[webkit-changes] [245453] releases/WebKitGTK/webkit-2.24

[carlosgc]

Title: [245453] releases/WebKitGTK/webkit-2.24

Revision

245453

Author

carlo...@webkit.org

Date

2019-05-17 04:25:14 -0700 (Fri, 17 May 2019)

Log Message

Merge r245300 - Do not try to issue repaint while the render tree is being destroyed.
https://bugs.webkit.org/show_bug.cgi?id=197461
<rdar://problem/50368992>

Reviewed by Simon Fraser.

Source/WebCore:

Test: http/tests/svg/crash-on-reload-with-filter.html

We don't need to compute repaint rects when the render tree is getting torn down. We'll issue a full repaint at some point.
Also during full render tree destruction the inline tree state is undefined. We should avoid accessing it.

* rendering/svg/RenderSVGResourceContainer.cpp:
(WebCore::RenderSVGResourceContainer::markAllClientLayersForInvalidation):

LayoutTests:

* http/tests/svg/crash-on-reload-with-filter-expected.txt: Added.
* http/tests/svg/crash-on-reload-with-filter.html: Added.
* http/tests/svg/resources/finishTest.html: Added.

Modified Paths

• releases/WebKitGTK/webkit-2.24/LayoutTests/ChangeLog
• releases/WebKitGTK/webkit-2.24/Source/WebCore/ChangeLog
• releases/WebKitGTK/webkit-2.24/Source/WebCore/rendering/svg/RenderSVGResourceContainer.cpp

Added Paths

• releases/WebKitGTK/webkit-2.24/LayoutTests/http/tests/svg/crash-on-reload-with-filter-expected.txt
• releases/WebKitGTK/webkit-2.24/LayoutTests/http/tests/svg/crash-on-reload-with-filter.html
• releases/WebKitGTK/webkit-2.24/LayoutTests/http/tests/svg/resources/finishTest.html

Diff

Modified: releases/WebKitGTK/webkit-2.24/LayoutTests/ChangeLog (245452 => 245453)

--- releases/WebKitGTK/webkit-2.24/LayoutTests/ChangeLog	2019-05-17 11:25:09 UTC (rev 245452)
+++ releases/WebKitGTK/webkit-2.24/LayoutTests/ChangeLog	2019-05-17 11:25:14 UTC (rev 245453)
@@ -1,3 +1,15 @@
+2019-05-14  Zalan Bujtas  <za...@apple.com>
+
+        Do not try to issue repaint while the render tree is being destroyed.
+        https://bugs.webkit.org/show_bug.cgi?id=197461
+        <rdar://problem/50368992>
+
+        Reviewed by Simon Fraser.
+
+        * http/tests/svg/crash-on-reload-with-filter-expected.txt: Added.
+        * http/tests/svg/crash-on-reload-with-filter.html: Added.
+        * http/tests/svg/resources/finishTest.html: Added.
+
 2019-05-04  Tadeu Zagallo  <tzaga...@apple.com>
 
         TypedArrays should not store properties that are canonical numeric indices

Added: releases/WebKitGTK/webkit-2.24/LayoutTests/http/tests/svg/crash-on-reload-with-filter-expected.txt (0 => 245453)

--- releases/WebKitGTK/webkit-2.24/LayoutTests/http/tests/svg/crash-on-reload-with-filter-expected.txt	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.24/LayoutTests/http/tests/svg/crash-on-reload-with-filter-expected.txt	2019-05-17 11:25:14 UTC (rev 245453)
@@ -0,0 +1 @@
+Pass if no crash or assert.

Added: releases/WebKitGTK/webkit-2.24/LayoutTests/http/tests/svg/crash-on-reload-with-filter.html (0 => 245453)

--- releases/WebKitGTK/webkit-2.24/LayoutTests/http/tests/svg/crash-on-reload-with-filter.html	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.24/LayoutTests/http/tests/svg/crash-on-reload-with-filter.html	2019-05-17 11:25:14 UTC (rev 245453)
@@ -0,0 +1,11 @@
+<div style="display: inline-block;"></div>
+<svg><filter id="svgfilter"><feOffset/></filter></svg>
+<span style="-webkit-text-emphasis: '-';"></span>
+<video style="filter: url(#svgfilter);"></video>
+<script>
+document.body.offsetHeight;
+location = "resources/finishTest.html";
+
+if (window.testRunner)
+    testRunner.waitUntilDone();
+</script>

Added: releases/WebKitGTK/webkit-2.24/LayoutTests/http/tests/svg/resources/finishTest.html (0 => 245453)

--- releases/WebKitGTK/webkit-2.24/LayoutTests/http/tests/svg/resources/finishTest.html	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.24/LayoutTests/http/tests/svg/resources/finishTest.html	2019-05-17 11:25:14 UTC (rev 245453)
@@ -0,0 +1,6 @@
+Pass if no crash or assert.<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.notifyDone();
+}
+</script>

Modified: releases/WebKitGTK/webkit-2.24/Source/WebCore/ChangeLog (245452 => 245453)

--- releases/WebKitGTK/webkit-2.24/Source/WebCore/ChangeLog	2019-05-17 11:25:09 UTC (rev 245452)
+++ releases/WebKitGTK/webkit-2.24/Source/WebCore/ChangeLog	2019-05-17 11:25:14 UTC (rev 245453)
@@ -1,3 +1,19 @@
+2019-05-14  Zalan Bujtas  <za...@apple.com>
+
+        Do not try to issue repaint while the render tree is being destroyed.
+        https://bugs.webkit.org/show_bug.cgi?id=197461
+        <rdar://problem/50368992>
+
+        Reviewed by Simon Fraser.
+
+        Test: http/tests/svg/crash-on-reload-with-filter.html
+
+        We don't need to compute repaint rects when the render tree is getting torn down. We'll issue a full repaint at some point.
+        Also during full render tree destruction the inline tree state is undefined. We should avoid accessing it.
+
+        * rendering/svg/RenderSVGResourceContainer.cpp:
+        (WebCore::RenderSVGResourceContainer::markAllClientLayersForInvalidation):
+
 2019-05-09  Brent Fulgham  <bfulg...@apple.com>
 
         Correct delayed load event handling

Modified: releases/WebKitGTK/webkit-2.24/Source/WebCore/rendering/svg/RenderSVGResourceContainer.cpp (245452 => 245453)

--- releases/WebKitGTK/webkit-2.24/Source/WebCore/rendering/svg/RenderSVGResourceContainer.cpp	2019-05-17 11:25:09 UTC (rev 245452)
+++ releases/WebKitGTK/webkit-2.24/Source/WebCore/rendering/svg/RenderSVGResourceContainer.cpp	2019-05-17 11:25:14 UTC (rev 245453)
@@ -122,6 +122,10 @@
 
 void RenderSVGResourceContainer::markAllClientLayersForInvalidation()
 {
+    if (m_clientLayers.isEmpty())
+        return;
+    if ((*m_clientLayers.begin())->renderer().renderTreeBeingDestroyed())
+        return;
     for (auto* clientLayer : m_clientLayers)
         clientLayer->filterNeedsRepaint();
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes