Crash in RenderTableSection::splitColumn
https://bugs.webkit.org/show_bug.cgi?id=70171
Reviewed by David Hyatt.
Source/WebCore:
Tests: fast/table/crash-splitColumn-2.html
fast/table/crash-splitColumn-3.html
fast/table/crash-splitColumn.html
The old code would not take into account the fact that each RenderTableSection
can set its m_needsCellRecalc flag independently of the rest.
This means that you cannot assume that you can always split or append columns to
all the sections. Our approach is to skip sections needing cell recalc in several
parts of the code as they will be properly reset to the table's representations
during a cell recalc.
* rendering/RenderTable.cpp:
(WebCore::RenderTable::splitColumn):
(WebCore::RenderTable::appendColumn):
Skip sections needing cell recalc as they will be properly updated later.
* rendering/RenderTableSection.cpp:
(WebCore::RenderTableSection::addCell):
Ignore a section needing cell recalc as addCell will be called after sync'ing
the internal column representation in recalcCells.
(WebCore::RenderTableSection::recalcCells):
Clear the flag at the beginning of the function to activate the previous functions.
Added a comment as to why this is fine.
(WebCore::RenderTableSection::appendColumn):
Added an ASSERT. If we need cell recalc, we should NEVER update m_grid outside
of recalcCells().
LayoutTests:
Added a couple of tests where different sections get their
m_needsCellRecalc set independently.
* fast/table/crash-splitColumn-2-expected.txt: Added.
* fast/table/crash-splitColumn-2.html: Added.
* fast/table/crash-splitColumn-3-expected.txt: Added.
* fast/table/crash-splitColumn-3.html: Added.
* fast/table/crash-splitColumn-expected.txt: Added.
* fast/table/crash-splitColumn.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@100183 268f45cc-cd09-0410-ab3c-d52691b4dbfc
10 files changed
