Changeset 202330 in webkit
- Timestamp:
- Jun 22, 2016, 9:58:17 AM (9 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
platform/graphics/ca/GraphicsLayerCA.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r202328 r202330 1 2016-06-22 Simon Fraser <simon.fraser@apple.com> 2 3 Crash under GraphicsLayerCA::recursiveCommitChanges() with deep layer trees 4 https://bugs.webkit.org/show_bug.cgi?id=159023 5 rdar://problem/25377842 6 7 Reviewed by Tim Horton. 8 9 Having an on-stack DisplayList::Recorder increased the stack frame size significantly, 10 causing stack exhaustion with deep layer trees, despite the existing depth check. 11 12 Make the Recorder heap-allocated to fix this. 13 14 Tested by LayoutTests/compositing//layer-creation/deep-tree.html. 15 16 * platform/graphics/ca/GraphicsLayerCA.cpp: 17 (WebCore::GraphicsLayerCA::recursiveCommitChanges): 18 1 19 2016-06-22 Carlos Garcia Campos <cgarcia@igalia.com> 2 20 -
trunk/Source/WebCore/platform/graphics/ca/GraphicsLayerCA.cpp
r202242 r202330 1440 1440 1441 1441 GraphicsContext context; 1442 DisplayList::Recorder recorder(context, *m_displayList, initialClip, AffineTransform()); 1442 // The Recorder is large, so heap-allocate. 1443 std::unique_ptr<DisplayList::Recorder> recorder = std::make_unique<DisplayList::Recorder>(context, *m_displayList, initialClip, AffineTransform()); 1443 1444 paintGraphicsLayerContents(context, FloatRect(FloatPoint(), size())); 1444 1445
Note:
See TracChangeset
for help on using the changeset viewer.
