Title: [212737] trunk
- Revision
- 212737
- Author
- [email protected]
- Date
- 2017-02-21 12:06:48 -0800 (Tue, 21 Feb 2017)
Log Message
REGRESSION(r207669): Crash after mutating selector text
https://bugs.webkit.org/show_bug.cgi?id=168655
<rdar://problem/30632111>
Reviewed by Brent Fulgham.
Source/WebCore:
Test: fast/css/selector-text-mutation-crash.html
* style/StyleScope.cpp:
(WebCore::Style::Scope::scheduleUpdate):
Clear the style resolver immediately if style sheet content changes. The resolver may
have data structures that point to the old sheet contents.
The resolver would get wiped anyway when the scheduled update actually occurs.
LayoutTests:
* fast/css/selector-text-mutation-crash-expected.txt: Added.
* fast/css/selector-text-mutation-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (212736 => 212737)
--- trunk/LayoutTests/ChangeLog 2017-02-21 20:04:44 UTC (rev 212736)
+++ trunk/LayoutTests/ChangeLog 2017-02-21 20:06:48 UTC (rev 212737)
@@ -1,3 +1,14 @@
+2017-02-21 Antti Koivisto <[email protected]>
+
+ REGRESSION(r207669): Crash after mutating selector text
+ https://bugs.webkit.org/show_bug.cgi?id=168655
+ <rdar://problem/30632111>
+
+ Reviewed by Brent Fulgham.
+
+ * fast/css/selector-text-mutation-crash-expected.txt: Added.
+ * fast/css/selector-text-mutation-crash.html: Added.
+
2017-02-21 Jiewen Tan <[email protected]>
[WebCrypto] Add support for AES-CFB
Added: trunk/LayoutTests/fast/css/selector-text-mutation-crash-expected.txt (0 => 212737)
--- trunk/LayoutTests/fast/css/selector-text-mutation-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/css/selector-text-mutation-crash-expected.txt 2017-02-21 20:06:48 UTC (rev 212737)
@@ -0,0 +1 @@
+PASS
Added: trunk/LayoutTests/fast/css/selector-text-mutation-crash.html (0 => 212737)
--- trunk/LayoutTests/fast/css/selector-text-mutation-crash.html (rev 0)
+++ trunk/LayoutTests/fast/css/selector-text-mutation-crash.html 2017-02-21 20:06:48 UTC (rev 212737)
@@ -0,0 +1,14 @@
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+<style id=s>
+body[foo] [id=d] { color: green };
+</style>
+<body>
+<div id=d>PASS</div>
+<script>
+d.offsetLeft;
+s.sheet.cssRules.item(0).selectorText = "body[foo]";
+document.body.setAttribute("foo", "foo");
+</script>
Modified: trunk/Source/WebCore/ChangeLog (212736 => 212737)
--- trunk/Source/WebCore/ChangeLog 2017-02-21 20:04:44 UTC (rev 212736)
+++ trunk/Source/WebCore/ChangeLog 2017-02-21 20:06:48 UTC (rev 212737)
@@ -1,3 +1,21 @@
+2017-02-21 Antti Koivisto <[email protected]>
+
+ REGRESSION(r207669): Crash after mutating selector text
+ https://bugs.webkit.org/show_bug.cgi?id=168655
+ <rdar://problem/30632111>
+
+ Reviewed by Brent Fulgham.
+
+ Test: fast/css/selector-text-mutation-crash.html
+
+ * style/StyleScope.cpp:
+ (WebCore::Style::Scope::scheduleUpdate):
+
+ Clear the style resolver immediately if style sheet content changes. The resolver may
+ have data structures that point to the old sheet contents.
+
+ The resolver would get wiped anyway when the scheduled update actually occurs.
+
2017-02-21 Jiewen Tan <[email protected]>
[WebCrypto] Add support for AES-CFB
Modified: trunk/Source/WebCore/style/StyleScope.cpp (212736 => 212737)
--- trunk/Source/WebCore/style/StyleScope.cpp 2017-02-21 20:04:44 UTC (rev 212736)
+++ trunk/Source/WebCore/style/StyleScope.cpp 2017-02-21 20:06:48 UTC (rev 212737)
@@ -521,6 +521,9 @@
void Scope::scheduleUpdate(UpdateType update)
{
+ if (update == UpdateType::ContentsOrInterpretation)
+ clearResolver();
+
if (!m_pendingUpdate || *m_pendingUpdate < update) {
m_pendingUpdate = update;
if (m_shadowRoot)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
