Skip to site navigation (Press enter)

[webkit-changes] [222932] trunk/Source/WebCore

zalan Thu, 05 Oct 2017 14:15:08 -0700

Title: [222932] trunk/Source/WebCore

Revision: 222932
Author: [email protected]
Date: 2017-10-05 14:14:44 -0700 (Thu, 05 Oct 2017)

Log Message

RenderButton should not hold raw pointers to its direct children.
https://bugs.webkit.org/show_bug.cgi?id=177960
<rdar://problem/34840807>


Reviewed by Antti Koivisto.

The correct way of destroying a renderer is to call ::removeFromParentAndDestroy().

Covered by existing tests.

* rendering/RenderButton.cpp:
(WebCore::RenderButton::RenderButton):
(WebCore::RenderButton::addChild):
(WebCore::RenderButton::takeChild):
(WebCore::RenderButton::updateAnonymousChildStyle const):
(WebCore::RenderButton::setText):
(WebCore::RenderButton::text const):
* rendering/RenderButton.h:

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/rendering/RenderButton.cpp
trunk/Source/WebCore/rendering/RenderButton.h

Diff

Modified: trunk/Source/WebCore/ChangeLog (222931 => 222932)


--- trunk/Source/WebCore/ChangeLog	2017-10-05 21:07:14 UTC (rev 222931)
+++ trunk/Source/WebCore/ChangeLog	2017-10-05 21:14:44 UTC (rev 222932)
@@ -1,3 +1,24 @@
+2017-10-05  Zalan Bujtas  <[email protected]>
+
+        RenderButton should not hold raw pointers to its direct children.
+        https://bugs.webkit.org/show_bug.cgi?id=177960
+        <rdar://problem/34840807>
+
+        Reviewed by Antti Koivisto.
+
+        The correct way of destroying a renderer is to call ::removeFromParentAndDestroy().
+
+        Covered by existing tests.
+
+        * rendering/RenderButton.cpp:
+        (WebCore::RenderButton::RenderButton):
+        (WebCore::RenderButton::addChild):
+        (WebCore::RenderButton::takeChild):
+        (WebCore::RenderButton::updateAnonymousChildStyle const):
+        (WebCore::RenderButton::setText):
+        (WebCore::RenderButton::text const):
+        * rendering/RenderButton.h:
+
 2017-10-05  David Kilzer  <[email protected]>
 
         Bug 177893: Disable -Wcast-qual for new clang compiler in Apple ports

Modified: trunk/Source/WebCore/rendering/RenderButton.cpp (222931 => 222932)


--- trunk/Source/WebCore/rendering/RenderButton.cpp	2017-10-05 21:07:14 UTC (rev 222931)
+++ trunk/Source/WebCore/rendering/RenderButton.cpp	2017-10-05 21:14:44 UTC (rev 222932)
@@ -39,8 +39,6 @@
 
 RenderButton::RenderButton(HTMLFormControlElement& element, RenderStyle&& style)
     : RenderFlexibleBox(element, WTFMove(style))
-    , m_buttonText(0)
-    , m_inner(0)
 {
 }
 
@@ -70,10 +68,9 @@
         ASSERT(!firstChild());
         auto newInner = createAnonymousBlock(style().display());
         updateAnonymousChildStyle(*newInner, newInner->mutableStyle());
-        m_inner = newInner.get();
+        m_inner = makeWeakPtr(*newInner);
         RenderFlexibleBox::addChild(WTFMove(newInner));
-    }
-    
+    }    
     m_inner->addChild(WTFMove(newChild), beforeChild);
 }
 
@@ -84,7 +81,6 @@
     // violated.
     if (&oldChild == m_inner || !m_inner || oldChild.parent() == this) {
         ASSERT(&oldChild == m_inner || !m_inner);
-        m_inner = nullptr;
         return RenderFlexibleBox::takeChild(oldChild);
     }
     return m_inner->takeChild(oldChild);
@@ -93,7 +89,6 @@
 void RenderButton::updateAnonymousChildStyle(const RenderObject& child, RenderStyle& childStyle) const
 {
     ASSERT_UNUSED(child, !m_inner || &child == m_inner);
-    
     childStyle.setFlexGrow(1.0f);
     // min-width: 0; is needed for correct shrinking.
     childStyle.setMinWidth(Length(0, Fixed));
@@ -120,25 +115,28 @@
 
 void RenderButton::setText(const String& str)
 {
-    if (str.isEmpty()) {
-        if (m_buttonText) {
-            m_buttonText->destroy();
-            m_buttonText = 0;
-        }
-    } else {
-        if (m_buttonText)
-            m_buttonText->setText(str.impl());
-        else {
-            auto newButtonText = createRenderer<RenderTextFragment>(document(), str);
-            m_buttonText = newButtonText.get();
-            addChild(WTFMove(newButtonText));
-        }
+    if (!m_buttonText && str.isEmpty())
+        return;
+
+    if (!m_buttonText) {
+        auto newButtonText = createRenderer<RenderTextFragment>(document(), str);
+        m_buttonText = makeWeakPtr(*newButtonText);
+        addChild(WTFMove(newButtonText));
+        return;
     }
+
+    if (!str.isEmpty()) {
+        m_buttonText->setText(str.impl());
+        return;
+    }
+    m_buttonText->removeFromParentAndDestroy();
 }
 
 String RenderButton::text() const
 {
-    return m_buttonText ? m_buttonText->text() : 0;
+    if (m_buttonText)
+        return m_buttonText->text();
+    return { };
 }
 
 bool RenderButton::canHaveGeneratedChildren() const

Modified: trunk/Source/WebCore/rendering/RenderButton.h (222931 => 222932)


--- trunk/Source/WebCore/rendering/RenderButton.h	2017-10-05 21:07:14 UTC (rev 222931)
+++ trunk/Source/WebCore/rendering/RenderButton.h	2017-10-05 21:14:44 UTC (rev 222932)
@@ -70,8 +70,8 @@
 
     bool isFlexibleBoxImpl() const override { return true; }
 
-    RenderTextFragment* m_buttonText;
-    RenderBlock* m_inner;
+    WeakPtr<RenderTextFragment> m_buttonText;
+    WeakPtr<RenderBlock> m_inner;
 };
 
 } // namespace WebCore

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes