Changeset 240717 in webkit


Ignore:
Timestamp:
Jan 30, 2019 10:44:24 AM (5 years ago)
Author:
Antti Koivisto
Message:

Crash in WebKit::RemoteLayerTreePropertyApplier::updateChildren
https://bugs.webkit.org/show_bug.cgi?id=193897
<rdar://problem/47427750>

Reviewed by Simon Fraser.

There has been some null pointer crashes where we fail to find a remote layer tree node that matches
the transaction properties.

  • Shared/RemoteLayerTree/RemoteLayerTreePropertyApplier.mm:

(WebKit::RemoteLayerTreePropertyApplier::updateChildren):

Null check the nodes.

Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit/ChangeLog

    r240713 r240717  
     12019-01-30  Antti Koivisto  <antti@apple.com>
     2
     3        Crash in WebKit::RemoteLayerTreePropertyApplier::updateChildren
     4        https://bugs.webkit.org/show_bug.cgi?id=193897
     5        <rdar://problem/47427750>
     6
     7        Reviewed by Simon Fraser.
     8
     9        There has been some null pointer crashes where we fail to find a remote layer tree node that matches
     10        the transaction properties.
     11
     12        * Shared/RemoteLayerTree/RemoteLayerTreePropertyApplier.mm:
     13        (WebKit::RemoteLayerTreePropertyApplier::updateChildren):
     14
     15        Null check the nodes.
     16
    1172019-01-30  Simon Fraser  <simon.fraser@apple.com>
    218
  • trunk/Source/WebKit/Shared/RemoteLayerTree/RemoteLayerTreePropertyApplier.mm

    r239124 r240717  
    278278        if (node.uiView() && [[node.uiView() subviews] count])
    279279            return true;
    280         return !properties.children.isEmpty() && relatedLayers.get(properties.children.first())->uiView();
     280        if (properties.children.isEmpty())
     281            return false;
     282        auto* childNode = relatedLayers.get(properties.children.first());
     283        ASSERT(childNode);
     284        return childNode && childNode->uiView();
    281285    };
    282286
     
    296300        for (auto& child : properties.children) {
    297301            auto* childNode = relatedLayers.get(child);
     302            ASSERT(childNode);
     303            if (!childNode)
     304                continue;
    298305            ASSERT(childNode->uiView());
    299306            [subviews addObject:childNode->uiView()];
     
    308315    for (auto& child : properties.children) {
    309316        auto* childNode = relatedLayers.get(child);
     317        ASSERT(childNode);
     318        if (!childNode)
     319            continue;
    310320#if PLATFORM(IOS_FAMILY)
    311321        ASSERT(!childNode->uiView());
     
    340350    }
    341351
    342     CALayer *maskLayer = relatedLayers.get(properties.maskLayerID)->layer();
     352    auto* maskNode = relatedLayers.get(properties.maskLayerID);
     353    ASSERT(maskNode);
     354    if (!maskNode)
     355        return;
     356    CALayer *maskLayer = maskNode->layer();
    343357    ASSERT(!maskLayer.superlayer);
    344358    if (maskLayer.superlayer)
Note: See TracChangeset for help on using the changeset viewer.