[webkit-changes] [WebKit/WebKit] cc7c4e: [IFC][Invalidation] Partial invalidation with cont...

Fri, 21 Apr 2023 05:51:47 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: cc7c4e03e0e9016b08f91714cac7eec20b91da24
      
https://github.com/WebKit/WebKit/commit/cc7c4e03e0e9016b08f91714cac7eec20b91da24
  Author: Alan Baradlay <[email protected]>
  Date:   2023-04-21 (Fri, 21 Apr 2023)

  Changed paths:
    A 
LayoutTests/fast/inline/invalidation-crash-under-memory-pressure-expected.txt
    A LayoutTests/fast/inline/invalidation-crash-under-memory-pressure.html
    M 
Source/WebCore/layout/formattingContexts/inline/invalidation/InlineInvalidation.cpp
    M 
Source/WebCore/layout/formattingContexts/inline/invalidation/InlineInvalidation.h
    M Source/WebCore/layout/integration/inline/LayoutIntegrationLineLayout.cpp

  Log Message:
  -----------
  [IFC][Invalidation] Partial invalidation with content removal crashes when 
under memory pressure
https://bugs.webkit.org/show_bug.cgi?id=255744
<rdar://107132083>

Reviewed by Antti Koivisto.

Under memory pressure we choose not to proceed with partial invalidation.
However at this point we already removed the associated layout box from the 
tree and instead of retaining it
until after the subsequent layout (see InlineDamage) we simply let it get 
destroyed when returning from the current scope.
Since display content still holds a weak reference to this box, CheckedPtr's 
release assert kicks in.

Let's not mutate the layout tree unless we managed to run partial invalidation.

* 
LayoutTests/fast/inline/invalidation-crash-under-memory-pressure-expected.txt: 
Added.
* LayoutTests/fast/inline/invalidation-crash-under-memory-pressure.html: Added.
* 
Source/WebCore/layout/formattingContexts/inline/invalidation/InlineInvalidation.cpp:
(WebCore::Layout::InlineInvalidation::textWillBeRemoved):
(WebCore::Layout::InlineInvalidation::inlineLevelBoxWillBeRemoved):
* 
Source/WebCore/layout/formattingContexts/inline/invalidation/InlineInvalidation.h:
(WebCore::Layout::InlineInvalidation::textWillBeRemoved):
* Source/WebCore/layout/integration/inline/LayoutIntegrationLineLayout.cpp:
(WebCore::LayoutIntegration::LineLayout::removedFromTree):

Canonical link: https://commits.webkit.org/263234@main


_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to