Changeset 212828 in webkit


Ignore:
Timestamp:
Feb 22, 2017 6:46:06 AM (7 years ago)
Author:
Antti Koivisto
Message:

REGRESSION(r207669): Crash after mutating selector text
https://bugs.webkit.org/show_bug.cgi?id=168655
<rdar://problem/30632111>

Reviewed by Andreas Kling.

Source/WebCore:

Test: fast/css/selector-text-mutation-crash.html

  • style/StyleScope.cpp:

(WebCore::Style::Scope::resolver):
(WebCore::Style::Scope::updateStyleResolver):

Protect against entering scheduleUpdate and wiping style resolver while updating it.
Extension stylesheets can trigger this.

(WebCore::Style::Scope::scheduleUpdate):

Clear the style resolver immediately if style sheet content changes. The resolver may
have data structures that point to the old sheet contents.

The resolver would get wiped anyway when the scheduled update actually occurs.

  • style/StyleScope.h:

LayoutTests:

  • fast/css/selector-text-mutation-crash-expected.txt: Added.
  • fast/css/selector-text-mutation-crash.html: Added.
Location:
trunk
Files:
2 added
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r212827 r212828  
     12017-02-22  Antti Koivisto  <antti@apple.com>
     2
     3        REGRESSION(r207669): Crash after mutating selector text
     4        https://bugs.webkit.org/show_bug.cgi?id=168655
     5        <rdar://problem/30632111>
     6
     7        Reviewed by Andreas Kling.
     8
     9        * fast/css/selector-text-mutation-crash-expected.txt: Added.
     10        * fast/css/selector-text-mutation-crash.html: Added.
     11
    1122017-02-22  Per Arne Vollan  <pvollan@apple.com>
    213
  • trunk/Source/WebCore/ChangeLog

    r212823 r212828  
     12017-02-22  Antti Koivisto  <antti@apple.com>
     2
     3        REGRESSION(r207669): Crash after mutating selector text
     4        https://bugs.webkit.org/show_bug.cgi?id=168655
     5        <rdar://problem/30632111>
     6
     7        Reviewed by Andreas Kling.
     8
     9        Test: fast/css/selector-text-mutation-crash.html
     10
     11        * style/StyleScope.cpp:
     12        (WebCore::Style::Scope::resolver):
     13        (WebCore::Style::Scope::updateStyleResolver):
     14
     15        Protect against entering scheduleUpdate and wiping style resolver while updating it.
     16        Extension stylesheets can trigger this.
     17
     18        (WebCore::Style::Scope::scheduleUpdate):
     19
     20        Clear the style resolver immediately if style sheet content changes. The resolver may
     21        have data structures that point to the old sheet contents.
     22
     23        The resolver would get wiped anyway when the scheduled update actually occurs.
     24
     25        * style/StyleScope.h:
     26
    1272017-02-08  Sergio Villar Senin  <svillar@igalia.com>
    228
  • trunk/Source/WebCore/style/StyleScope.cpp

    r212788 r212828  
    4949#include "UserContentURLPattern.h"
    5050#include "UserStyleSheet.h"
     51#include <wtf/SetForScope.h>
    5152
    5253namespace WebCore {
     
    9293
    9394    if (!m_resolver) {
     95        SetForScope<bool> isUpdatingStyleResolver { m_isUpdatingStyleResolver, true };
    9496        m_resolver = std::make_unique<StyleResolver>(m_document);
    9597        m_resolver->appendAuthorStyleSheets(m_activeStyleSheets);
     
    452454    auto& styleResolver = resolver();
    453455
     456    SetForScope<bool> isUpdatingStyleResolver { m_isUpdatingStyleResolver, true };
    454457    if (updateType == Reset) {
    455458        styleResolver.ruleSets().resetAuthorStyle();
     
    522525void Scope::scheduleUpdate(UpdateType update)
    523526{
     527    // FIXME: The m_isUpdatingStyleResolver test is here because extension stylesheets can get us here from StyleResolver::appendAuthorStyleSheets.
     528    if (update == UpdateType::ContentsOrInterpretation && !m_isUpdatingStyleResolver)
     529        clearResolver();
     530
    524531    if (!m_pendingUpdate || *m_pendingUpdate < update) {
    525532        m_pendingUpdate = update;
  • trunk/Source/WebCore/style/StyleScope.h

    r212614 r212828  
    162162
    163163    bool m_usesStyleBasedEditability { false };
     164    bool m_isUpdatingStyleResolver { false };
    164165};
    165166
Note: See TracChangeset for help on using the changeset viewer.