changeset 9728:fb4c37073893

8154186: JVM crash while using JavaFW WebView and colgroup/cols html feature Reviewed-by: arajkumar, azvegint, kcr Contributed-by: guru.hb@oracle.com
author ghb
date Fri, 22 Apr 2016 09:52:40 +0530
parents 7d731437da4a
children b7f76c13c625
files modules/web/src/main/native/Source/WebCore/rendering/RenderTableCol.cpp modules/web/src/main/native/Source/WebCore/rendering/RenderTableSection.cpp modules/web/src/main/native/Source/WebCore/rendering/RenderTableSection.h
diffstat 3 files changed, 44 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/modules/web/src/main/native/Source/WebCore/rendering/RenderTableCol.cpp	Thu Apr 21 17:10:37 2016 -0400
+++ b/modules/web/src/main/native/Source/WebCore/rendering/RenderTableCol.cpp	Fri Apr 22 09:52:40 2016 +0530
@@ -55,6 +55,7 @@
         if (table && !table->selfNeedsLayout() && !table->normalChildNeedsLayout() && oldStyle && oldStyle->border() != style().border())
             table->invalidateCollapsedBorders();
         else if (oldStyle->width() != style().width()) {
+            table->recalcSectionsIfNeeded();
             for (auto& section : childrenOfType<RenderTableSection>(*table)) {
                 unsigned nEffCols = table->numEffCols();
                 for (unsigned j = 0; j < nEffCols; j++) {
--- a/modules/web/src/main/native/Source/WebCore/rendering/RenderTableSection.cpp	Thu Apr 21 17:10:37 2016 -0400
+++ b/modules/web/src/main/native/Source/WebCore/rendering/RenderTableSection.cpp	Fri Apr 22 09:52:40 2016 +0530
@@ -1361,9 +1361,9 @@
 void RenderTableSection::recalcCells()
 {
     ASSERT(m_needsCellRecalc);
-    // We reset the flag here to ensure that |addCell| works. This is safe to do as
-    // fillRowsWithDefaultStartingAtPosition makes sure we match the table's columns
-    // representation.
+    // We reset the flag here to ensure that addCell() works. This is safe to do because we clear the grid
+    // and update its dimensions to be consistent with the table's column representation before we rebuild
+    // the grid using addCell().
     m_needsCellRecalc = false;
 
     m_cCol = 0;
@@ -1403,12 +1403,17 @@
 void RenderTableSection::setNeedsCellRecalc()
 {
     m_needsCellRecalc = true;
+
+    // Clear the grid now to ensure that we don't hold onto any stale pointers (e.g. a cell renderer that is being removed).
+    m_grid.clear();
+
     if (RenderTable* t = table())
         t->setNeedsSectionRecalc();
 }
 
 unsigned RenderTableSection::numColumns() const
 {
+    ASSERT(!m_needsCellRecalc);
     unsigned result = 0;
 
     for (unsigned r = 0; r < m_grid.size(); ++r) {
--- a/modules/web/src/main/native/Source/WebCore/rendering/RenderTableSection.h	Thu Apr 21 17:10:37 2016 -0400
+++ b/modules/web/src/main/native/Source/WebCore/rendering/RenderTableSection.h	Fri Apr 22 09:52:40 2016 +0530
@@ -142,15 +142,30 @@
     const RenderTableCell* firstRowCellAdjoiningTableStart() const;
     const RenderTableCell* firstRowCellAdjoiningTableEnd() const;
 
-    CellStruct& cellAt(unsigned row,  unsigned col) { return m_grid[row].row[col]; }
-    const CellStruct& cellAt(unsigned row, unsigned col) const { return m_grid[row].row[col]; }
+    CellStruct& cellAt(unsigned row,  unsigned col)
+    {
+        recalcCellsIfNeeded();
+        return m_grid[row].row[col];
+    }
+
+    const CellStruct& cellAt(unsigned row, unsigned col) const
+    {
+        ASSERT(!m_needsCellRecalc);
+        return m_grid[row].row[col];
+    }
+
     RenderTableCell* primaryCellAt(unsigned row, unsigned col)
     {
+        recalcCellsIfNeeded();
         CellStruct& c = m_grid[row].row[col];
         return c.primaryCell();
     }
 
-    RenderTableRow* rowRendererAt(unsigned row) const { return m_grid[row].rowRenderer; }
+    RenderTableRow* rowRendererAt(unsigned row) const
+    {
+        ASSERT(!m_needsCellRecalc);
+        return m_grid[row].rowRenderer;
+    }
 
     void appendColumn(unsigned pos);
     void splitColumn(unsigned pos, unsigned first);
@@ -194,7 +209,12 @@
     return styleForCellFlow->isLeftToRightDirection() ? outerBorderEnd() : outerBorderStart();
     }
 
-    unsigned numRows() const { return m_grid.size(); }
+    unsigned numRows() const
+    {
+        ASSERT(!m_needsCellRecalc);
+        return m_grid.size();
+    }
+
     unsigned numColumns() const;
     void recalcCells();
     void recalcCellsIfNeeded()
@@ -206,7 +226,11 @@
     bool needsCellRecalc() const { return m_needsCellRecalc; }
     void setNeedsCellRecalc();
 
-    LayoutUnit rowBaseline(unsigned row) { return m_grid[row].baseline; }
+    LayoutUnit rowBaseline(unsigned row)
+    {
+        recalcCellsIfNeeded();
+        return m_grid[row].baseline;
+    }
 
     void rowLogicalHeightChanged(unsigned rowIndex);
 
@@ -263,7 +287,12 @@
     bool hasOverflowingCell() const { return m_overflowingCells.size() || m_forceSlowPaintPathWithOverflowingCell; }
     void computeOverflowFromCells(unsigned totalRows, unsigned nEffCols);
 
-    CellSpan fullTableRowSpan() const { return CellSpan(0, m_grid.size()); }
+    CellSpan fullTableRowSpan() const
+    {
+        ASSERT(!m_needsCellRecalc);
+        return CellSpan(0, m_grid.size());
+    }
+
     CellSpan fullTableColumnSpan() const { return CellSpan(0, table()->columns().size()); }
 
     // Flip the rect so it aligns with the coordinates used by the rowPos and columnPos vectors.