Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: bf84b98bc5aef1198e82fba20d18f77d06df1052
https://github.com/WebKit/WebKit/commit/bf84b98bc5aef1198e82fba20d18f77d06df1052
Author: Antti Koivisto <[email protected]>
Date: 2024-11-04 (Mon, 04 Nov 2024)
Changed paths:
A LayoutTests/fast/dom/disconnected-title-style-crash.html
M Source/WebCore/animation/BlendingKeyframes.cpp
M Source/WebCore/animation/KeyframeEffect.cpp
M Source/WebCore/editing/EditingStyle.cpp
M Source/WebCore/html/HTMLTitleElement.cpp
M Source/WebCore/style/StyleResolver.cpp
Log Message:
-----------
Nullptr crash under ContainerQueryEvaluator::featureEvaluationContextForQuery
computing style for disconnected <title>
https://bugs.webkit.org/show_bug.cgi?id=282385
rdar://137177847
Reviewed by Ryosuke Niwa.
We crash with null documentElement() because it is possible to enter style
resolution
with a disconnected element via HTMLTitleElement::childrenChanged.
* LayoutTests/fast/dom/disconnected-title-style-crash.html: Added.
* Source/WebCore/html/HTMLTitleElement.cpp:
(WebCore::HTMLTitleElement::insertedIntoAncestor):
Update title on insertion when connected.
(WebCore::HTMLTitleElement::removedFromAncestor):
(WebCore::HTMLTitleElement::childrenChanged):
Only update the title if we are connected.
(WebCore::HTMLTitleElement::computedTextWithDirection):
Remove the style resolution path used when disconnected.
* Source/WebCore/style/StyleResolver.cpp:
(WebCore::Style::Resolver::State::State):
Assert we only compute style for connected elements.
Canonical link: https://commits.webkit.org/286078@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
