Skip to site navigation (Press enter)

[webkit-changes] [240063] branches/safari-607-branch/Source/WebCore

alancoon Wed, 16 Jan 2019 15:27:55 -0800

Title: [240063] branches/safari-607-branch/Source/WebCore

Revision: 240063
Author: alanc...@apple.com
Date: 2019-01-16 15:27:17 -0800 (Wed, 16 Jan 2019)

Log Message

Cherry-pick r239847. rdar://problem/47260246


    Fix rare crash under ScrollbarThemeMac::paintScrollCorner()
    https://bugs.webkit.org/show_bug.cgi?id=193337
    rdar://problem/47179993

    Reviewed by Zalan Bujtas.

    Async image decoding can trigger a FrameView::traverseForPaintInvalidation() fake paint,
    which creates a GraphicsContext with no platform context. However, we could hit ScrollView::paintScrollbars()
    which tried to get at the platform context, and then crashed.

    So protect two functions in ScrollbarThemeMac with if (context.paintingDisabled()) checks. I verified
    that other scrollbar-related painting code paths were already protected.

    Hard to test because it depends on async image decoding timing.

    * platform/mac/ScrollbarThemeMac.mm:
    (WebCore::ScrollbarThemeMac::paint):
    (WebCore::ScrollbarThemeMac::paintScrollCorner):

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239847 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

branches/safari-607-branch/Source/WebCore/ChangeLog
branches/safari-607-branch/Source/WebCore/platform/mac/ScrollbarThemeMac.mm

Diff

Modified: branches/safari-607-branch/Source/WebCore/ChangeLog (240062 => 240063)


--- branches/safari-607-branch/Source/WebCore/ChangeLog	2019-01-16 23:27:14 UTC (rev 240062)
+++ branches/safari-607-branch/Source/WebCore/ChangeLog	2019-01-16 23:27:17 UTC (rev 240063)
@@ -1,5 +1,52 @@
 2019-01-15  Alan Coon  <alanc...@apple.com>
 
+        Cherry-pick r239847. rdar://problem/47260246
+
+    Fix rare crash under ScrollbarThemeMac::paintScrollCorner()
+    https://bugs.webkit.org/show_bug.cgi?id=193337
+    rdar://problem/47179993
+    
+    Reviewed by Zalan Bujtas.
+    
+    Async image decoding can trigger a FrameView::traverseForPaintInvalidation() fake paint,
+    which creates a GraphicsContext with no platform context. However, we could hit ScrollView::paintScrollbars()
+    which tried to get at the platform context, and then crashed.
+    
+    So protect two functions in ScrollbarThemeMac with if (context.paintingDisabled()) checks. I verified
+    that other scrollbar-related painting code paths were already protected.
+    
+    Hard to test because it depends on async image decoding timing.
+    
+    * platform/mac/ScrollbarThemeMac.mm:
+    (WebCore::ScrollbarThemeMac::paint):
+    (WebCore::ScrollbarThemeMac::paintScrollCorner):
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239847 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2019-01-10  Simon Fraser  <simon.fra...@apple.com>
+
+            Fix rare crash under ScrollbarThemeMac::paintScrollCorner()
+            https://bugs.webkit.org/show_bug.cgi?id=193337
+            rdar://problem/47179993
+
+            Reviewed by Zalan Bujtas.
+
+            Async image decoding can trigger a FrameView::traverseForPaintInvalidation() fake paint,
+            which creates a GraphicsContext with no platform context. However, we could hit ScrollView::paintScrollbars()
+            which tried to get at the platform context, and then crashed.
+
+            So protect two functions in ScrollbarThemeMac with if (context.paintingDisabled()) checks. I verified
+            that other scrollbar-related painting code paths were already protected.
+
+            Hard to test because it depends on async image decoding timing.
+
+            * platform/mac/ScrollbarThemeMac.mm:
+            (WebCore::ScrollbarThemeMac::paint):
+            (WebCore::ScrollbarThemeMac::paintScrollCorner):
+
+2019-01-15  Alan Coon  <alanc...@apple.com>
+
         Cherry-pick r239833. rdar://problem/47260274
 
     Safari Crashing in Version 12.0.1 (14606.2.104.1.1) WebCore::GraphicsLayerCA::updateBackdropFilters

Modified: branches/safari-607-branch/Source/WebCore/platform/mac/ScrollbarThemeMac.mm (240062 => 240063)


--- branches/safari-607-branch/Source/WebCore/platform/mac/ScrollbarThemeMac.mm	2019-01-16 23:27:14 UTC (rev 240062)
+++ branches/safari-607-branch/Source/WebCore/platform/mac/ScrollbarThemeMac.mm	2019-01-16 23:27:17 UTC (rev 240063)
@@ -550,6 +550,9 @@
 
 bool ScrollbarThemeMac::paint(Scrollbar& scrollbar, GraphicsContext& context, const IntRect& damageRect)
 {
+    if (context.paintingDisabled())
+        return false;
+
     setPaintCharacteristicsForScrollbar(scrollbar);
 
     if (scrollbar.supportsUpdateOnSecondaryThread())
@@ -568,6 +571,9 @@
 
 void ScrollbarThemeMac::paintScrollCorner(GraphicsContext& context, const IntRect& cornerRect)
 {
+    if (context.paintingDisabled())
+        return;
+
     LocalCurrentGraphicsContext localContext(context);
 
     auto cornerDrawingOptions = @{ (__bridge NSString *)kCUIWidgetKey: (__bridge NSString *)kCUIWidgetScrollBarTrackCorner,

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes