WebKit Bugzilla
Attachment 359284 Details for
Bug 193468
: Frequent null-deref under TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-193468-20190116112748.patch (text/plain), 2.57 KB, created by
Tim Horton
on 2019-01-16 11:27:49 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Tim Horton
Created:
2019-01-16 11:27:49 PST
Size:
2.57 KB
patch
obsolete
>Subversion Revision: 240043 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index bc216476e6a064f860d87e50dc8cee7454846413..633c5d48eb42a6b8c042191845a46034c018e6f4 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,17 @@ >+2019-01-15 Tim Horton <timothy_horton@apple.com> >+ >+ Frequent null-deref under TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded() >+ https://bugs.webkit.org/show_bug.cgi?id=193468 >+ <rdar://problem/38645869> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm: >+ (WebKit::TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded): >+ Adjust the null-check a bit; Zalan pointed out that the layout could >+ be responsible for the Frame/RenderView going away, so we should bail >+ *after* layout, not before. >+ > 2019-01-15 Fujii Hironori <Hironori.Fujii@sony.com> > > Unreviewed WinCairo build fix. >diff --git a/Source/WebKit/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm b/Source/WebKit/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm >index 5ee1f8263579fce26b312cce5c2cfb78c12c6790..5a5c032509369921ffd1f657f05b413b98a43969 100644 >--- a/Source/WebKit/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm >+++ b/Source/WebKit/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm >@@ -318,8 +318,16 @@ void TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded() > LOG(Resize, "TiledCoreAnimationDrawingArea %p scaleViewToFitDocumentIfNeeded", this); > m_webPage.layoutIfNeeded(); > >+ auto mainFrameView = m_webPage.mainFrameView(); >+ if (!mainFrameView) >+ return; >+ >+ auto renderView = mainFrameView->renderView(); >+ if (!renderView) >+ return; >+ > int viewWidth = m_webPage.size().width(); >- int documentWidth = m_webPage.mainFrameView()->renderView()->unscaledDocumentRect().width(); >+ int documentWidth = renderView->unscaledDocumentRect().width(); > > bool documentWidthChanged = m_lastDocumentSizeForScaleToFit.width() != documentWidth; > bool viewWidthChanged = m_lastViewSizeForScaleToFit.width() != viewWidth; >@@ -364,7 +372,7 @@ void TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded() > m_webPage.setUseFixedLayout(false); > m_webPage.layoutIfNeeded(); > >- IntSize documentSize = m_webPage.mainFrameView()->renderView()->unscaledDocumentRect().size(); >+ IntSize documentSize = renderView->unscaledDocumentRect().size(); > m_lastViewSizeForScaleToFit = m_webPage.size(); > m_lastDocumentSizeForScaleToFit = documentSize; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=359284">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 193468
:
359211
|
359284
|
359286