Context Navigation

← Previous Changeset
Next Changeset →

Changeset 202716 in webkit

Timestamp:

Jun 30, 2016 4:12:03 PM (8 years ago)

Author:

Antti Koivisto

Message:

WebContent crash due to RELEASE_ASSERT(!m_inLoadPendingImages) in StyleResolver::~StyleResolver()
https://bugs.webkit.org/show_bug.cgi?id=159307
<rdar://problem/26184868>

Reviewed by Andreas Kling.

Pseudo elements are resolved in RenderTreeUpdater (instead of Style::TreeResolver). Their resolution may trigger
resource loads which can cause synchronous layout (when failing synchronously) and lead to destruction of the
the style resolver in post layout task.

No known reliable way to test this.

style/RenderTreeUpdater.cpp:

(WebCore::RenderTreeUpdater::commit):

Use PostResolutionCallbackDisabler in RenderTreeUpdater similarly to Style::TreeResolver. This prevents
post layout tasks from running synchronously and closes this particular crash path.

Location:

trunk/Source/WebCore

Files:

: 2 edited

ChangeLog (modified) (1 diff)
style/RenderTreeUpdater.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/WebCore/ChangeLog

-                      r202712
+                      r202716
+-06-30  Antti Koivisto  <antti@apple.com>
+        WebContent crash due to RELEASE_ASSERT(!m_inLoadPendingImages) in StyleResolver::~StyleResolver()
+        https://bugs.webkit.org/show_bug.cgi?id=159307
+        <rdar://problem/26184868>
+        Reviewed by Andreas Kling.
+        Pseudo elements are resolved in RenderTreeUpdater (instead of Style::TreeResolver). Their resolution may trigger
+        resource loads which can cause synchronous layout (when failing synchronously) and lead to destruction of the
+        the style resolver in post layout task.
+        No known reliable way to test this.
+        * style/RenderTreeUpdater.cpp:
+        (WebCore::RenderTreeUpdater::commit):
+            Use PostResolutionCallbackDisabler in RenderTreeUpdater similarly to Style::TreeResolver. This prevents
+            post layout tasks from running synchronously and closes this particular crash path.
 -06-30  Antoine Quint  <graouts@apple.com>

trunk/Source/WebCore/style/RenderTreeUpdater.cpp

r202358	r202716
94	94	return;
95	95
	96	Style::PostResolutionCallbackDisabler callbackDisabler(m_document);
	97
96	98	m_styleUpdate = WTFMove(styleUpdate);
97	99

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 202716 in webkit

Legend:

trunk/Source/WebCore/ChangeLog

trunk/Source/WebCore/style/RenderTreeUpdater.cpp

Download in other formats: