Title: [87570] branches/safari-534-branch/Source/WebCore
- Revision
- 87570
- Author
- mr...@apple.com
- Date
- 2011-05-27 14:25:30 -0700 (Fri, 27 May 2011)
Log Message
Merge r87414.
Modified Paths
Diff
Modified: branches/safari-534-branch/Source/WebCore/ChangeLog (87569 => 87570)
--- branches/safari-534-branch/Source/WebCore/ChangeLog 2011-05-27 21:20:17 UTC (rev 87569)
+++ branches/safari-534-branch/Source/WebCore/ChangeLog 2011-05-27 21:25:30 UTC (rev 87570)
@@ -1,5 +1,38 @@
2011-05-27 Mark Rowe <mr...@apple.com>
+ Merge r87414.
+
+ 2011-05-25 Jer Noble <jer.no...@apple.com>
+
+ Reviewed by Maciej Stachowiak.
+
+ Safari Web Content crashes while entering/exiting the full screen mode of the video content
+ https://bugs.webkit.org/show_bug.cgi?id=61498
+
+ No new tests, as DRT does not currently animate the full screen transition.
+
+ To guard against m_fullScreenRenderer being called after it has been deleted, add
+ code in RenderFullScreen which notifies the document when its full-screen renderer
+ will be destroyed.
+
+ Also, add some sanity checks when accessing the full-screen renderer's layer backing.
+
+ * dom/Document.cpp:
+ (WebCore::Document::webkitWillEnterFullScreenForElement): Guard against a missing
+ full-screen renderer layer.
+ (WebCore::Document::webkitWillExitFullScreenForElement): Ditto.
+ (WebCore::Document::setFullScreenRenderer): Added ASSERT.
+ (WebCore::Document::fullScreenRendererDestroyed): Added.
+ (WebCore::Document::setAnimatingFullScreen): Guard against the full-screen
+ element having been removed from the document.
+ * dom/Document.h:
+ * rendering/RenderFullScreen.cpp:
+ (RenderFullScreen::destroy): Added. Tell the Document that it's full-screen
+ renderer is about to be destroyed.
+ * rendering/RenderFullScreen.h:
+
+2011-05-27 Mark Rowe <mr...@apple.com>
+
Merge r87322.
2011-05-25 Jer Noble <jer.no...@apple.com>
Modified: branches/safari-534-branch/Source/WebCore/dom/Document.cpp (87569 => 87570)
--- branches/safari-534-branch/Source/WebCore/dom/Document.cpp 2011-05-27 21:20:17 UTC (rev 87569)
+++ branches/safari-534-branch/Source/WebCore/dom/Document.cpp 2011-05-27 21:25:30 UTC (rev 87570)
@@ -4884,7 +4884,7 @@
setAnimatingFullScreen(true);
#if USE(ACCELERATED_COMPOSITING)
view()->updateCompositingLayers();
- if (m_fullScreenRenderer->layer()->isComposited())
+ if (m_fullScreenRenderer->layer() && m_fullScreenRenderer->layer()->isComposited())
page()->chrome()->client()->setRootFullScreenLayer(m_fullScreenRenderer->layer()->backing()->graphicsLayer());
#endif
}
@@ -4915,7 +4915,7 @@
setAnimatingFullScreen(true);
#if USE(ACCELERATED_COMPOSITING)
view()->updateCompositingLayers();
- if (m_fullScreenRenderer->layer()->isComposited())
+ if (m_fullScreenRenderer->layer() && m_fullScreenRenderer->layer()->isComposited())
page()->chrome()->client()->setRootFullScreenLayer(m_fullScreenRenderer->layer()->backing()->graphicsLayer());
#endif
}
@@ -4949,13 +4949,23 @@
if (m_fullScreenRenderer)
m_fullScreenRenderer->destroy();
+ ASSERT(!m_fullScreenRenderer);
+
m_fullScreenRenderer = renderer;
// This notification can come in after the page has been destroyed.
if (page())
page()->chrome()->client()->fullScreenRendererChanged(m_fullScreenRenderer);
}
-
+
+void Document::fullScreenRendererDestroyed()
+{
+ m_fullScreenRenderer = 0;
+
+ if (page())
+ page()->chrome()->client()->fullScreenRendererChanged(0);
+}
+
void Document::setFullScreenRendererSize(const IntSize& size)
{
ASSERT(m_fullScreenRenderer);
@@ -5029,7 +5039,7 @@
return;
m_isAnimatingFullScreen = flag;
- if (m_fullScreenElement) {
+ if (m_fullScreenElement && m_fullScreenElement->isDescendantOf(this)) {
m_fullScreenElement->setNeedsStyleRecalc();
scheduleStyleRecalc();
}
Modified: branches/safari-534-branch/Source/WebCore/dom/Document.h (87569 => 87570)
--- branches/safari-534-branch/Source/WebCore/dom/Document.h 2011-05-27 21:20:17 UTC (rev 87569)
+++ branches/safari-534-branch/Source/WebCore/dom/Document.h 2011-05-27 21:25:30 UTC (rev 87570)
@@ -1071,6 +1071,7 @@
void setFullScreenRenderer(RenderFullScreen*);
RenderFullScreen* fullScreenRenderer() const { return m_fullScreenRenderer; }
+ void fullScreenRendererDestroyed();
void setFullScreenRendererSize(const IntSize&);
void setFullScreenRendererBackgroundColor(Color);
Modified: branches/safari-534-branch/Source/WebCore/rendering/RenderFullScreen.cpp (87569 => 87570)
--- branches/safari-534-branch/Source/WebCore/rendering/RenderFullScreen.cpp 2011-05-27 21:20:17 UTC (rev 87569)
+++ branches/safari-534-branch/Source/WebCore/rendering/RenderFullScreen.cpp 2011-05-27 21:25:30 UTC (rev 87570)
@@ -36,6 +36,16 @@
using namespace WebCore;
+void RenderFullScreen::destroy()
+{
+ // RenderObjects are unretained, so notify the document (which holds a pointer to a RenderFullScreen)
+ // if it's RenderFullScreen is destroyed.
+ if (document() && document()->fullScreenRenderer() == this)
+ document()->fullScreenRendererDestroyed();
+
+ RenderFlexibleBox::destroy();
+}
+
PassRefPtr<RenderStyle> RenderFullScreen::createFullScreenStyle()
{
RefPtr<RenderStyle> fullscreenStyle = RenderStyle::createDefaultStyle();
Modified: branches/safari-534-branch/Source/WebCore/rendering/RenderFullScreen.h (87569 => 87570)
--- branches/safari-534-branch/Source/WebCore/rendering/RenderFullScreen.h 2011-05-27 21:20:17 UTC (rev 87569)
+++ branches/safari-534-branch/Source/WebCore/rendering/RenderFullScreen.h 2011-05-27 21:25:30 UTC (rev 87570)
@@ -34,6 +34,7 @@
class RenderFullScreen : public RenderFlexibleBox {
public:
RenderFullScreen(Node* node) : RenderFlexibleBox(node) { setReplaced(false); }
+ virtual void destroy();
virtual bool isRenderFullScreen() const { return true; }
virtual const char* renderName() const { return "RenderFullScreen"; }
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
