Title: [243146] trunk/Source/WebCore
- Revision
- 243146
- Author
- [email protected]
- Date
- 2019-03-19 10:37:39 -0700 (Tue, 19 Mar 2019)
Log Message
Fix GraphicsLayer-related crashes after r243129
https://bugs.webkit.org/show_bug.cgi?id=195953
Reviewed by Dean Jackson.
Extending the lifetime of GraphicsLayers by referencing them in the scrolling tree (r243129)
revealed a bug where RenderLayerCompositor was failing to clear itself as the client of
GraphicsLayers that it owned, causing crashes.
Fix by using the GraphicsLayer::unparentAndClear() helper to clean up all the GraphicsLayers
owned by RenderLayerCompositor.
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::~RenderLayerCompositor):
* rendering/RenderLayerCompositor.h:
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (243145 => 243146)
--- trunk/Source/WebCore/ChangeLog 2019-03-19 17:37:35 UTC (rev 243145)
+++ trunk/Source/WebCore/ChangeLog 2019-03-19 17:37:39 UTC (rev 243146)
@@ -1,5 +1,23 @@
2019-03-19 Simon Fraser <[email protected]>
+ Fix GraphicsLayer-related crashes after r243129
+ https://bugs.webkit.org/show_bug.cgi?id=195953
+
+ Reviewed by Dean Jackson.
+
+ Extending the lifetime of GraphicsLayers by referencing them in the scrolling tree (r243129)
+ revealed a bug where RenderLayerCompositor was failing to clear itself as the client of
+ GraphicsLayers that it owned, causing crashes.
+
+ Fix by using the GraphicsLayer::unparentAndClear() helper to clean up all the GraphicsLayers
+ owned by RenderLayerCompositor.
+
+ * rendering/RenderLayerCompositor.cpp:
+ (WebCore::RenderLayerCompositor::~RenderLayerCompositor):
+ * rendering/RenderLayerCompositor.h:
+
+2019-03-19 Simon Fraser <[email protected]>
+
[Async overflow] Handle positioned nodes in a few more places
https://bugs.webkit.org/show_bug.cgi?id=195946
Modified: trunk/Source/WebCore/rendering/RenderLayerCompositor.cpp (243145 => 243146)
--- trunk/Source/WebCore/rendering/RenderLayerCompositor.cpp 2019-03-19 17:37:35 UTC (rev 243145)
+++ trunk/Source/WebCore/rendering/RenderLayerCompositor.cpp 2019-03-19 17:37:39 UTC (rev 243146)
@@ -291,8 +291,27 @@
RenderLayerCompositor::~RenderLayerCompositor()
{
// Take care that the owned GraphicsLayers are deleted first as their destructors may call back here.
- m_clipLayer = nullptr;
- m_scrolledContentsLayer = nullptr;
+ GraphicsLayer::unparentAndClear(m_rootContentsLayer);
+
+ GraphicsLayer::unparentAndClear(m_clipLayer);
+ GraphicsLayer::unparentAndClear(m_scrollContainerLayer);
+ GraphicsLayer::unparentAndClear(m_scrolledContentsLayer);
+
+ GraphicsLayer::unparentAndClear(m_overflowControlsHostLayer);
+
+ GraphicsLayer::unparentAndClear(m_layerForHorizontalScrollbar);
+ GraphicsLayer::unparentAndClear(m_layerForVerticalScrollbar);
+ GraphicsLayer::unparentAndClear(m_layerForScrollCorner);
+
+#if ENABLE(RUBBER_BANDING)
+ GraphicsLayer::unparentAndClear(m_layerForOverhangAreas);
+ GraphicsLayer::unparentAndClear(m_contentShadowLayer);
+ GraphicsLayer::unparentAndClear(m_layerForTopOverhangArea);
+ GraphicsLayer::unparentAndClear(m_layerForBottomOverhangArea);
+ GraphicsLayer::unparentAndClear(m_layerForHeader);
+ GraphicsLayer::unparentAndClear(m_layerForFooter);
+#endif
+
ASSERT(m_rootLayerAttachment == RootLayerUnattached);
}
Modified: trunk/Source/WebCore/rendering/RenderLayerCompositor.h (243145 => 243146)
--- trunk/Source/WebCore/rendering/RenderLayerCompositor.h 2019-03-19 17:37:35 UTC (rev 243145)
+++ trunk/Source/WebCore/rendering/RenderLayerCompositor.h 2019-03-19 17:37:39 UTC (rev 243146)
@@ -539,7 +539,6 @@
private:
RenderView& m_renderView;
- RefPtr<GraphicsLayer> m_rootContentsLayer;
Timer m_updateCompositingLayersTimer;
ChromeClient::CompositingTriggerFlags m_compositingTriggers { static_cast<ChromeClient::CompositingTriggerFlags>(ChromeClient::AllTriggers) };
@@ -567,6 +566,8 @@
RootLayerAttachment m_rootLayerAttachment { RootLayerUnattached };
+ RefPtr<GraphicsLayer> m_rootContentsLayer;
+
// Enclosing clipping layer for iframe content
RefPtr<GraphicsLayer> m_clipLayer;
RefPtr<GraphicsLayer> m_scrollContainerLayer;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
