Skip to site navigation (Press enter)

[webkit-changes] [143252] tags/Safari-537.31.3

lforschler Mon, 18 Feb 2013 12:17:55 -0800

Title: [143252] tags/Safari-537.31.3

Revision: 143252
Author: lforsch...@apple.com
Date: 2013-02-18 12:19:57 -0800 (Mon, 18 Feb 2013)

Log Message

Merged r143074.  <rdar://problem/13216100>


Modified Paths

tags/Safari-537.31.3/LayoutTests/ChangeLog
tags/Safari-537.31.3/Source/WebCore/ChangeLog
tags/Safari-537.31.3/Source/WebCore/page/scrolling/ScrollingStateTree.cpp
tags/Safari-537.31.3/Source/WebCore/page/scrolling/mac/ScrollingCoordinatorMac.mm


Added Paths

tags/Safari-537.31.3/LayoutTests/platform/mac-wk2/tiled-drawing/null-parent-back-crash.html

Diff

Modified: tags/Safari-537.31.3/LayoutTests/ChangeLog (143251 => 143252)


--- tags/Safari-537.31.3/LayoutTests/ChangeLog	2013-02-18 20:15:56 UTC (rev 143251)
+++ tags/Safari-537.31.3/LayoutTests/ChangeLog	2013-02-18 20:19:57 UTC (rev 143252)
@@ -1,3 +1,19 @@
+2013-02-18  Lucas Forschler  <lforsch...@apple.com>
+
+        Merge r143074
+
+    2013-02-15  Simon Fraser  <simon.fra...@apple.com>
+
+            REGRESSION (r142505?): Crashes in WebCore::ScrollingStateNode::appendChild when using back/forward buttons
+            https://bugs.webkit.org/show_bug.cgi?id=109826
+            <rdar://problem/13216100>
+
+            Reviewed by Beth Dakin.
+
+            Test having a page with an iframe that navigates forwards then back.
+
+            * platform/mac-wk2/tiled-drawing/null-parent-back-crash.html: Added.
+
 2013-02-12  Alan Cutter  <alancut...@chromium.org>
 
         [Chromium] Rebaseline suggestion-picker layout tests

Copied: tags/Safari-537.31.3/LayoutTests/platform/mac-wk2/tiled-drawing/null-parent-back-crash.html (from rev 143074, trunk/LayoutTests/platform/mac-wk2/tiled-drawing/null-parent-back-crash.html) (0 => 143252)


--- tags/Safari-537.31.3/LayoutTests/platform/mac-wk2/tiled-drawing/null-parent-back-crash.html	                        (rev 0)
+++ tags/Safari-537.31.3/LayoutTests/platform/mac-wk2/tiled-drawing/null-parent-back-crash.html	2013-02-18 20:19:57 UTC (rev 143252)
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <style>
+        .fixed {
+            position: fixed;
+            width: 10px;
+            height: 10px;
+            background-color: green;
+        }
+    </style>
+    <script>
+        if (window.testRunner) {
+            testRunner.dumpAsText();
+            testRunner.waitUntilDone();
+            testRunner.overridePreference("WebKitUsesPageCachePreferenceKey", 1);
+        }
+
+        function pageHidden()
+        {
+            if (!sessionStorage.finishTest) {
+                sessionStorage.finishTest = true;
+            } else {
+                // Clean up after ourselves
+                delete sessionStorage.finishTest;
+            }
+        }
+
+        function pageShown()
+        {
+            if (sessionStorage.finishTest) {
+                if (window.testRunner)
+                    testRunner.notifyDone();
+            } else {
+                setTimeout(function() {window.location = "data:text/html,<script>history.back();</scrip" + "t>";}, 0);
+            }
+        }
+    </script>
+</head>
+<body _onpagehide_="pageHidden();" _onpageshow_="pageShown();">
+<p>Test passes if it does not crash.</p>
+<div class="fixed"></div>
+<iframe></iframe>
+</body>
+</html>

Modified: tags/Safari-537.31.3/Source/WebCore/ChangeLog (143251 => 143252)


--- tags/Safari-537.31.3/Source/WebCore/ChangeLog	2013-02-18 20:15:56 UTC (rev 143251)
+++ tags/Safari-537.31.3/Source/WebCore/ChangeLog	2013-02-18 20:19:57 UTC (rev 143252)
@@ -1,5 +1,35 @@
 2013-02-18  Lucas Forschler  <lforsch...@apple.com>
 
