Never force legacy layout on NG objects. #27792
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wpt-pr-bot
approved these changes
Feb 26, 2021
Remove dangerous legacy fallback code from LayoutObject(), and do this safely in the child insertion code instead. Calling a virtual method in a base class constructor doesn't work. IsLayoutNGObject() would always return false, since that's how it's implemented in LayoutObject. This code could cause us to mark an NG object as requiring legacy fallback, which would make the NG engine delegate the job to the legacy engine. But the legacy engine would refuse to do anything, since it's an NG object, so it would delegate to NG, and so on... Infinite recursion. The !IsLayoutNGObject() check in LayoutObject() was a mistake added in CL:2414289, which basically had no effect at all. But we can just remove the entire thing now, and rely on the new hook in the child insertion code instead. Note that the new test doesn't fail without this fix when run normally by the test runner, because the test needs LayoutNGTextControl to be disabled in order to fail (so that we attempt legacy fallback), but this feature is currently set to "test". Unlike the fuzzer, it seems... Bug: 1181687 Change-Id: I2f174824e4b86d9ae2e5b3b319df7f6036b4f13d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2720104 Reviewed-by: Ian Kilpatrick <ikilpatrick@chromium.org> Commit-Queue: Morten Stenshorne <mstensho@chromium.org> Cr-Commit-Position: refs/heads/master@{#858052}
chromium-wpt-export-bot
force-pushed
the
chromium-export-cl-2720104
branch
from
0132407
to
9f1dec8
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Remove dangerous legacy fallback code from LayoutObject(), and do this
safely in the child insertion code instead.
Calling a virtual method in a base class constructor doesn't work.
IsLayoutNGObject() would always return false, since that's how it's
implemented in LayoutObject. This code could cause us to mark an NG
object as requiring legacy fallback, which would make the NG engine
delegate the job to the legacy engine. But the legacy engine would
refuse to do anything, since it's an NG object, so it would delegate to
NG, and so on... Infinite recursion.
The !IsLayoutNGObject() check in LayoutObject() was a mistake added in
CL:2414289, which basically had no effect at all. But we can just remove
the entire thing now, and rely on the new hook in the child insertion
code instead.
Note that the new test doesn't fail without this fix when run normally
by the test runner, because the test needs LayoutNGTextControl to be
disabled in order to fail (so that we attempt legacy fallback), but this
feature is currently set to "test". Unlike the fuzzer, it seems...
Bug: 1181687
Change-Id: I2f174824e4b86d9ae2e5b3b319df7f6036b4f13d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2720104
Reviewed-by: Ian Kilpatrick <ikilpatrick@chromium.org>
Commit-Queue: Morten Stenshorne <mstensho@chromium.org>
Cr-Commit-Position: refs/heads/master@{#858052}