nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
fune/testing/web-platform/tests/css/css-pseudo/first-line-input-image-crash.html
Anders Hartvoll Ruud 98e074adc0 Bug 1857899 [wpt PR 42425] - Avoid CustomStyleForAltText during ResolveStyle, a=testonly 
Automatic update from web-platform-tests
Avoid CustomStyleForAltText during ResolveStyle

During HTMLImageElement::AdjustStyle, we do something very shady:
we poke into the UA shadow and mutate the inline style of some
of the elements in there. This causes style to be marked dirty
*during* style recalc, which is not a desirable situation.
The behavior would normally trigger a DCHECK, but it is currently
suppressed with by AllowMarkStyleDirtyFromRecalcScope.

Marking style dirty deeper in the current subtree works (sort of),
because we'll eventually reach those elements during the current
style recalc process anyway, so ultimately the dirtiness is
cleared. However, StyleResolver::ResolveStyle can also be called
*outside* of style recalc. For example, when producing styles
for kFirstLineInherited, we call ResolveStyle during *layout*.
In this case, there is no greater style recalc process ongoing,
so the dirtiness isn't cleared, and we trigger DCHECKs
(Issue 1486128).

This CL avoids the issue by reintroducing InputTypeView::
CustomStyleForLayoutObject, and making ImageInputType use that
mechanism instead of AdjustStyle. (Effectively a partial revert
of CL:4110875). This avoids the crash by relying on another bug:
when producing kFirstLineInherited styles, we ignore custom styles,
i.e. CustomStyleForLayoutObject never gets called (but AdjustStyle
does).

Bug: 953707
Change-Id: I4ec71ed2b23fe494d06ee80d71990040a94e9f98
Fixed: 1486128
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4921811
Commit-Queue: Anders Hartvoll Ruud <andruud@chromium.org>
Reviewed-by: Rune Lillesveen <futhark@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1207207}

--

wpt-commits: c823e9eba31ebef8c56c3e641a7484027c9e4015
wpt-pr: 42425
2023-10-26 08:56:45 +00:00

9 lines
271 B
HTML
Raw Blame History

<!DOCTYPE html>
<title>Don't crash when using ::first-line and &lt;input type=image&gt;</title>
<link rel="help" href="https://crbug.com/1486128">
<style>
* { display:initial; }
*::first-line { color:green; }
</style>
<div>PASS if no crash</div>
<input type="image">
View git blame Copy permalink