Context Navigation

← Previous Changeset
Next Changeset →

Changeset 225647 in webkit

Timestamp:

Dec 7, 2017 3:25:04 PM (6 years ago)

Author:

rniwa@webkit.org

Message:

iOS: Many AMP pages crash inside Document::updateStyleIfNeeded
https://bugs.webkit.org/show_bug.cgi?id=180550
<rdar://problem/35410390>

Reviewed by Zalan Bujtas.

The crash was caused when updatign the layout of an non-flattened frame inside a flattened frame.
In those cases, isInChildFrameWithFrameFlattening is false on the inner frame.

No new tests for now.

dom/NoEventDispatchAssertion.h:
rendering/RenderFrameBase.cpp:

(WebCore::RenderFrameBase::performLayoutWithFlattening): Disable the assertion temporarily here.
In theory, we should be able to remove the check for isInChildFrameWithFrameFlattening but we err
on the safer side for now.

Location:

trunk/Source/WebCore

Files:

: 3 edited

ChangeLog (modified) (1 diff)
dom/NoEventDispatchAssertion.h (modified) (1 diff)
rendering/RenderFrameBase.cpp (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/WebCore/ChangeLog

-                      r225645
+                      r225647
+-12-07  Ryosuke Niwa  <rniwa@webkit.org>
+        iOS: Many AMP pages crash inside Document::updateStyleIfNeeded
+        https://bugs.webkit.org/show_bug.cgi?id=180550
+        <rdar://problem/35410390>
+        Reviewed by Zalan Bujtas.
+        The crash was caused when updatign the layout of an non-flattened frame inside a flattened frame.
+        In those cases, isInChildFrameWithFrameFlattening is false on the inner frame.
+        No new tests for now.
+        * dom/NoEventDispatchAssertion.h:
+        * rendering/RenderFrameBase.cpp:
+        (WebCore::RenderFrameBase::performLayoutWithFlattening): Disable the assertion temporarily here.
+        In theory, we should be able to remove the check for isInChildFrameWithFrameFlattening but we err
+        on the safer side for now.
 -12-07  Alex Christensen  <achristensen@webkit.org>

trunk/Source/WebCore/dom/NoEventDispatchAssertion.h

-                      r224534
+                      r225647
 #endif
+    // FIXME: Remove this class once the sync layout inside SVGImage::draw is removed.
+    // FIXME: Remove this class once the sync layout inside SVGImage::draw is removed
+    // and refactored the code in RenderFrameBase::performLayoutWithFlattening.
     class DisableAssertionsInScope {
     public:

trunk/Source/WebCore/rendering/RenderFrameBase.cpp

-                      r224537
+                      r225647
 #include "FrameView.h"
 #include "HTMLFrameElementBase.h"
+#include "NoEventDispatchAssertion.h"
 #include "RenderView.h"
 #include <wtf/IsoMallocInlines.h>
 …
 void RenderFrameBase::performLayoutWithFlattening(bool hasFixedWidth, bool hasFixedHeight)
+{
+    // FIXME: Refactor frame flattening code so that we don't need to disable assertions here.
+    NoEventDispatchAssertion::DisableAssertionsInScope scope;
     if (!childRenderView())
         return;

Note: See TracChangeset for help on using the changeset viewer.