[webkit-changes] [119378] trunk/Source/WebCore

Mon, 04 Jun 2012 02:32:12 -0700

Title: [119378] trunk/Source/WebCore
Revision
119378
Author
an...@apple.com
Date
2012-06-04 02:32:05 -0700 (Mon, 04 Jun 2012)

Log Message

Crash in WebCore::RenderView::getRetainedWidgets
https://bugs.webkit.org/show_bug.cgi?id=88217

Reviewed by Kenneth Rohde Christiansen.
        
There is no known repro, the crash has been seen on the field. It is likely that it happens with frame
flattening enabled only.

Null check root renderer in performPostLayoutTasks. The root can legitimely be null for several reasons and
is mostly null checked everywhere else.

* page/FrameView.cpp:
(WebCore::FrameView::performPostLayoutTasks):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (119377 => 119378)


--- trunk/Source/WebCore/ChangeLog	2012-06-04 09:28:34 UTC (rev 119377)
+++ trunk/Source/WebCore/ChangeLog	2012-06-04 09:32:05 UTC (rev 119378)
@@ -1,3 +1,19 @@
+2012-06-04  Antti Koivisto  <an...@apple.com>
+
+        Crash in WebCore::RenderView::getRetainedWidgets
+        https://bugs.webkit.org/show_bug.cgi?id=88217
+
+        Reviewed by Kenneth Rohde Christiansen.
+        
+        There is no known repro, the crash has been seen on the field. It is likely that it happens with frame
+        flattening enabled only.
+
+        Null check root renderer in performPostLayoutTasks. The root can legitimely be null for several reasons and
+        is mostly null checked everywhere else.
+
+        * page/FrameView.cpp:
+        (WebCore::FrameView::performPostLayoutTasks):
+
 2012-06-04  Kentaro Hara  <hara...@chromium.org>
 
         Use SelectorQuery in Element::webkitMatchesSelector()

Modified: trunk/Source/WebCore/page/FrameView.cpp (119377 => 119378)


--- trunk/Source/WebCore/page/FrameView.cpp	2012-06-04 09:28:34 UTC (rev 119377)
+++ trunk/Source/WebCore/page/FrameView.cpp	2012-06-04 09:32:05 UTC (rev 119378)
@@ -2374,7 +2374,8 @@
     m_frame->loader()->client()->dispatchDidLayout();
 
     RenderView* root = rootRenderer(this);
-    root->updateWidgetPositions();
+    if (root)
+        root->updateWidgetPositions();
     
     for (unsigned i = 0; i < maxUpdateWidgetsIterations; i++) {
         if (updateWidgets())
@@ -2395,7 +2396,7 @@
 
     m_actionScheduler->resume();
 
-    if (!root->printing()) {
+    if (root && !root->printing()) {
         IntSize currentSize;
         if (useFixedLayout() && !fixedLayoutSize().isEmpty() && delegatesScrolling())
             currentSize = fixedLayoutSize();

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to