+        Merge r143074
+
+    2013-02-15  Simon Fraser  <simon.fra...@apple.com>
+
+            REGRESSION (r142505?): Crashes in WebCore::ScrollingStateNode::appendChild when using back/forward buttons
+            https://bugs.webkit.org/show_bug.cgi?id=109826
+            <rdar://problem/13216100>
+
+            Reviewed by Beth Dakin.
+
+            Fix a crash when going Back on some pages with fixed position elements.
+
+            When a page was being restored from the page cache, and a layout from
+            FrameLoader::commitProvisionalLoad() caused us to try to register the fixed
+            position layer before the main scrolling layer, we'd crash trying to dereference
+            the root node.
+
+            Fix by bailing from ScrollingStateTree::attachNode() if we can't find the parent
+            node.
+
+            Test: platform/mac-wk2/tiled-drawing/null-parent-back-crash.html
+
+            * page/scrolling/ScrollingStateTree.cpp:
+            (WebCore::ScrollingStateTree::attachNode):
+            (WebCore::ScrollingStateTree::stateNodeForID):
+            * page/scrolling/mac/ScrollingCoordinatorMac.mm:
+            (WebCore::ScrollingCoordinatorMac::updateViewportConstrainedNode):
+
+2013-02-18  Lucas Forschler  <lforsch...@apple.com>
+
         Merge r142936
 
     2013-02-14  Alexey Proskuryakov  <a...@apple.com>

Modified: tags/Safari-537.31.3/Source/WebCore/page/scrolling/ScrollingStateTree.cpp (143251 => 143252)


--- tags/Safari-537.31.3/Source/WebCore/page/scrolling/ScrollingStateTree.cpp	2013-02-18 20:15:56 UTC (rev 143251)
+++ tags/Safari-537.31.3/Source/WebCore/page/scrolling/ScrollingStateTree.cpp	2013-02-18 20:19:57 UTC (rev 143252)
@@ -73,6 +73,9 @@
         newNode = rootStateNode();
     } else {
         ScrollingStateNode* parent = stateNodeForID(parentID);
+        if (!parent)
+            return 0;
+
         switch (nodeType) {
         case FixedNode: {
             OwnPtr<ScrollingStateFixedNode> fixedNode = ScrollingStateFixedNode::create(this, newNodeID);
@@ -94,8 +97,6 @@
             parent->appendChild(scrollingNode.release());
             break;
         }
-        default:
-            ASSERT_NOT_REACHED();
         }
     }
 
@@ -175,6 +176,7 @@
     if (it == m_stateNodeMap.end())
         return 0;
 
+    ASSERT(it->value->scrollingNodeID() == scrollLayerID);
     return it->value;
 }

Modified: tags/Safari-537.31.3/Source/WebCore/page/scrolling/mac/ScrollingCoordinatorMac.mm (143251 => 143252)


--- tags/Safari-537.31.3/Source/WebCore/page/scrolling/mac/ScrollingCoordinatorMac.mm	2013-02-18 20:15:56 UTC (rev 143251)
+++ tags/Safari-537.31.3/Source/WebCore/page/scrolling/mac/ScrollingCoordinatorMac.mm	2013-02-18 20:19:57 UTC (rev 143252)
@@ -348,17 +348,21 @@
 {
     ASSERT(supportsFixedPositionLayers());
 
+    ScrollingStateNode* node = m_scrollingStateTree->stateNodeForID(nodeID);
+    if (!node)
+        return;
+
     switch (constraints.constraintType()) {
     case ViewportConstraints::FixedPositionConstaint: {
-        ScrollingStateFixedNode* node = toScrollingStateFixedNode(m_scrollingStateTree->stateNodeForID(nodeID));
-        setScrollLayerForNode(graphicsLayer, node);
-        node->updateConstraints((const FixedPositionViewportConstraints&)constraints);
+        ScrollingStateFixedNode* fixedNode = toScrollingStateFixedNode(node);
+        setScrollLayerForNode(graphicsLayer, fixedNode);
+        fixedNode->updateConstraints((const FixedPositionViewportConstraints&)constraints);
         break;
     }
     case ViewportConstraints::StickyPositionConstraint: {
-        ScrollingStateStickyNode* node = toScrollingStateStickyNode(m_scrollingStateTree->stateNodeForID(nodeID));
-        setScrollLayerForNode(graphicsLayer, node);
-        node->updateConstraints((const StickyPositionViewportConstraints&)constraints);
+        ScrollingStateStickyNode* stickyNode = toScrollingStateStickyNode(node);
+        setScrollLayerForNode(graphicsLayer, stickyNode);
+        stickyNode->updateConstraints((const StickyPositionViewportConstraints&)constraints);
         break;
     }
     }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes