WebKit Bugzilla
Attachment 359286 Details for
Bug 193468
: Frequent null-deref under TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-193468-20190116115349.patch (text/plain), 2.40 KB, created by
Tim Horton
on 2019-01-16 11:53:50 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Tim Horton
Created:
2019-01-16 11:53:50 PST
Size:
2.40 KB
patch
obsolete
>Subversion Revision: 240043 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index bc216476e6a064f860d87e50dc8cee7454846413..633c5d48eb42a6b8c042191845a46034c018e6f4 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,17 @@ >+2019-01-15 Tim Horton <timothy_horton@apple.com> >+ >+ Frequent null-deref under TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded() >+ https://bugs.webkit.org/show_bug.cgi?id=193468 >+ <rdar://problem/38645869> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm: >+ (WebKit::TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded): >+ Adjust the null-check a bit; Zalan pointed out that the layout could >+ be responsible for the Frame/RenderView going away, so we should bail >+ *after* layout, not before. >+ > 2019-01-15 Fujii Hironori <Hironori.Fujii@sony.com> > > Unreviewed WinCairo build fix. >diff --git a/Source/WebKit/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm b/Source/WebKit/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm >index 5ee1f8263579fce26b312cce5c2cfb78c12c6790..fb848da57099351a2956b05bc5edbd6b3c59bfc4 100644 >--- a/Source/WebKit/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm >+++ b/Source/WebKit/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm >@@ -312,12 +312,12 @@ void TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded() > if (!m_shouldScaleViewToFitDocument) > return; > >- if (!m_webPage.mainFrameView()->renderView()) >- return; >- > LOG(Resize, "TiledCoreAnimationDrawingArea %p scaleViewToFitDocumentIfNeeded", this); > m_webPage.layoutIfNeeded(); > >+ if (!m_webPage.mainFrameView() || !m_webPage.mainFrameView()->renderView()) >+ return; >+ > int viewWidth = m_webPage.size().width(); > int documentWidth = m_webPage.mainFrameView()->renderView()->unscaledDocumentRect().width(); > >@@ -364,6 +364,9 @@ void TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded() > m_webPage.setUseFixedLayout(false); > m_webPage.layoutIfNeeded(); > >+ if (!m_webPage.mainFrameView() || !m_webPage.mainFrameView()->renderView()) >+ return; >+ > IntSize documentSize = m_webPage.mainFrameView()->renderView()->unscaledDocumentRect().size(); > m_lastViewSizeForScaleToFit = m_webPage.size(); > m_lastDocumentSizeForScaleToFit = documentSize;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=359286">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 193468
:
359211
|
359284
| 359286