Title: [268836] branches/safari-610-branch/Source/WebCore
- Revision
- 268836
- Author
- [email protected]
- Date
- 2020-10-21 15:16:03 -0700 (Wed, 21 Oct 2020)
Log Message
Cherry-pick r268712. rdar://problem/70541891
Fix crash in RenderLayerBacking::updateClippingStackLayerGeometry()
https://bugs.webkit.org/show_bug.cgi?id=217940
<rdar://problem/70316952>
Reviewed by Tim Horton.
Crash data suggest that entry.clipData.clippingLayer (which is a WeakRef<RenderLayer>)
can be null, so check it.
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::updateClippingStackLayerGeometry):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268712 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-610-branch/Source/WebCore/ChangeLog (268835 => 268836)
--- branches/safari-610-branch/Source/WebCore/ChangeLog 2020-10-21 22:16:00 UTC (rev 268835)
+++ branches/safari-610-branch/Source/WebCore/ChangeLog 2020-10-21 22:16:03 UTC (rev 268836)
@@ -1,5 +1,37 @@
2020-10-21 Russell Epstein <[email protected]>
+ Cherry-pick r268712. rdar://problem/70541891
+
+ Fix crash in RenderLayerBacking::updateClippingStackLayerGeometry()
+ https://bugs.webkit.org/show_bug.cgi?id=217940
+ <rdar://problem/70316952>
+
+ Reviewed by Tim Horton.
+
+ Crash data suggest that entry.clipData.clippingLayer (which is a WeakRef<RenderLayer>)
+ can be null, so check it.
+
+ * rendering/RenderLayerBacking.cpp:
+ (WebCore::RenderLayerBacking::updateClippingStackLayerGeometry):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268712 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-10-19 Simon Fraser <[email protected]>
+
+ Fix crash in RenderLayerBacking::updateClippingStackLayerGeometry()
+ https://bugs.webkit.org/show_bug.cgi?id=217940
+ <rdar://problem/70316952>
+
+ Reviewed by Tim Horton.
+
+ Crash data suggest that entry.clipData.clippingLayer (which is a WeakRef<RenderLayer>)
+ can be null, so check it.
+
+ * rendering/RenderLayerBacking.cpp:
+ (WebCore::RenderLayerBacking::updateClippingStackLayerGeometry):
+
+2020-10-21 Russell Epstein <[email protected]>
+
Cherry-pick r268701. rdar://problem/70541911
Fix possible crash in GraphicsLayerCA::computeVisibleAndCoverageRect()
Modified: branches/safari-610-branch/Source/WebCore/rendering/RenderLayerBacking.cpp (268835 => 268836)
--- branches/safari-610-branch/Source/WebCore/rendering/RenderLayerBacking.cpp 2020-10-21 22:16:00 UTC (rev 268835)
+++ branches/safari-610-branch/Source/WebCore/rendering/RenderLayerBacking.cpp 2020-10-21 22:16:03 UTC (rev 268836)
@@ -1913,7 +1913,7 @@
entry.clippingLayer->setSize(snappedClippingLayerRect.size());
if (entry.clipData.isOverflowScroll) {
- ScrollOffset scrollOffset = entry.clipData.clippingLayer->scrollOffset();
+ ScrollOffset scrollOffset = entry.clipData.clippingLayer ? entry.clipData.clippingLayer->scrollOffset() : ScrollOffset();
entry.clippingLayer->setBoundsOrigin(scrollOffset);
lastClipLayerRect.moveBy(-scrollOffset);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
