Bug 138737

Summary: Painting in selection-only black-text-only mode incorrectly includes RenderReplaced background color
Product: WebKit Reporter: Tim Horton <thorton>
Component: Layout and RenderingAssignee: Tim Horton <thorton>
Status: RESOLVED FIXED    
Severity: Normal CC: andersca, commit-queue, esprehn+autocc, glenn, hyatt, kondapallykalyan, mitz, sam, simon.fraser
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
repro case
none
Patch simon.fraser: review+

Description Tim Horton 2014-11-14 03:57:39 PST 
Created attachment 241575 [details]
repro case

Steps to Reproduce:

1. Open the attached repro case in Safari.
2. Cmd-F, "something"
3. Cmd-G. Repeat.

Expected:

The text indicator for the "something" over the <img> and the "something" over the <div> should both have a flat yellow background.

Actual:

The text indicator for the "something" over the <img> includes the red background from the <img>!
The text indicator for the "something" over the <div> correctly does not paint the <div>'s blue background.

Notes:

Somehow we're getting into background painting when we ought not.
Here's a fragment of the stack near where things go wrong, I'm just not sure exactly where/how to cut it off:

WebCore::GraphicsContext::fillRect(WebCore::FloatRect const&, WebCore::Color const&, WebCore::ColorSpace)
WebCore::RenderBoxModelObject::paintFillLayerExtended(WebCore::PaintInfo const&, WebCore::Color const&, WebCore::FillLayer const*, WebCore::LayoutRect const&, WebCore::BackgroundBleedAvoidance, WebCore::InlineFlowBox*, WebCore::LayoutSize const&, WebCore::CompositeOperator, WebCore::RenderElement*, WebCore::BaseBackgroundColorUsage)
WebCore::RenderBox::paintFillLayer(WebCore::PaintInfo const&, WebCore::Color const&, WebCore::FillLayer const*, WebCore::LayoutRect const&, WebCore::BackgroundBleedAvoidance, WebCore::CompositeOperator, WebCore::RenderElement*, WebCore::BaseBackgroundColorUsage)
WebCore::RenderBox::paintFillLayers(WebCore::PaintInfo const&, WebCore::Color const&, WebCore::FillLayer const*, WebCore::LayoutRect const&, WebCore::BackgroundBleedAvoidance, WebCore::CompositeOperator, WebCore::RenderElement*)
WebCore::RenderBox::paintBackground(WebCore::PaintInfo const&, WebCore::LayoutRect const&, WebCore::BackgroundBleedAvoidance)
WebCore::RenderBox::paintBoxDecorations(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
WebCore::RenderReplaced::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow> const&, WebCore::GraphicsContext*, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*)
Comment 1 mitz 2014-11-14 07:18:52 PST 
You can also see the problem by selecting the text and dragging the selection out.
Comment 2 Tim Horton 2015-04-23 16:10:03 PDT 
Created attachment 251510 [details]
Patch
Comment 3 Tim Horton 2015-04-23 16:14:31 PDT 
http://trac.webkit.org/changeset/183227