Changeset 202716 in webkit


Ignore:
Timestamp:
Jun 30, 2016, 4:12:03 PM (9 years ago)
Author:
Antti Koivisto
Message:

WebContent crash due to RELEASE_ASSERT(!m_inLoadPendingImages) in StyleResolver::~StyleResolver()
https://bugs.webkit.org/show_bug.cgi?id=159307
<rdar://problem/26184868>

Reviewed by Andreas Kling.

Pseudo elements are resolved in RenderTreeUpdater (instead of Style::TreeResolver). Their resolution may trigger
resource loads which can cause synchronous layout (when failing synchronously) and lead to destruction of the
the style resolver in post layout task.

No known reliable way to test this.

  • style/RenderTreeUpdater.cpp:

(WebCore::RenderTreeUpdater::commit):

Use PostResolutionCallbackDisabler in RenderTreeUpdater similarly to Style::TreeResolver. This prevents
post layout tasks from running synchronously and closes this particular crash path.

Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r202712 r202716  
     12016-06-30  Antti Koivisto  <antti@apple.com>
     2
     3        WebContent crash due to RELEASE_ASSERT(!m_inLoadPendingImages) in StyleResolver::~StyleResolver()
     4        https://bugs.webkit.org/show_bug.cgi?id=159307
     5        <rdar://problem/26184868>
     6
     7        Reviewed by Andreas Kling.
     8
     9        Pseudo elements are resolved in RenderTreeUpdater (instead of Style::TreeResolver). Their resolution may trigger
     10        resource loads which can cause synchronous layout (when failing synchronously) and lead to destruction of the
     11        the style resolver in post layout task.
     12
     13        No known reliable way to test this.
     14
     15        * style/RenderTreeUpdater.cpp:
     16        (WebCore::RenderTreeUpdater::commit):
     17
     18            Use PostResolutionCallbackDisabler in RenderTreeUpdater similarly to Style::TreeResolver. This prevents
     19            post layout tasks from running synchronously and closes this particular crash path.
     20
    1212016-06-30  Antoine Quint  <graouts@apple.com>
    222

  • trunk/Source/WebCore/style/RenderTreeUpdater.cpp

    r202358 r202716  
    9494        return;
    9595
     96    Style::PostResolutionCallbackDisabler callbackDisabler(m_document);
     97
    9698    m_styleUpdate = WTFMove(styleUpdate);
    9799
Note: See TracChangeset for help on using the changeset viewer.