[webkit-changes] [240609] trunk/Source/WebCore

[simon . fraser]

Title: [240609] trunk/Source/WebCore

Revision

240609

Author

simon.fra...@apple.com

Date

2019-01-28 16:14:58 -0800 (Mon, 28 Jan 2019)

Log Message

css3/filters/blur-filter-page-scroll-self.html crashes under WebCore::ScrollingStateNode::ScrollingStateNode
https://bugs.webkit.org/show_bug.cgi?id=193925

Reviewed by Tim Horton.

Some css3/filters/ tests disable accelerated compositing (which is crazy). Make these
tests not crash by ensuring that unparentNode() and unparentChildrenAndDestroyNode() clears the root
node if it's the node being unparented or destroyed.

Tested by existing tests.

* page/scrolling/ScrollingStateTree.cpp:
(WebCore::ScrollingStateTree::unparentNode):
(WebCore::ScrollingStateTree::unparentChildrenAndDestroyNode):

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/page/scrolling/ScrollingStateTree.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (240608 => 240609)

--- trunk/Source/WebCore/ChangeLog	2019-01-29 00:12:53 UTC (rev 240608)
+++ trunk/Source/WebCore/ChangeLog	2019-01-29 00:14:58 UTC (rev 240609)
@@ -1,3 +1,20 @@
+2019-01-28  Simon Fraser  <simon.fra...@apple.com>
+
+        css3/filters/blur-filter-page-scroll-self.html crashes under WebCore::ScrollingStateNode::ScrollingStateNode
+        https://bugs.webkit.org/show_bug.cgi?id=193925
+
+        Reviewed by Tim Horton.
+
+        Some css3/filters/ tests disable accelerated compositing (which is crazy). Make these
+        tests not crash by ensuring that unparentNode() and unparentChildrenAndDestroyNode() clears the root
+        node if it's the node being unparented or destroyed.
+
+        Tested by existing tests.
+
+        * page/scrolling/ScrollingStateTree.cpp:
+        (WebCore::ScrollingStateTree::unparentNode):
+        (WebCore::ScrollingStateTree::unparentChildrenAndDestroyNode):
+
 2019-01-28  Daniel Bates  <daba...@apple.com>
 
         [iOS] Make Window virtual key code computation match Mac

Modified: trunk/Source/WebCore/page/scrolling/ScrollingStateTree.cpp (240608 => 240609)

--- trunk/Source/WebCore/page/scrolling/ScrollingStateTree.cpp	2019-01-29 00:12:53 UTC (rev 240608)
+++ trunk/Source/WebCore/page/scrolling/ScrollingStateTree.cpp	2019-01-29 00:14:58 UTC (rev 240609)
@@ -204,6 +204,9 @@
     if (!protectedNode)
         return;
 
+    if (protectedNode == m_rootStateNode)
+        m_rootStateNode = nullptr;
+
     protectedNode->removeFromParent();
     m_unparentedNodes.add(nodeID, WTFMove(protectedNode));
 }
@@ -220,6 +223,9 @@
     if (!protectedNode)
         return;
 
+    if (protectedNode == m_rootStateNode)
+        m_rootStateNode = nullptr;
+
     if (auto* children = protectedNode->children()) {
         for (auto child : *children) {
             child->removeFromParent();

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes