Changeset 224336 in webkit
- Timestamp:
- Nov 2, 2017 9:55:26 AM (7 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r224332 r224336 1 2017-11-02 Antti Koivisto <antti@apple.com> 2 3 Clear Node renderer pointer when destroying RenderObject 4 https://bugs.webkit.org/show_bug.cgi?id=179112 5 6 Reviewed by Zalan Bujtas. 7 8 Make sure we don't leave renderer pointers behind in Nodes. 9 This could be done with WeakPtr but that would add extra indirection between DOM and render tree. 10 11 * rendering/RenderObject.cpp: 12 (WebCore::RenderObject::willBeDestroyed): 13 14 Null the node renderer pointer. 15 With continuations we have a case where renderer points to a node that has a different renderer. 16 This is is ok as we know no node points to a continuation (they should really be anonymous renderers). 17 1 18 2017-11-02 Antti Koivisto <antti@apple.com> 2 19 -
trunk/Source/WebCore/rendering/RenderObject.cpp
r224327 r224336 1435 1435 cache->remove(this); 1436 1436 1437 if (auto* node = this->node()) { 1438 // FIXME: Continuations should be anonymous. 1439 ASSERT(!node->renderer() || node->renderer() == this || (is<RenderElement>(*this) && downcast<RenderElement>(*this).isContinuation())); 1440 if (node->renderer() == this) 1441 node->setRenderer(nullptr); 1442 } 1443 1437 1444 removeRareData(); 1438 1445 } … … 1519 1526 1520 1527 willBeDestroyed(); 1528 1521 1529 if (is<RenderWidget>(*this)) { 1522 1530 downcast<RenderWidget>(*this).deref();
Note: See TracChangeset
for help on using the changeset viewer.