Title: [165142] branches/safari-537.75-branch/Source/WebCore
Diff
Modified: branches/safari-537.75-branch/Source/WebCore/ChangeLog (165141 => 165142)
--- branches/safari-537.75-branch/Source/WebCore/ChangeLog 2014-03-06 00:29:17 UTC (rev 165141)
+++ branches/safari-537.75-branch/Source/WebCore/ChangeLog 2014-03-06 00:33:09 UTC (rev 165142)
@@ -1,5 +1,28 @@
2014-03-05 Matthew Hanson <[email protected]>
+ Merge r160065.
+
+ 2013-12-03 Ryosuke Niwa <[email protected]>
+
+ Potential crash in RenderView::selectionBounds and RenderView::repaintSelection
+ https://bugs.webkit.org/show_bug.cgi?id=125207
+
+ Reviewed by Simon Fraser.
+
+ Merge https://chromium.googlesource.com/chromium/blink/+/f9e6e288a5aa959f05c374806121aaf0fc52d440
+
+ Update style in FrameSelection instead of RenderView's member functions. These are the last two
+ member functions of RenderView that updates the style.
+
+ * editing/FrameSelection.cpp:
+ (WebCore::FrameSelection::focusedOrActiveStateChanged):
+ (WebCore::FrameSelection::bounds):
+ * rendering/RenderView.cpp:
+ (WebCore::RenderView::selectionBounds):
+ (WebCore::RenderView::repaintSelection):
+
+2014-03-05 Matthew Hanson <[email protected]>
+
Merge r164367.
2014-02-19 Daniel Bates <[email protected]>
Modified: branches/safari-537.75-branch/Source/WebCore/editing/FrameSelection.cpp (165141 => 165142)
--- branches/safari-537.75-branch/Source/WebCore/editing/FrameSelection.cpp 2014-03-06 00:29:17 UTC (rev 165141)
+++ branches/safari-537.75-branch/Source/WebCore/editing/FrameSelection.cpp 2014-03-06 00:33:09 UTC (rev 165142)
@@ -1705,11 +1705,14 @@
void FrameSelection::focusedOrActiveStateChanged()
{
bool activeAndFocused = isFocusedAndActive();
+ RefPtr<Document> document = m_frame->document();
+ document->updateStyleIfNeeded();
+
// Because RenderObject::selectionBackgroundColor() and
// RenderObject::selectionForegroundColor() check if the frame is active,
// we have to update places those colors were painted.
- if (RenderView* view = m_frame->document()->renderView())
+ if (RenderView* view = document->renderView())
view->repaintSelection();
// Caret appears in the active frame.
@@ -1723,7 +1726,7 @@
// Because StyleResolver::checkOneSelector() and
// RenderTheme::isFocused() check if the frame is active, we have to
// update style and theme state that depended on those.
- if (Element* element = m_frame->document()->focusedElement()) {
+ if (Element* element = document->focusedElement()) {
element->setNeedsStyleRecalc();
if (RenderObject* renderer = element->renderer())
if (renderer && renderer->style()->hasAppearance())
@@ -1936,6 +1939,10 @@
FloatRect FrameSelection::bounds(bool clipToVisibleContent) const
{
+ if (!m_frame->document())
+ return LayoutRect();
+
+ m_frame->document()->updateStyleIfNeeded();
RenderView* root = m_frame->contentRenderer();
FrameView* view = m_frame->view();
if (!root || !view)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
