Changeset 112283 in webkit
- Timestamp:
- Mar 27, 2012 11:00:50 AM (12 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r112281 r112283 1 2012-03-27 Zalan Bujtas <zbujtas@gmail.com> 2 3 Frame flattening: childframe in FrameView::layout() needs protector. 4 https://bugs.webkit.org/show_bug.cgi?id=82345 5 6 Reviewed by Kenneth Rohde Christiansen. 7 8 RefPtr<FrameView> protector(this) is supposed to protect the current frameview in 9 FrameView::layout() from being destroyed by recalcStyle(). 10 However, when frame flattening is on and a child frame is re-starting layout from 11 the topmost parent, the protection is missing and parent's recalcStyle() 12 can destroy the child frame. 13 Moving the protector before the layout re-starting is initiated makes the child frame 14 safe. 15 16 No new tests. Unable to create a test case, where this scenario is reproducible. 17 18 * page/FrameView.cpp: 19 (WebCore::FrameView::layout): 20 1 21 2012-03-27 Antti Koivisto <antti@apple.com> 2 22 -
trunk/Source/WebCore/page/FrameView.cpp
r111901 r112283 917 917 return; 918 918 919 // Protect the view from being deleted during layout (in recalcStyle) 920 RefPtr<FrameView> protector(this); 921 919 922 bool inChildFrameLayoutWithFrameFlattening = isInChildFrameWithFrameFlattening(); 920 923 … … 936 939 m_delayedLayout = false; 937 940 m_setNeedsLayoutWasDeferred = false; 938 939 // Protect the view from being deleted during layout (in recalcStyle)940 RefPtr<FrameView> protector(this);941 941 942 942 if (!m_frame) {
Note: See TracChangeset
for help on using the changeset viewer.