WebKit Bugzilla
Attachment 358831 Details for
Bug 193337
: Fix rare crash under ScrollbarThemeMac::paintScrollCorner()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-193337-20190110140401.patch (text/plain), 2.43 KB, created by
Simon Fraser (smfr)
on 2019-01-10 14:04:02 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Simon Fraser (smfr)
Created:
2019-01-10 14:04:02 PST
Size:
2.43 KB
patch
obsolete
>Subversion Revision: 239693 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 7f29aa7d9879e468dbb575bd40d28ca9a88254eb..4b264411ba97e474ec282025ea342ce7d65aec7e 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,24 @@ >+2019-01-10 Simon Fraser <simon.fraser@apple.com> >+ >+ Fix rare crash under ScrollbarThemeMac::paintScrollCorner() >+ https://bugs.webkit.org/show_bug.cgi?id=193337 >+ rdar://problem/47179993 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Async image decoding can trigger a FrameView::traverseForPaintInvalidation() fake paint, >+ which creates a GraphicsContext with no platform context. However, we could hit ScrollView::paintScrollbars() >+ which tried to get at the platform context, and then crashed. >+ >+ So protect two functions in ScrollbarThemeMac with if (context.paintingDisabled()) checks. I verified >+ that other scrollbar-related painting code paths were already protected. >+ >+ Hard to test because it depends on async image decoding timing. >+ >+ * platform/mac/ScrollbarThemeMac.mm: >+ (WebCore::ScrollbarThemeMac::paint): >+ (WebCore::ScrollbarThemeMac::paintScrollCorner): >+ > 2019-01-07 David Kilzer <ddkilzer@apple.com> > > PlatformECKey should use a std::unique_ptr >diff --git a/Source/WebCore/platform/mac/ScrollbarThemeMac.mm b/Source/WebCore/platform/mac/ScrollbarThemeMac.mm >index e2caa6ef055e0bf204f1419abc27e7dd570024a1..b5d926a1b57bd4cfeb95775329b3ad543e766876 100644 >--- a/Source/WebCore/platform/mac/ScrollbarThemeMac.mm >+++ b/Source/WebCore/platform/mac/ScrollbarThemeMac.mm >@@ -550,6 +550,9 @@ static void scrollerImpPaint(NSScrollerImp *scrollerImp, bool enabled) > > bool ScrollbarThemeMac::paint(Scrollbar& scrollbar, GraphicsContext& context, const IntRect& damageRect) > { >+ if (context.paintingDisabled()) >+ return false; >+ > setPaintCharacteristicsForScrollbar(scrollbar); > > if (scrollbar.supportsUpdateOnSecondaryThread()) >@@ -568,6 +571,9 @@ bool ScrollbarThemeMac::paint(Scrollbar& scrollbar, GraphicsContext& context, co > > void ScrollbarThemeMac::paintScrollCorner(GraphicsContext& context, const IntRect& cornerRect) > { >+ if (context.paintingDisabled()) >+ return; >+ > LocalCurrentGraphicsContext localContext(context); > > auto cornerDrawingOptions = @{ (__bridge NSString *)kCUIWidgetKey: (__bridge NSString *)kCUIWidgetScrollBarTrackCorner,
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=358831">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 193337
: 358831