Changeset 228634 in webkit
- Timestamp:
- Feb 19, 2018 2:12:07 AM (6 years ago)
- Location:
- releases/WebKitGTK/webkit-2.20/Source
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog
r228632 r228634 1 2018-02-05 Ryosuke Niwa <rniwa@webkit.org> 2 3 Release assertion in inlineVideoFrame 4 https://bugs.webkit.org/show_bug.cgi?id=182513 5 <rdar://problem/37159363> 6 7 Reviewed by Zalan Bujtas. 8 9 The bug was caused by the fact it's not always safe to invoke updateLayout even when isSafeToUpdateStyleOrLayout 10 on a document of a flattened frame on iOS. isSafeToUpdateStyleOrLayout returns true when the frame view is in 11 the frame-flattening mode to avoid hitting a release asssertion in updateLayout of the frame. However, it's still 12 not safe to invoke updateLayout on a parent frame in this case. 13 14 As a result, inlineVideoFrame (in Source/WebKit/WebProcess/cocoa/VideoFullscreenManager.mm) invokes updateLayout 15 even when the top-level document is not safe to update when the video element is in a frame-flattened document. 16 17 Fixed this bug by explicitly checking that we still have a live render tree and document hasn't been stopped. 18 Also replaced other uses of isSafeToUpdateStyleOrLayout by more explicit checks. 19 20 * accessibility/AccessibilityObject.cpp: 21 (WebCore::AccessibilityObject::updateBackingStore): Made the early exit condition added in r227006 more explicit. 22 Namely, InspectorDOMAgent::pseudoElementCreated is invoked during style recalc. 23 * dom/Document.cpp: 24 (WebCore::isSafeToUpdateStyleOrLayout): Made this local to the file. 25 (WebCore::Document::updateStyleIfNeeded): 26 (WebCore::Document::updateLayout): 27 * dom/Document.h: 28 * html/MediaElementSession.cpp: 29 (WebCore::isMainContentForPurposesOfAutoplay): Made the early exit condition added in r227529 more explicit. Don't 30 update the layout when the render tree had been destroyed or the active DOM objects had been stopped. 31 1 32 2018-02-05 Filip Pizlo <fpizlo@apple.com> 2 33 -
releases/WebKitGTK/webkit-2.20/Source/WebCore/accessibility/AccessibilityObject.cpp
r227344 r228634 1770 1770 RefPtr<AccessibilityObject> protectedThis(this); 1771 1771 if (auto* document = this->document()) { 1772 if (!document->view()->layoutContext().isInRenderTreeLayout() && !document->inRenderTreeUpdate() && document->isSafeToUpdateStyleOrLayout())1772 if (!document->view()->layoutContext().isInRenderTreeLayout() && !document->inRenderTreeUpdate() && !document->inStyleRecalc()) 1773 1773 document->updateLayoutIgnorePendingStylesheets(); 1774 1774 } -
releases/WebKitGTK/webkit-2.20/Source/WebCore/dom/Document.cpp
r228632 r228634 1940 1940 } 1941 1941 1942 bool Document::isSafeToUpdateStyleOrLayout() const 1942 static bool isSafeToUpdateStyleOrLayout(const Document& document) 1943 1943 { 1944 1944 bool isSafeToExecuteScript = ScriptDisallowedScope::InMainThread::isScriptAllowed(); 1945 bool isInFrameFlattening = view() && view()->isInChildFrameWithFrameFlattening(); 1945 auto* frameView = document.view(); 1946 bool isInFrameFlattening = frameView && frameView->isInChildFrameWithFrameFlattening(); 1946 1947 bool isAssertionDisabled = ScriptDisallowedScope::LayoutAssertionDisableScope::shouldDisable(); 1947 1948 return isSafeToExecuteScript || isInFrameFlattening || !isInWebProcess() || isAssertionDisabled; … … 1966 1967 1967 1968 // The early exit above for !needsStyleRecalc() is needed when updateWidgetPositions() is called in runOrScheduleAsynchronousTasks(). 1968 RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(isSafeToUpdateStyleOrLayout( ));1969 RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(isSafeToUpdateStyleOrLayout(*this)); 1969 1970 1970 1971 resolveStyle(); … … 1982 1983 return; 1983 1984 } 1984 RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(isSafeToUpdateStyleOrLayout( ));1985 RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(isSafeToUpdateStyleOrLayout(*this)); 1985 1986 1986 1987 RenderView::RepaintRegionAccumulator repaintRegionAccumulator(renderView()); -
releases/WebKitGTK/webkit-2.20/Source/WebCore/dom/Document.h
r228632 r228634 1253 1253 bool inStyleRecalc() const { return m_inStyleRecalc; } 1254 1254 bool inRenderTreeUpdate() const { return m_inRenderTreeUpdate; } 1255 WEBCORE_EXPORT bool isSafeToUpdateStyleOrLayout() const;1256 1255 1257 1256 void updateTextRenderer(Text&, unsigned offsetOfReplacedText, unsigned lengthOfReplacedText); -
releases/WebKitGTK/webkit-2.20/Source/WebCore/html/MediaElementSession.cpp
r227529 r228634 696 696 { 697 697 Document& document = element.document(); 698 if ( element.isSuspended() || !element.hasAudio() || !element.hasVideo())698 if (!document.hasLivingRenderTree() || document.activeDOMObjectsAreStopped() || element.isSuspended() || !element.hasAudio() || !element.hasVideo()) 699 699 return false; 700 700 … … 716 716 717 717 // Main content elements must be in the main frame. 718 if (!document.frame() || !document.frame()->isMainFrame() || !document.isSafeToUpdateStyleOrLayout())718 if (!document.frame() || !document.frame()->isMainFrame()) 719 719 return false; 720 720 -
releases/WebKitGTK/webkit-2.20/Source/WebKit/ChangeLog
r228630 r228634 1 2018-02-05 Ryosuke Niwa <rniwa@webkit.org> 2 3 Release assertion in inlineVideoFrame 4 https://bugs.webkit.org/show_bug.cgi?id=182513 5 <rdar://problem/37159363> 6 7 Reviewed by Zalan Bujtas. 8 9 Fixed the bug. Don't try to update the layout when there is no live render tree or active DOM objects 10 had been stopped: i.e. during a document destruction. 11 12 * WebProcess/cocoa/VideoFullscreenManager.mm: 13 (WebKit::inlineVideoFrame): 14 1 15 2018-02-05 Youenn Fablet <youenn@apple.com> 2 16 -
releases/WebKitGTK/webkit-2.20/Source/WebKit/WebProcess/cocoa/VideoFullscreenManager.mm
r227272 r228634 60 60 { 61 61 auto& document = element.document(); 62 if (!document. isSafeToUpdateStyleOrLayout())62 if (!document.hasLivingRenderTree() || document.activeDOMObjectsAreStopped()) 63 63 return { }; 64 64
Note: See TracChangeset
for help on using the changeset viewer.