[webkit-changes] [245300] trunk

[zalan]

Title: [245300] trunk

Revision

245300

Author

za...@apple.com

Date

2019-05-14 13:03:46 -0700 (Tue, 14 May 2019)

Log Message

Do not try to issue repaint while the render tree is being destroyed.
https://bugs.webkit.org/show_bug.cgi?id=197461
<rdar://problem/50368992>

Reviewed by Simon Fraser.

Source/WebCore:

Test: http/tests/svg/crash-on-reload-with-filter.html

We don't need to compute repaint rects when the render tree is getting torn down. We'll issue a full repaint at some point.
Also during full render tree destruction the inline tree state is undefined. We should avoid accessing it.

* rendering/svg/RenderSVGResourceContainer.cpp:
(WebCore::RenderSVGResourceContainer::markAllClientLayersForInvalidation):

LayoutTests:

* http/tests/svg/crash-on-reload-with-filter-expected.txt: Added.
* http/tests/svg/crash-on-reload-with-filter.html: Added.
* http/tests/svg/resources/finishTest.html: Added.

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/rendering/svg/RenderSVGResourceContainer.cpp

Added Paths

• trunk/LayoutTests/http/tests/svg/crash-on-reload-with-filter-expected.txt
• trunk/LayoutTests/http/tests/svg/crash-on-reload-with-filter.html
• trunk/LayoutTests/http/tests/svg/resources/finishTest.html

Diff

Modified: trunk/LayoutTests/ChangeLog (245299 => 245300)

--- trunk/LayoutTests/ChangeLog	2019-05-14 19:48:51 UTC (rev 245299)
+++ trunk/LayoutTests/ChangeLog	2019-05-14 20:03:46 UTC (rev 245300)
@@ -1,3 +1,15 @@
+2019-05-14  Zalan Bujtas  <za...@apple.com>
+
+        Do not try to issue repaint while the render tree is being destroyed.
+        https://bugs.webkit.org/show_bug.cgi?id=197461
+        <rdar://problem/50368992>
+
+        Reviewed by Simon Fraser.
+
+        * http/tests/svg/crash-on-reload-with-filter-expected.txt: Added.
+        * http/tests/svg/crash-on-reload-with-filter.html: Added.
+        * http/tests/svg/resources/finishTest.html: Added.
+
 2019-05-14  Youenn Fablet  <you...@apple.com>
 
         A service worker process should app nap when all its clients app nap

Added: trunk/LayoutTests/http/tests/svg/crash-on-reload-with-filter-expected.txt (0 => 245300)

--- trunk/LayoutTests/http/tests/svg/crash-on-reload-with-filter-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/svg/crash-on-reload-with-filter-expected.txt	2019-05-14 20:03:46 UTC (rev 245300)
@@ -0,0 +1 @@
+Pass if no crash or assert.

Added: trunk/LayoutTests/http/tests/svg/crash-on-reload-with-filter.html (0 => 245300)

--- trunk/LayoutTests/http/tests/svg/crash-on-reload-with-filter.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/svg/crash-on-reload-with-filter.html	2019-05-14 20:03:46 UTC (rev 245300)
@@ -0,0 +1,11 @@
+<div style="display: inline-block;"></div>
+<svg><filter id="svgfilter"><feOffset/></filter></svg>
+<span style="-webkit-text-emphasis: '-';"></span>
+<video style="filter: url(#svgfilter);"></video>
+<script>
+document.body.offsetHeight;
+location = "resources/finishTest.html";
+
+if (window.testRunner)
+    testRunner.waitUntilDone();
+</script>

Added: trunk/LayoutTests/http/tests/svg/resources/finishTest.html (0 => 245300)

--- trunk/LayoutTests/http/tests/svg/resources/finishTest.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/svg/resources/finishTest.html	2019-05-14 20:03:46 UTC (rev 245300)
@@ -0,0 +1,6 @@
+Pass if no crash or assert.<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.notifyDone();
+}
+</script>

Modified: trunk/Source/WebCore/ChangeLog (245299 => 245300)

--- trunk/Source/WebCore/ChangeLog	2019-05-14 19:48:51 UTC (rev 245299)
+++ trunk/Source/WebCore/ChangeLog	2019-05-14 20:03:46 UTC (rev 245300)
@@ -1,3 +1,19 @@
+2019-05-14  Zalan Bujtas  <za...@apple.com>
+
+        Do not try to issue repaint while the render tree is being destroyed.
+        https://bugs.webkit.org/show_bug.cgi?id=197461
+        <rdar://problem/50368992>
+
+        Reviewed by Simon Fraser.
+
+        Test: http/tests/svg/crash-on-reload-with-filter.html
+
+        We don't need to compute repaint rects when the render tree is getting torn down. We'll issue a full repaint at some point.
+        Also during full render tree destruction the inline tree state is undefined. We should avoid accessing it.
+
+        * rendering/svg/RenderSVGResourceContainer.cpp:
+        (WebCore::RenderSVGResourceContainer::markAllClientLayersForInvalidation):
+
 2019-05-14  Youenn Fablet  <you...@apple.com>
 
         A service worker process should app nap when all its clients app nap

Modified: trunk/Source/WebCore/rendering/svg/RenderSVGResourceContainer.cpp (245299 => 245300)

--- trunk/Source/WebCore/rendering/svg/RenderSVGResourceContainer.cpp	2019-05-14 19:48:51 UTC (rev 245299)
+++ trunk/Source/WebCore/rendering/svg/RenderSVGResourceContainer.cpp	2019-05-14 20:03:46 UTC (rev 245300)
@@ -122,6 +122,10 @@
 
 void RenderSVGResourceContainer::markAllClientLayersForInvalidation()
 {
+    if (m_clientLayers.isEmpty())
+        return;
+    if ((*m_clientLayers.begin())->renderer().renderTreeBeingDestroyed())
+        return;
     for (auto* clientLayer : m_clientLayers)
         clientLayer->filterNeedsRepaint();
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes