[webkit-changes] [163230] trunk/Source/WebKit2

Fri, 31 Jan 2014 18:55:38 -0800

Title: [163230] trunk/Source/WebKit2
Revision
163230
Author
[email protected]
Date
2014-01-31 18:59:55 -0800 (Fri, 31 Jan 2014)

Log Message

WebKit2 View Gestures: Crash when pinch-zooming on a page that is just a frameset
https://bugs.webkit.org/show_bug.cgi?id=127591
<rdar://problem/15898349>

Reviewed by Simon Fraser.

When we have no shadow layer, we crash in TiledCoreAnimationDrawingArea::adjustTransientZoom.
Fix this null deref; also, we always want a shadow layer, even if the page cannot be scrolled,
because it can be revealed by pinching out.

* WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:
(WebKit::TiledCoreAnimationDrawingArea::adjustTransientZoom):
(WebKit::TiledCoreAnimationDrawingArea::commitTransientZoom):
(WebKit::TiledCoreAnimationDrawingArea::applyTransientZoomToPage):

Modified Paths

Diff

Modified: trunk/Source/WebKit2/ChangeLog (163229 => 163230)


--- trunk/Source/WebKit2/ChangeLog	2014-02-01 02:47:03 UTC (rev 163229)
+++ trunk/Source/WebKit2/ChangeLog	2014-02-01 02:59:55 UTC (rev 163230)
@@ -1,3 +1,20 @@
+2014-01-31  Tim Horton  <[email protected]>
+
+        WebKit2 View Gestures: Crash when pinch-zooming on a page that is just a frameset
+        https://bugs.webkit.org/show_bug.cgi?id=127591
+        <rdar://problem/15898349>
+
+        Reviewed by Simon Fraser.
+
+        When we have no shadow layer, we crash in TiledCoreAnimationDrawingArea::adjustTransientZoom.
+        Fix this null deref; also, we always want a shadow layer, even if the page cannot be scrolled,
+        because it can be revealed by pinching out.
+
+        * WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:
+        (WebKit::TiledCoreAnimationDrawingArea::adjustTransientZoom):
+        (WebKit::TiledCoreAnimationDrawingArea::commitTransientZoom):
+        (WebKit::TiledCoreAnimationDrawingArea::applyTransientZoomToPage):
+
 2014-01-31  Oliver Hunt  <[email protected]>
 
         Rollout r163195 and related patches

Modified: trunk/Source/WebKit2/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm (163229 => 163230)


--- trunk/Source/WebKit2/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm	2014-02-01 02:47:03 UTC (rev 163229)
+++ trunk/Source/WebKit2/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm	2014-02-01 02:59:55 UTC (rev 163230)
@@ -696,18 +696,21 @@
     transform.scale(scale);
 
     RenderView* renderView = m_webPage->mainFrameView()->renderView();
-    PlatformCALayer* renderViewLayer = static_cast<GraphicsLayerCA*>(renderView->layer()->backing()->graphicsLayer())->platformCALayer();
+    PlatformCALayer* renderViewLayer = toGraphicsLayerCA(renderView->layer()->backing()->graphicsLayer())->platformCALayer();
     renderViewLayer->setTransform(transform);
     renderViewLayer->setAnchorPoint(FloatPoint3D());
     renderViewLayer->setPosition(FloatPoint3D());
 
-    PlatformCALayer* shadowLayer = static_cast<GraphicsLayerCA*>(renderView->compositor().layerForContentShadow())->platformCALayer();
+    GraphicsLayerCA* shadowGraphicsLayer = toGraphicsLayerCA(renderView->compositor().layerForContentShadow());
+    if (shadowGraphicsLayer) {
+        PlatformCALayer* shadowLayer = shadowGraphicsLayer->platformCALayer();
 
-    FloatRect shadowBounds = FloatRect(FloatPoint(), toFloatSize(renderView->layoutOverflowRect().maxXMaxYCorner()));
-    shadowBounds.scale(scale);
+        FloatRect shadowBounds = FloatRect(FloatPoint(), toFloatSize(renderView->layoutOverflowRect().maxXMaxYCorner()));
+        shadowBounds.scale(scale);
 
-    shadowLayer->setBounds(shadowBounds);
-    shadowLayer->setPosition(origin + shadowBounds.center());
+        shadowLayer->setBounds(shadowBounds);
+        shadowLayer->setPosition(origin + shadowBounds.center());
+    }
 
     m_transientZoomScale = scale;
     m_transientZoomOrigin = origin;
@@ -761,38 +764,44 @@
     RefPtr<PlatformCAAnimation> renderViewAnimation = PlatformCAAnimation::create(renderViewAnimationCA.get());
     renderViewAnimation->setToValue(transform);
 
-    RetainPtr<CALayer> shadowLayer = static_cast<GraphicsLayerCA*>(renderView->compositor().layerForContentShadow())->platformCALayer()->platformLayer();
+    RetainPtr<CALayer> shadowLayer;
+    if (GraphicsLayerCA* shadowGraphicsLayer = toGraphicsLayerCA(renderView->compositor().layerForContentShadow()))
+        shadowLayer = shadowGraphicsLayer->platformCALayer()->platformLayer();
 
-    FloatRect shadowBounds = FloatRect(FloatPoint(), toFloatSize(renderView->layoutOverflowRect().maxXMaxYCorner()));
-    shadowBounds.scale(scale);
-    RetainPtr<CGPathRef> shadowPath = adoptCF(CGPathCreateWithRect(shadowBounds, NULL)).get();
-
-    RetainPtr<CABasicAnimation> shadowBoundsAnimation = transientZoomSnapAnimationForKeyPath("bounds");
-    [shadowBoundsAnimation setToValue:[NSValue valueWithRect:shadowBounds]];
-    RetainPtr<CABasicAnimation> shadowPositionAnimation = transientZoomSnapAnimationForKeyPath("position");
-    [shadowPositionAnimation setToValue:[NSValue valueWithPoint:constrainedOrigin + shadowBounds.center()]];
-    RetainPtr<CABasicAnimation> shadowPathAnimation = transientZoomSnapAnimationForKeyPath("shadowPath");
-    [shadowPathAnimation setToValue:(id)shadowPath.get()];
-
     [CATransaction begin];
     [CATransaction setCompletionBlock:^(void) {
         renderViewLayer->removeAnimationForKey("transientZoomCommit");
-        [shadowLayer removeAllAnimations];
+        if (shadowLayer)
+            [shadowLayer removeAllAnimations];
         applyTransientZoomToPage(scale, origin);
     }];
 
     renderViewLayer->addAnimationForKey("transientZoomCommit", renderViewAnimation.get());
-    [shadowLayer addAnimation:shadowBoundsAnimation.get() forKey:@"transientZoomCommitShadowBounds"];
-    [shadowLayer addAnimation:shadowPositionAnimation.get() forKey:@"transientZoomCommitShadowPosition"];
-    [shadowLayer addAnimation:shadowPathAnimation.get() forKey:@"transientZoomCommitShadowPath"];
 
+    if (shadowLayer) {
+        FloatRect shadowBounds = FloatRect(FloatPoint(), toFloatSize(renderView->layoutOverflowRect().maxXMaxYCorner()));
+        shadowBounds.scale(scale);
+        RetainPtr<CGPathRef> shadowPath = adoptCF(CGPathCreateWithRect(shadowBounds, NULL)).get();
+
+        RetainPtr<CABasicAnimation> shadowBoundsAnimation = transientZoomSnapAnimationForKeyPath("bounds");
+        [shadowBoundsAnimation setToValue:[NSValue valueWithRect:shadowBounds]];
+        RetainPtr<CABasicAnimation> shadowPositionAnimation = transientZoomSnapAnimationForKeyPath("position");
+        [shadowPositionAnimation setToValue:[NSValue valueWithPoint:constrainedOrigin + shadowBounds.center()]];
+        RetainPtr<CABasicAnimation> shadowPathAnimation = transientZoomSnapAnimationForKeyPath("shadowPath");
+        [shadowPathAnimation setToValue:(id)shadowPath.get()];
+
+        [shadowLayer addAnimation:shadowBoundsAnimation.get() forKey:@"transientZoomCommitShadowBounds"];
+        [shadowLayer addAnimation:shadowPositionAnimation.get() forKey:@"transientZoomCommitShadowPosition"];
+        [shadowLayer addAnimation:shadowPathAnimation.get() forKey:@"transientZoomCommitShadowPath"];
+    }
+
     [CATransaction commit];
 }
 
 void TiledCoreAnimationDrawingArea::applyTransientZoomToPage(double scale, FloatPoint origin)
 {
     RenderView* renderView = m_webPage->mainFrameView()->renderView();
-    PlatformCALayer* renderViewLayer = static_cast<GraphicsLayerCA*>(renderView->layer()->backing()->graphicsLayer())->platformCALayer();
+    PlatformCALayer* renderViewLayer = toGraphicsLayerCA(renderView->layer()->backing()->graphicsLayer())->platformCALayer();
 
     TransformationMatrix finalTransform;
     finalTransform.scale(scale);
@@ -801,10 +810,13 @@
     // and not apply the transform, so we can't depend on it to do so.
     renderViewLayer->setTransform(finalTransform);
 
-    PlatformCALayer* shadowLayer = static_cast<GraphicsLayerCA*>(renderView->compositor().layerForContentShadow())->platformCALayer();
-    IntRect overflowRect = renderView->pixelSnappedLayoutOverflowRect();
-    shadowLayer->setBounds(IntRect(IntPoint(), toIntSize(overflowRect.maxXMaxYCorner())));
-    shadowLayer->setPosition(shadowLayer->bounds().center());
+    GraphicsLayerCA* shadowGraphicsLayer = toGraphicsLayerCA(renderView->compositor().layerForContentShadow());
+    if (shadowGraphicsLayer) {
+        PlatformCALayer* shadowLayer = shadowGraphicsLayer->platformCALayer();
+        IntRect overflowRect = renderView->pixelSnappedLayoutOverflowRect();
+        shadowLayer->setBounds(IntRect(IntPoint(), toIntSize(overflowRect.maxXMaxYCorner())));
+        shadowLayer->setPosition(shadowLayer->bounds().center());
+    }
 
     FloatPoint unscrolledOrigin(origin);
     FloatRect visibleContentRect = m_webPage->mainFrameView()->visibleContentRectIncludingScrollbars();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to