Title: [117884] releases/WebKitGTK/webkit-1.8/Source/WebCore
- Revision
- 117884
- Author
- [email protected]
- Date
- 2012-05-21 20:03:41 -0700 (Mon, 21 May 2012)
Log Message
Merge 109406 - Prevent layout root to remain set on renderers getting destroyed.
https://bugs.webkit.org/show_bug.cgi?id=79953
Reviewed by Eric Seidel.
Implement Julien Chaffraix's idea.
* page/FrameView.h:
(WebCore::FrameView::clearLayoutRoot): helper to clear layout root.
* rendering/RenderObject.cpp:
(WebCore::clearLayoutRootIfNeeded): if we know we are going
away and we are the view's layout root, then we need to reset the layout
root to prevent being used.
(WebCore):
(WebCore::RenderObject::willBeDestroyed): call clearLayoutRootIfNeeded at end.
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog (117883 => 117884)
--- releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog 2012-05-22 03:03:25 UTC (rev 117883)
+++ releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog 2012-05-22 03:03:41 UTC (rev 117884)
@@ -1,3 +1,21 @@
+2012-03-01 Abhishek Arya <[email protected]>
+
+ Prevent layout root to remain set on renderers getting destroyed.
+ https://bugs.webkit.org/show_bug.cgi?id=79953
+
+ Reviewed by Eric Seidel.
+
+ Implement Julien Chaffraix's idea.
+
+ * page/FrameView.h:
+ (WebCore::FrameView::clearLayoutRoot): helper to clear layout root.
+ * rendering/RenderObject.cpp:
+ (WebCore::clearLayoutRootIfNeeded): if we know we are going
+ away and we are the view's layout root, then we need to reset the layout
+ root to prevent being used.
+ (WebCore):
+ (WebCore::RenderObject::willBeDestroyed): call clearLayoutRootIfNeeded at end.
+
2012-04-04 Jeffrey Pfau <[email protected]>
Move pending sheet removal from ~HTMLLinkElement to removal from document.
Modified: releases/WebKitGTK/webkit-1.8/Source/WebCore/page/FrameView.h (117883 => 117884)
--- releases/WebKitGTK/webkit-1.8/Source/WebCore/page/FrameView.h 2012-05-22 03:03:25 UTC (rev 117883)
+++ releases/WebKitGTK/webkit-1.8/Source/WebCore/page/FrameView.h 2012-05-22 03:03:41 UTC (rev 117884)
@@ -99,6 +99,7 @@
bool isInLayout() const { return m_inLayout; }
RenderObject* layoutRoot(bool _onlyDuringLayout_ = false) const;
+ void clearLayoutRoot() { m_layoutRoot = 0; }
int layoutCount() const { return m_layoutCount; }
bool needsLayout() const;
Modified: releases/WebKitGTK/webkit-1.8/Source/WebCore/rendering/RenderObject.cpp (117883 => 117884)
--- releases/WebKitGTK/webkit-1.8/Source/WebCore/rendering/RenderObject.cpp 2012-05-22 03:03:25 UTC (rev 117883)
+++ releases/WebKitGTK/webkit-1.8/Source/WebCore/rendering/RenderObject.cpp 2012-05-22 03:03:41 UTC (rev 117884)
@@ -2193,6 +2193,21 @@
return st == SelectionStart || st == SelectionEnd || st == SelectionBoth;
}
+inline void RenderObject::clearLayoutRootIfNeeded() const
+{
+ if (node() && !documentBeingDestroyed() && frame()) {
+ if (FrameView* view = frame()->view()) {
+ if (view->layoutRoot() == this) {
+ ASSERT_NOT_REACHED();
+ // This indicates a failure to layout the child, which is why
+ // the layout root is still set to |this|. Make sure to clear it
+ // since we are getting destroyed.
+ view->clearLayoutRoot();
+ }
+ }
+ }
+}
+
void RenderObject::willBeDestroyed()
{
// Destroy any leftover anonymous children.
@@ -2243,6 +2258,8 @@
setHasLayer(false);
toRenderBoxModelObject(this)->destroyLayer();
}
+
+ clearLayoutRootIfNeeded();
}
void RenderObject::destroyAndCleanupAnonymousWrappers()
Modified: releases/WebKitGTK/webkit-1.8/Source/WebCore/rendering/RenderObject.h (117883 => 117884)
--- releases/WebKitGTK/webkit-1.8/Source/WebCore/rendering/RenderObject.h 2012-05-22 03:03:25 UTC (rev 117883)
+++ releases/WebKitGTK/webkit-1.8/Source/WebCore/rendering/RenderObject.h 2012-05-22 03:03:41 UTC (rev 117884)
@@ -871,6 +871,7 @@
void adjustRectForOutlineAndShadow(LayoutRect&) const;
+ void clearLayoutRootIfNeeded() const;
virtual void willBeDestroyed();
void arenaDelete(RenderArena*, void* objectBase);
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
