Title: [255359] trunk
- Revision
- 255359
- Author
- an...@apple.com
- Date
- 2020-01-29 08:51:56 -0800 (Wed, 29 Jan 2020)
Log Message
REGRESSION: WK1 Accessibility: ASSERTION FAILED: FontCache::singleton().generation() == m_generation
https://bugs.webkit.org/show_bug.cgi?id=206241
<rdar://problem/58570085>
Reviewed by Zalan Bujtas.
Source/WebCore:
Font cache generation bump empties all font related caches and triggers full style resolution. However it is possible
for single element computed style resolution (triggeded by <title> element here) to happen before the full resolution.
In this case a style computed based on parent style with old font generation may get inserted into matched declarations
cache. A subsequent style resolution may then pick up this style and use it as render style.
* style/StyleBuilderState.cpp:
(WebCore::Style::BuilderState::updateFont):
Fix by taking care that the font returned by style resolver is always updated to the current generation.
LayoutTests:
* platform/mac-wk1/TestExpectations:
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (255358 => 255359)
--- trunk/LayoutTests/ChangeLog 2020-01-29 16:39:17 UTC (rev 255358)
+++ trunk/LayoutTests/ChangeLog 2020-01-29 16:51:56 UTC (rev 255359)
@@ -1,3 +1,13 @@
+2020-01-29 Antti Koivisto <an...@apple.com>
+
+ REGRESSION: WK1 Accessibility: ASSERTION FAILED: FontCache::singleton().generation() == m_generation
+ https://bugs.webkit.org/show_bug.cgi?id=206241
+ <rdar://problem/58570085>
+
+ Reviewed by Zalan Bujtas.
+
+ * platform/mac-wk1/TestExpectations:
+
2020-01-29 Carlos Alberto Lopez Perez <clo...@igalia.com>
[CSS Backgrounds] Gardening after r255351
Modified: trunk/LayoutTests/platform/mac-wk1/TestExpectations (255358 => 255359)
--- trunk/LayoutTests/platform/mac-wk1/TestExpectations 2020-01-29 16:39:17 UTC (rev 255358)
+++ trunk/LayoutTests/platform/mac-wk1/TestExpectations 2020-01-29 16:51:56 UTC (rev 255359)
@@ -844,8 +844,6 @@
webkit.org/b/206071 editing/spelling/markers.html [ Skip ]
webkit.org/b/206071 editing/spelling/retro-correction-spelling-markers.html [ Failure ]
-webkit.org/b/206241 [ Mojave Debug ] accessibility/mac/search-text/search-text.html [ Skip ]
-
webkit.org/b/199117 [ Debug ] storage/indexeddb/modern/objectstore-autoincrement-types.html [ Timeout ]
webkit.org/b/206503 [ Mojave ] imported/w3c/web-platform-tests/html/dom/idlharness.worker.html [ Failure ]
@@ -862,4 +860,4 @@
webkit.org/b/206673 storage/indexeddb/modern/blob-cursor.html [ Pass Timeout ]
-webkit.org/b/190830 [ Debug ] media/track/video-track-addition-and-frame-removal.html [ Pass Crash ]
\ No newline at end of file
+webkit.org/b/190830 [ Debug ] media/track/video-track-addition-and-frame-removal.html [ Pass Crash ]
Modified: trunk/Source/WebCore/ChangeLog (255358 => 255359)
--- trunk/Source/WebCore/ChangeLog 2020-01-29 16:39:17 UTC (rev 255358)
+++ trunk/Source/WebCore/ChangeLog 2020-01-29 16:51:56 UTC (rev 255359)
@@ -1,3 +1,21 @@
+2020-01-29 Antti Koivisto <an...@apple.com>
+
+ REGRESSION: WK1 Accessibility: ASSERTION FAILED: FontCache::singleton().generation() == m_generation
+ https://bugs.webkit.org/show_bug.cgi?id=206241
+ <rdar://problem/58570085>
+
+ Reviewed by Zalan Bujtas.
+
+ Font cache generation bump empties all font related caches and triggers full style resolution. However it is possible
+ for single element computed style resolution (triggeded by <title> element here) to happen before the full resolution.
+ In this case a style computed based on parent style with old font generation may get inserted into matched declarations
+ cache. A subsequent style resolution may then pick up this style and use it as render style.
+
+ * style/StyleBuilderState.cpp:
+ (WebCore::Style::BuilderState::updateFont):
+
+ Fix by taking care that the font returned by style resolver is always updated to the current generation.
+
2020-01-29 Commit Queue <commit-qu...@webkit.org>
Unreviewed, rolling out r255345.
Modified: trunk/Source/WebCore/style/StyleBuilderState.cpp (255358 => 255359)
--- trunk/Source/WebCore/style/StyleBuilderState.cpp 2020-01-29 16:39:17 UTC (rev 255358)
+++ trunk/Source/WebCore/style/StyleBuilderState.cpp 2020-01-29 16:51:56 UTC (rev 255359)
@@ -38,6 +38,7 @@
#include "CSSImageSetValue.h"
#include "CSSImageValue.h"
#include "CSSShadowValue.h"
+#include "FontCache.h"
#include "HTMLElement.h"
#include "RenderTheme.h"
#include "SVGElement.h"
@@ -337,7 +338,22 @@
void BuilderState::updateFont()
{
- if (!m_fontDirty && m_style.fontCascade().fonts())
+ auto& fontSelector = const_cast<Document&>(document()).fontSelector();
+
+ auto needsUpdate = [&] {
+ if (m_fontDirty)
+ return true;
+ auto* fonts = m_style.fontCascade().fonts();
+ if (!fonts)
+ return true;
+ if (fonts->generation() != FontCache::singleton().generation())
+ return true;
+ if (fonts->fontSelectorVersion() != fontSelector.version())
+ return true;
+ return false;
+ };
+
+ if (!needsUpdate())
return;
#if ENABLE(TEXT_AUTOSIZING)
@@ -347,7 +363,7 @@
updateFontForZoomChange();
updateFontForOrientationChange();
- m_style.fontCascade().update(&const_cast<Document&>(document()).fontSelector());
+ m_style.fontCascade().update(&fontSelector);
m_fontDirty = false;
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
