-
simon.fraser@apple.com authored
https://bugs.webkit.org/show_bug.cgi?id=95754 Reviewed by Dave Hyatt. Source/WebCore: It's possible to have a renderer with position:fixed or sticky style, but no layer, for example a RenderScrollBarPart. Don't register such renderers with the FrameView. Moved the code that registers/unregisters with the FrameView from styleWillChange() to styleDidChange(), since in the latter case we can check if we have a RenderLayer. Only register renderers with layers. We always unregister, which required removing an assertion in FrameView::removeFixedObject(), and replacing it with a null check of m_fixedObjects. Test: fast/css/remove-fixed-resizer-crash.html * page/FrameView.cpp: (WebCore::FrameView::removeFixedObject): * rendering/RenderBoxModelObject.cpp: (WebCore::RenderBoxModelObject::styleWillChange): (WebCore::RenderBoxModelObject::styleDidChange): LayoutTests: Testcase with a position:fixed resizer and scrolling. * fast/css/remove-fixed-resizer-crash-expected.txt: Added. * fast/css/remove-fixed-resizer-crash.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127497 268f45cc-cd09-0410-ab3c-d52691b4dbfc
0dd46922
