[wpt-sync] Sync PR 30842 - Fix DisplayLocking ShadowDOM Range getBoundingClientRect crash
Categories
(Core :: Layout, task, P4)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox95 | --- | fixed |
People
(Reporter: wpt-sync, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 30842 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/30842
Details from upstream follow.
Joey Arhar <jarhar@chromium.org> wrote:
Fix DisplayLocking ShadowDOM Range getBoundingClientRect crash
The traversal I am replacing in this patch is supposed to match the way
that Range traverses the DOM tree, but it doesn't. Range uses
NodeTraversal::Next, but this code was using FlatTreeTraversal::Next.
Due to this, it got in a state where the FlatTreeTraversal would never
get to the end node as specified by the Range, so it would run past the
end of the DOM tree and crash.This new traversal is much more similar to the Range's traversal, but
also includes all shadow trees just to be safe and make sure we unlock
everything that might need to get unlocked.Fixed: 1250391
Change-Id: I5107ba768d12beaeb440a73389ec90d3e8748feb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3167936
Reviewed-by: Mason Freed \<masonf@chromium.org>
Reviewed-by: vmpstr \<vmpstr@chromium.org>
Commit-Queue: Joey Arhar \<jarhar@chromium.org>
Cr-Commit-Position: refs/heads/main@{#925413}
|
Assignee | |
Updated•4 years ago
|
|
|
Assignee | |
Comment 1•4 years ago
|
||
|
|
Assignee | |
Comment 2•4 years ago
|
||
CI Results
Ran 11 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI
Total 1 tests
Status Summary
Firefox
PASS : 1
Chrome
CRASH: 1
Safari
PASS : 1
Links
|
||
Comment 4•4 years ago
|
||
| bugherder | ||
Description
•