Context Navigation

← Previous Changeset
Next Changeset →

Changeset 240609 in webkit

Timestamp:

Jan 28, 2019 4:14:58 PM (5 years ago)

Author:

Simon Fraser

Message:

css3/filters/blur-filter-page-scroll-self.html crashes under WebCore::ScrollingStateNode::ScrollingStateNode
https://bugs.webkit.org/show_bug.cgi?id=193925

Reviewed by Tim Horton.

Some css3/filters/ tests disable accelerated compositing (which is crazy). Make these
tests not crash by ensuring that unparentNode() and unparentChildrenAndDestroyNode() clears the root
node if it's the node being unparented or destroyed.

Tested by existing tests.

page/scrolling/ScrollingStateTree.cpp:

(WebCore::ScrollingStateTree::unparentNode):
(WebCore::ScrollingStateTree::unparentChildrenAndDestroyNode):

Location:

trunk/Source/WebCore

Files:

: 2 edited

ChangeLog (modified) (1 diff)
page/scrolling/ScrollingStateTree.cpp (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/WebCore/ChangeLog

-                      r240604
+                      r240609
+-01-28  Simon Fraser  <simon.fraser@apple.com>
+        css3/filters/blur-filter-page-scroll-self.html crashes under WebCore::ScrollingStateNode::ScrollingStateNode
+        https://bugs.webkit.org/show_bug.cgi?id=193925
+        Reviewed by Tim Horton.
+        Some css3/filters/ tests disable accelerated compositing (which is crazy). Make these
+        tests not crash by ensuring that unparentNode() and unparentChildrenAndDestroyNode() clears the root
+        node if it's the node being unparented or destroyed.
+        Tested by existing tests.
+        * page/scrolling/ScrollingStateTree.cpp:
+        (WebCore::ScrollingStateTree::unparentNode):
+        (WebCore::ScrollingStateTree::unparentChildrenAndDestroyNode):
 -01-28  Daniel Bates  <dabates@apple.com>

trunk/Source/WebCore/page/scrolling/ScrollingStateTree.cpp

-                      r240553
+                      r240609
         return;
+    if (protectedNode == m_rootStateNode)
+        m_rootStateNode = nullptr;
     protectedNode->removeFromParent();
     m_unparentedNodes.add(nodeID, WTFMove(protectedNode));
 …
     if (!protectedNode)
         return;
+    if (protectedNode == m_rootStateNode)
+        m_rootStateNode = nullptr;
     if (auto* children = protectedNode->children()) {

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 240609 in webkit

Legend:

trunk/Source/WebCore/ChangeLog

trunk/Source/WebCore/page/scrolling/ScrollingStateTree.cpp

Download in other formats: