Commit 81e69d5e authored by jchaffraix@webkit.org's avatar jchaffraix@webkit.org

REGRESSION(r124168): Null crash in RenderLayer::createScrollbar

https://bugs.webkit.org/show_bug.cgi?id=96863

Reviewed by Abhishek Arya.

Source/WebCore:

After r124168, we synchronously create any overflow:scroll scrollbar on the first style change - we used to wait
until layout was called. The issue is that the logic in RenderLayer assumes that our node is completely attached
when the style change is dispatched. The crash occured because the 'content' image code path in
RenderObject::createObject triggered a style change too early.

Test: scrollbars/scrollbar-content-crash.html

* rendering/RenderObject.cpp:
(WebCore::RenderObject::createObject):
We need a style associated with the new RenderImage to call setImageResource but we don't need to trigger a
style change.

LayoutTests:

* scrollbars/scrollbar-content-crash-expected.txt: Added.
* scrollbars/scrollbar-content-crash.html: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129955 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent bc69e92e
2012-09-28 Julien Chaffraix <jchaffraix@webkit.org>
REGRESSION(r124168): Null crash in RenderLayer::createScrollbar
https://bugs.webkit.org/show_bug.cgi?id=96863
Reviewed by Abhishek Arya.
* scrollbars/scrollbar-content-crash-expected.txt: Added.
* scrollbars/scrollbar-content-crash.html: Added.
2012-09-28 Ojan Vafai <ojan@chromium.org>
WontFix frame flattening crash test.
Bug 96863: REGRESSION(r124168): Null crash in RenderLayer::createScrollbar
This test PASSED if it didn't CRASH or ASSERT.
<!doctype html>
<html class="crash">
<style>
.crash {
overflow:scroll;
content: url(data:text/plain,aaa);
}
</style>
<script>
if (window.testRunner)
testRunner.dumpAsText();
function runTest() {
document.documentElement.classList.remove("crash");
}
window.addEventListener("load", runTest, false);
</script>
<p>Bug <a href="https://bugs.webkit.org/show_bug.cgi?id=96863">96863</a>: REGRESSION(r124168): Null crash in RenderLayer::createScrollbar</p>
<p>This test PASSED if it didn't CRASH or ASSERT.</p>
2012-09-28 Julien Chaffraix <jchaffraix@webkit.org>
REGRESSION(r124168): Null crash in RenderLayer::createScrollbar
https://bugs.webkit.org/show_bug.cgi?id=96863
Reviewed by Abhishek Arya.
After r124168, we synchronously create any overflow:scroll scrollbar on the first style change - we used to wait
until layout was called. The issue is that the logic in RenderLayer assumes that our node is completely attached
when the style change is dispatched. The crash occured because the 'content' image code path in
RenderObject::createObject triggered a style change too early.
Test: scrollbars/scrollbar-content-crash.html
* rendering/RenderObject.cpp:
(WebCore::RenderObject::createObject):
We need a style associated with the new RenderImage to call setImageResource but we don't need to trigger a
style change.
2012-09-28 Ben Wagner <bungeman@chromium.org>
Chromium should respect 'text-rendering:geometricPrecision' by disabling hinting.
......@@ -132,12 +132,16 @@ RenderObject* RenderObject::createObject(Node* node, RenderStyle* style)
const ContentData* contentData = style->contentData();
if (contentData && !contentData->next() && contentData->isImage() && doc != node) {
RenderImage* image = new (arena) RenderImage(node);
image->setStyle(style);
// RenderImageResourceStyleImage requires a style being present on the image but we don't want to
// trigger a style change now as the node is not fully attached. Moving this code to style change
// doesn't make sense as it should be run once at renderer creation.
image->m_style = style;
if (const StyleImage* styleImage = static_cast<const ImageContentData*>(contentData)->image()) {
image->setImageResource(RenderImageResourceStyleImage::create(const_cast<StyleImage*>(styleImage)));
image->setIsGeneratedContent();
} else
image->setImageResource(RenderImageResource::create());
image->m_style = 0;
return image;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment