.txt
hit-test-on-overlapping-floats.html
in-margin-expected.txt
in-margin.html
independent-align-positioning.html
inline-becomes-float-and-moves-around-expected.txt
inline-becomes-float-and-moves-around.html
intruding-float-add-in-sibling-block-on-static-position.html
intruding-float-add-in-sibling-block-on-static-position2.html
intruding-float-not-removed-from-descendant-crash-expected.txt
intruding-float-not-removed-from-descendant-crash.html
intruding-float-not-removed-from-next-sibling-crash-expected.txt
intruding-float-not-removed-from-next-sibling-crash.html
intruding-float-not-removed-writing-mode-expected.txt
intruding-float-not-removed-writing-mode.xhtml
intruding-float-remove-from-sibling-block-on-absolute-position.html
intruding-float-remove-from-sibling-block-on-absolute-position2.html
intruding-float-remove-from-sibling-block-on-fixed-position.html
intruding-float-remove-from-sibling-block-on-fixed-position2.html
intruding-float-sibling-with-margin-expected.html
intruding-float-sibling-with-margin.html
intruding-painted-twice.html
list-marker-is-float-crash-expected.txt
list-marker-is-float-crash.html
marquee-shrink-to-avoid-floats.html
max-width-clear-float-with-overflow-hidden-expected.html
max-width-clear-float-with-overflow-hidden.html
multiple-float-positioning.html
narrow-after-wide-expected.txt
narrow-after-wide.html
negative-margin-clear-expected.txt
negative-margin-clear.html
nested-clearance-expected.txt
nested-clearance.html
nestedAnonymousBlocks.html
nestedAnonymousBlocks2.html
no-overhanging-float-crash-expected.txt
no-overhanging-float-crash.html
nopaint-after-layer-destruction.html
nopaint-after-layer-destruction2.html
nowrap-clear-min-width-expected.txt
nowrap-clear-min-width.html
overhanging-after-height-decrease-offsets-expected.txt
overhanging-after-height-decrease-offsets.html
overhanging-after-height-decrease.html
overhanging-float-add-in-static-position-block.html
overhanging-float-add-in-static-position-block2.html
overhanging-float-remove-from-absolute-position-block.html
overhanging-float-remove-from-absolute-position-block2.html
overhanging-float-remove-from-fixed-position-block.html
overhanging-float-remove-from-fixed-position-block2.html
overhanging-tall-block.html
overlapping-floats-with-overflow-hidden.html
placing-multiple-floats-crash-expected.txt
placing-multiple-floats-crash.html
positioned-float-crash-expected.txt
positioned-float-crash.html
previous-sibling-abspos-001-expected.html
previous-sibling-abspos-001.html
previous-sibling-abspos-002-expected.html
previous-sibling-abspos-002.html
previous-sibling-float-001-expected.html
previous-sibling-float-001.html
previous-sibling-float-002-expected.html
previous-sibling-float-002.html
relative-painted-twice-expected.txt LayoutTests/imported/w3c: 2019-11-18 23:13:51 +00:00
relative-painted-twice.html
selection-gap-clip-out-tiger-crash-expected.txt
selection-gap-clip-out-tiger-crash.html
shrink-to-avoid-float-complexity.html
shrink-to-fit-width.html
simple-line-layout-float-shrink-line-expected.html
simple-line-layout-float-shrink-line.html
split-inline-sibling-of-float-crash-expected.txt
split-inline-sibling-of-float-crash.html [Testing] Rename test header commands to match names in WebPreferences*.yaml 2020-10-13 17:16:15 +00:00
table-relayout.html
vertical-move-relayout.html
width-update-after-clear.html