Title: [195606] trunk/Source/WebCore
- Revision
- 195606
- Author
- [email protected]
- Date
- 2016-01-26 12:07:07 -0800 (Tue, 26 Jan 2016)
Log Message
Speculative fixes for crashing in viewportChangeAffectedPicture
https://bugs.webkit.org/show_bug.cgi?id=153450
Reviewed by Dean Jackson.
Don't attach any conditions to the removal of a picture element from
the document's HashSet. This ensures that if the condition is ever
wrong for any reason, we'll still remove the picture element on
destruction.
Fix the media query evaluation to match the other evaluations (used by
the preload scanner and HTMLImageElement). This includes using the
document element's computed style instead of our own and also null
checking the document element first. This is the likely cause of the
crashes.
* html/HTMLPictureElement.cpp:
(WebCore::HTMLPictureElement::~HTMLPictureElement):
(WebCore::HTMLPictureElement::didMoveToNewDocument):
(WebCore::HTMLPictureElement::viewportChangeAffectedPicture):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (195605 => 195606)
--- trunk/Source/WebCore/ChangeLog 2016-01-26 19:57:49 UTC (rev 195605)
+++ trunk/Source/WebCore/ChangeLog 2016-01-26 20:07:07 UTC (rev 195606)
@@ -1,3 +1,26 @@
+2016-01-25 Dave Hyatt <[email protected]>
+
+ Speculative fixes for crashing in viewportChangeAffectedPicture
+ https://bugs.webkit.org/show_bug.cgi?id=153450
+
+ Reviewed by Dean Jackson.
+
+ Don't attach any conditions to the removal of a picture element from
+ the document's HashSet. This ensures that if the condition is ever
+ wrong for any reason, we'll still remove the picture element on
+ destruction.
+
+ Fix the media query evaluation to match the other evaluations (used by
+ the preload scanner and HTMLImageElement). This includes using the
+ document element's computed style instead of our own and also null
+ checking the document element first. This is the likely cause of the
+ crashes.
+
+ * html/HTMLPictureElement.cpp:
+ (WebCore::HTMLPictureElement::~HTMLPictureElement):
+ (WebCore::HTMLPictureElement::didMoveToNewDocument):
+ (WebCore::HTMLPictureElement::viewportChangeAffectedPicture):
+
2016-01-26 Chris Dumez <[email protected]>
Make sure a page is still PageCache-able after firing the 'pagehide' events
Modified: trunk/Source/WebCore/html/HTMLPictureElement.cpp (195605 => 195606)
--- trunk/Source/WebCore/html/HTMLPictureElement.cpp 2016-01-26 19:57:49 UTC (rev 195605)
+++ trunk/Source/WebCore/html/HTMLPictureElement.cpp 2016-01-26 20:07:07 UTC (rev 195606)
@@ -39,13 +39,12 @@
HTMLPictureElement::~HTMLPictureElement()
{
- if (hasViewportDependentResults())
- document().removeViewportDependentPicture(*this);
+ document().removeViewportDependentPicture(*this);
}
void HTMLPictureElement::didMoveToNewDocument(Document* oldDocument)
{
- if (hasViewportDependentResults() && oldDocument)
+ if (oldDocument)
oldDocument->removeViewportDependentPicture(*this);
HTMLElement::didMoveToNewDocument(oldDocument);
sourcesChanged();
@@ -64,7 +63,7 @@
bool HTMLPictureElement::viewportChangeAffectedPicture()
{
- MediaQueryEvaluator evaluator(document().printing() ? "print" : "screen", document().frame(), computedStyle());
+ MediaQueryEvaluator evaluator(document().printing() ? "print" : "screen", document().frame(), document().documentElement() ? document().documentElement()->computedStyle() : nullptr);
unsigned numResults = m_viewportDependentMediaQueryResults.size();
for (unsigned i = 0; i < numResults; i++) {
if (evaluator.eval(&m_viewportDependentMediaQueryResults[i]->m_expression) != m_viewportDependentMediaQueryResults[i]->m_result)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
