[webkit-changes] [WebKit/WebKit] 0be766: "NULL Object : Crash under WebCore::RenderObject::...

Mon, 18 Mar 2024 09:34:36 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 0be766940c18b3f779d8cac89d2e9696720e1b91
      
https://github.com/WebKit/WebKit/commit/0be766940c18b3f779d8cac89d2e9696720e1b91
  Author: Nisha Jain <[email protected]>
  Date:   2024-03-18 (Mon, 18 Mar 2024)

  Changed paths:
    A LayoutTests/dom/html/document-renderobject-null-crash-expected.txt
    A LayoutTests/dom/html/document-renderobject-null-crash.html
    M Source/WebCore/dom/Document.cpp

  Log Message:
  -----------
  "NULL Object : Crash under WebCore::RenderObject::~RenderObject; 
WebCore::RenderText::~RenderText; WebCore::RenderTreeBuilder::destroy"
https://bugs.webkit.org/show_bug.cgi?id=267297
rdar://119186861.

Reviewed by Alan Baradlay.

Document::caretPositionFromPoint API is using CheckPtr to get RenderObject
even though the Object is already destroyed. In order to make sure CheckedPtr
is valid the render needs to be destroyed earlier not after. Using 
updateLayoutIgnorePendingStylesheets API for uptodate renderer tree.

* LayoutTests/dom/html/document-renderobject-null-crash-expected.txt: Added 
test expected file.
* LayoutTests/dom/html/document-renderobject-null-crash.html: Added test case.
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::caretPositionFromPoint): Added 
updateLayoutIgnorePendingStylesheets to get updated renderer tree before using 
CheckedPtr.

Originally-landed-as: 272448.251@safari-7618-branch (9baf7178103b). 
rdar://124556134
Canonical link: https://commits.webkit.org/276275@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to