Changeset 147238 in webkit
- Timestamp:
- Mar 29, 2013, 12:26:36 PM (13 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
rendering/RenderLayerCompositor.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r147236 r147238 1 2013-03-29 Simon Fraser <simon.fraser@apple.com> 2 3 removeViewportConstrainedLayer() should remove the layer from m_viewportConstrainedLayersNeedingUpdate too 4 https://bugs.webkit.org/show_bug.cgi?id=113596 5 6 Reviewed by Tim Horton. 7 8 It's possible, with some combination of position:fixed and opacity transitions 9 in iframes, to end up with a RenderLayer in m_viewportConstrainedLayersNeedingUpdate 10 that has been removed from m_viewportConstrainedLayers, which leads to later assertions 11 and/or crashes. 12 13 Fix by removing a layer from m_viewportConstrainedLayersNeedingUpdate when we 14 remove it from m_viewportConstrainedLayers. 15 16 I was not able to come up with a testcase that reliably reproduces this. 17 18 * rendering/RenderLayerCompositor.cpp: 19 (WebCore::RenderLayerCompositor::removeViewportConstrainedLayer): 20 1 21 2013-03-29 Greg Hughes <ghughes@apple.com> 2 22 -
trunk/Source/WebCore/rendering/RenderLayerCompositor.cpp
r147186 r147238 2979 2979 unregisterViewportConstrainedLayer(layer); 2980 2980 m_viewportConstrainedLayers.remove(layer); 2981 m_viewportConstrainedLayersNeedingUpdate.remove(layer); 2981 2982 } 2982 2983
Note:
See TracChangeset
for help on using the changeset viewer.
