Title: [203265] trunk/Source/WebCore
- Revision
- 203265
- Author
- [email protected]
- Date
- 2016-07-14 19:31:20 -0700 (Thu, 14 Jul 2016)
Log Message
CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::MediaQueryEvaluator::evaluate const
https://bugs.webkit.org/show_bug.cgi?id=159799
<rdar://problem/27346959>
Reviewed by Myles Maxfield.
Speculative fix for this crash, which seems to happen when asking for the Node's
renderer(). From the incoming crash logs, it is triggered by mutations on
a <picture> or <img> element, which would require choosing a new source,
and causing some media queries to evaluate.
The only place in MediaQueryEvaluator that has anything to do with
renderers is when gathering up some style information to pass to the
actual evaluation function. I put a guard against a missing documentElement
in there.
* css/MediaQueryEvaluator.cpp:
(WebCore::MediaQueryEvaluator::evaluate): Make sure documentElement is not
null.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (203264 => 203265)
--- trunk/Source/WebCore/ChangeLog 2016-07-15 02:17:24 UTC (rev 203264)
+++ trunk/Source/WebCore/ChangeLog 2016-07-15 02:31:20 UTC (rev 203265)
@@ -1,3 +1,25 @@
+2016-07-14 Dean Jackson <[email protected]>
+
+ CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::MediaQueryEvaluator::evaluate const
+ https://bugs.webkit.org/show_bug.cgi?id=159799
+ <rdar://problem/27346959>
+
+ Reviewed by Myles Maxfield.
+
+ Speculative fix for this crash, which seems to happen when asking for the Node's
+ renderer(). From the incoming crash logs, it is triggered by mutations on
+ a <picture> or <img> element, which would require choosing a new source,
+ and causing some media queries to evaluate.
+
+ The only place in MediaQueryEvaluator that has anything to do with
+ renderers is when gathering up some style information to pass to the
+ actual evaluation function. I put a guard against a missing documentElement
+ in there.
+
+ * css/MediaQueryEvaluator.cpp:
+ (WebCore::MediaQueryEvaluator::evaluate): Make sure documentElement is not
+ null.
+
2016-07-14 Rawinder Singh <[email protected]>
Update HTML*Element class override methods in final classes
Modified: trunk/Source/WebCore/css/MediaQueryEvaluator.cpp (203264 => 203265)
--- trunk/Source/WebCore/css/MediaQueryEvaluator.cpp 2016-07-15 02:17:24 UTC (rev 203264)
+++ trunk/Source/WebCore/css/MediaQueryEvaluator.cpp 2016-07-15 02:31:20 UTC (rev 203265)
@@ -682,6 +682,8 @@
return false;
Document& document = *m_frame->document();
+ if (!document.documentElement())
+ return false;
return function(_expression_.value(), { m_style, document.documentElement()->renderStyle(), document.renderView(), 1, false }, *m_frame, NoPrefix);
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
