Title: [212888] branches/safari-603.1.30.0-branch/Source/WebCore
- Revision
- 212888
- Author
- [email protected]
- Date
- 2017-02-23 08:15:28 -0800 (Thu, 23 Feb 2017)
Log Message
Merge r212828. rdar://problem/30636274
Modified Paths
Diff
Modified: branches/safari-603.1.30.0-branch/Source/WebCore/ChangeLog (212887 => 212888)
--- branches/safari-603.1.30.0-branch/Source/WebCore/ChangeLog 2017-02-23 16:15:25 UTC (rev 212887)
+++ branches/safari-603.1.30.0-branch/Source/WebCore/ChangeLog 2017-02-23 16:15:28 UTC (rev 212888)
@@ -1,3 +1,33 @@
+2017-02-22 Brent Fulgham <[email protected]>
+
+ Merge r212828. rdar://problem/30636274
+
+ 2017-02-21 Antti Koivisto <[email protected]>
+
+ REGRESSION(r207669): Crash after mutating selector text
+ https://bugs.webkit.org/show_bug.cgi?id=168655
+ <rdar://problem/30632111>
+
+ Reviewed by Brent Fulgham.
+
+ Test: fast/css/selector-text-mutation-crash.html
+
+ * style/StyleScope.cpp:
+ (WebCore::Style::Scope::resolver):
+ (WebCore::Style::Scope::updateStyleResolver):
+
+ Protect against entering scheduleUpdate and wiping style resolver while updating it.
+ Extension stylesheets can trigger this.
+
+ (WebCore::Style::Scope::scheduleUpdate):
+
+ Clear the style resolver immediately if style sheet content changes. The resolver may
+ have data structures that point to the old sheet contents.
+
+ The resolver would get wiped anyway when the scheduled update actually occurs.
+
+ * style/StyleScope.h:
+
2017-02-23 Matthew Hanson <[email protected]>
Rollout r212740. rdar://problem/30636274
Modified: branches/safari-603.1.30.0-branch/Source/WebCore/style/StyleScope.cpp (212887 => 212888)
--- branches/safari-603.1.30.0-branch/Source/WebCore/style/StyleScope.cpp 2017-02-23 16:15:25 UTC (rev 212887)
+++ branches/safari-603.1.30.0-branch/Source/WebCore/style/StyleScope.cpp 2017-02-23 16:15:28 UTC (rev 212888)
@@ -51,6 +51,7 @@
#include "UserContentController.h"
#include "UserContentURLPattern.h"
#include "UserStyleSheet.h"
+#include <wtf/SetForScope.h>
namespace WebCore {
@@ -94,6 +95,7 @@
return m_document.userAgentShadowTreeStyleResolver();
if (!m_resolver) {
+ SetForScope<bool> isUpdatingStyleResolver { m_isUpdatingStyleResolver, true };
m_resolver = std::make_unique<StyleResolver>(m_document);
m_resolver->appendAuthorStyleSheets(m_activeStyleSheets);
}
@@ -459,6 +461,7 @@
}
auto& styleResolver = resolver();
+ SetForScope<bool> isUpdatingStyleResolver { m_isUpdatingStyleResolver, true };
if (updateType == Reset) {
styleResolver.ruleSets().resetAuthorStyle();
styleResolver.appendAuthorStyleSheets(activeStyleSheets);
@@ -529,6 +532,10 @@
void Scope::scheduleUpdate(UpdateType update)
{
+ // FIXME: The m_isUpdatingStyleResolver test is here because extension stylesheets can get us here from StyleResolver::appendAuthorStyleSheets.
+ if (update == UpdateType::ContentsOrInterpretation && !m_isUpdatingStyleResolver)
+ clearResolver();
+
if (!m_pendingUpdate || *m_pendingUpdate < update) {
m_pendingUpdate = update;
if (m_shadowRoot)
Modified: branches/safari-603.1.30.0-branch/Source/WebCore/style/StyleScope.h (212887 => 212888)
--- branches/safari-603.1.30.0-branch/Source/WebCore/style/StyleScope.h 2017-02-23 16:15:25 UTC (rev 212887)
+++ branches/safari-603.1.30.0-branch/Source/WebCore/style/StyleScope.h 2017-02-23 16:15:28 UTC (rev 212888)
@@ -165,6 +165,7 @@
String m_selectedStylesheetSetName;
bool m_usesStyleBasedEditability { false };
+ bool m_isUpdatingStyleResolver { false };
};
inline void Scope::flushPendingUpdate()
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
