• inferno@chromium.org's avatar
    Crash due to owning renderer not removed from custom scrollbar. · ab769069
    inferno@chromium.org authored
    https://bugs.webkit.org/show_bug.cgi?id=80610
    
    Reviewed by Eric Seidel.
    
    Source/WebCore:
    
    Test: scrollbars/scrollbar-owning-renderer-crash.html
    
    Changed RenderScrollbar to keep pointer to owning node, instead of the
    renderer. Renderer can get destroyed without informing the scrollbar, causing
    crashes later. Remove code from r94107 since it is not needed anymore and saves
    times when RenderBox is getting destroyed.
    
    * page/FrameView.cpp:
    (WebCore::FrameView::createScrollbar): pass renderer's node.
    * page/FrameView.h:
    * rendering/RenderBox.cpp:
    (WebCore::RenderBox::willBeDestroyed): no longer need this. came originally from r94107.
    * rendering/RenderLayer.cpp:
    (WebCore::RenderLayer::createScrollbar): pass renderer's node.
    (WebCore::RenderLayer::destroyScrollbar): no longer need to clear owning renderer.
    * rendering/RenderListBox.cpp:
    (WebCore::RenderListBox::createScrollbar): pass renderer's node.
    * rendering/RenderMenuList.cpp:
    (WebCore::RenderMenuList::createScrollbar): pass renderer's node.
    * rendering/RenderScrollbar.cpp:
    (WebCore::RenderScrollbar::createCustomScrollbar): Store owner node instead of renderer.
    (WebCore::RenderScrollbar::RenderScrollbar): Store owner node instead of renderer.
    (WebCore::RenderScrollbar::owningRenderer): calculate owning renderer from owner node.
    * rendering/RenderScrollbar.h:
    (RenderScrollbar):
    * rendering/RenderTextControlSingleLine.cpp:
    (WebCore::RenderTextControlSingleLine::createScrollbar): pass renderer's node.
    
    LayoutTests:
    
    * scrollbars/scrollbar-owning-renderer-crash-expected.txt: Added.
    * scrollbars/scrollbar-owning-renderer-crash.html: Added.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@116476 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    ab769069
scrollbar-owning-renderer-crash.html 1.23 KB