Context Navigation

← Previous Changeset
Next Changeset →

Changeset 151934 in webkit

Timestamp:

Jun 24, 2013 4:27:02 PM (11 years ago)

Author:

Simon Fraser

Message:

Fix various crashes on sites with fixed backgrounds
https://bugs.webkit.org/show_bug.cgi?id=117959

Source/WebCore:

Reviewed by Andy Estes.

FrameView::removeSlowRepaintObject() would assume that addSlowRepaintObject()
had been called before it, but this isn't always the case. For example, if
a page has a fixed background on the body, this falls into the accelerated
path in WK2 tiled mode, so addSlowRepaintObject() is never called. However,
we still call removeSlowRepaintObject() if the body is removed.

So null-check m_slowRepaintObjects to avoid crashing.

Test: platform/mac-wk2/tiled-drawing/fixed-background/fixed-background-removal.html

page/FrameView.cpp:

(WebCore::FrameView::removeSlowRepaintObject):

LayoutTests:

Reviewed by Andy Estes.

Test that does a document.write on a page with a fixed background on the body.

platform/mac-wk2/tiled-drawing/fixed-background/fixed-background-removal-expected.txt: Added.
platform/mac-wk2/tiled-drawing/fixed-background/fixed-background-removal.html: Added.

Location:

trunk

Files:

: 2 added
: 3 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/platform/mac-wk2/tiled-drawing/fixed-background/fixed-background-removal-expected.txt (added)
LayoutTests/platform/mac-wk2/tiled-drawing/fixed-background/fixed-background-removal.html (added)
Source/WebCore/ChangeLog (modified) (1 diff)
Source/WebCore/page/FrameView.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r151931
+                      r151934
+-06-24  Simon Fraser  <simon.fraser@apple.com>
+        Fix various crashes on sites with fixed backgrounds
+        https://bugs.webkit.org/show_bug.cgi?id=117959
+        Reviewed by Andy Estes.
+        Test that does a document.write on a page with a fixed background on the body.
+        * platform/mac-wk2/tiled-drawing/fixed-background/fixed-background-removal-expected.txt: Added.
+        * platform/mac-wk2/tiled-drawing/fixed-background/fixed-background-removal.html: Added.
 -06-24  Hans Muller  <hmuller@adobe.com>

trunk/Source/WebCore/ChangeLog

-                      r151929
+                      r151934
+-06-24  Simon Fraser  <simon.fraser@apple.com>
+        Fix various crashes on sites with fixed backgrounds
+        https://bugs.webkit.org/show_bug.cgi?id=117959
+        Reviewed by Andy Estes.
+        FrameView::removeSlowRepaintObject() would assume that addSlowRepaintObject()
+        had been called before it, but this isn't always the case. For example, if
+        a page has a fixed background on the body, this falls into the accelerated
+        path in WK2 tiled mode, so addSlowRepaintObject() is never called. However,
+        we still call removeSlowRepaintObject() if the body is removed.
+        So null-check m_slowRepaintObjects to avoid crashing.
+        Test: platform/mac-wk2/tiled-drawing/fixed-background/fixed-background-removal.html
+        * page/FrameView.cpp:
+        (WebCore::FrameView::removeSlowRepaintObject):
 -06-24  Ruth Fong  <ruth_fong@apple.com>

trunk/Source/WebCore/page/FrameView.cpp

-                      r151926
+                      r151934
 void FrameView::removeSlowRepaintObject(RenderObject* o)
+{
     ASSERT(m_slowRepaintObjects);
     ASSERT(m_slowRepaintObjects->contains(o));
+    if (!m_slowRepaintObjects)
+        return;
     m_slowRepaintObjects->remove(o);

Note: See TracChangeset for help on using the changeset viewer.