• commit-queue@webkit.org's avatar
    Crash in WebCore::RenderObject::repaint · 1c4f5b42
    commit-queue@webkit.org authored
    https://bugs.webkit.org/show_bug.cgi?id=86162
    
    Patch by Takashi Sakamoto <tasak@google.com> on 2012-05-14
    Reviewed by Abhishek Arya.
    
    Source/WebCore:
    
    As RenderScrollbarPart has no parent renderer, we crash in
    WebCore::RenderBoxModelObject::paddingLeft when paddingLeft has
    percent value, e.g. 5%. However if we set the scrollbar's parent
    renderer to a renderer owning the scrollbar by using setParent method,
    RenderScrollbarPart::styleWillChange will invoke parent renderer's
    repaint. This causes crash in WebCore::RenderObject::repaint if the
    owning renderer is already destroyed.
    To fix the first crash without the second crash, modify
    RenderObject::containingBlock() to check isRenderScrollbarPart or not,
    if parent() is 0.
    If so, use scrollbar's owningRenderer from RenderScrollbarPart.
    
    Test: scrollbars/scrollbar-percent-padding-crash.html
          scrollbars/scrollbar-scrollbarparts-repaint-crash.html
    
    * rendering/RenderObject.cpp:
    (WebCore::RenderObject::containingBlock):
    Modifying containingBlock. If parent() is 0 and isRenderScrollbarPart()
    is true, use RenderScrollbarPart's m_scrollbar->owningRenderer()
    instead of parent().
    * rendering/RenderObject.h:
    (WebCore::RenderObject::isRenderScrollbarPart):
    (RenderObject):
    Adding a new method, isRenderScrollbarPart.
    * rendering/RenderScrollbarPart.cpp:
    (WebCore::RenderScrollbarPart::rendererOwningScrollbar):
    (WebCore):
    Adding a new method, scrollbarOwningRenderer to obtain m_scrollar's
    owningRenderer.
    * rendering/RenderScrollbarPart.h:
    (RenderScrollbarPart):
    Removing "friend class RenderScrollbar".
    (WebCore::RenderScrollbarPart::isRenderScrollbarPart):
    (WebCore::toRenderScrollbarPart):
    (WebCore):
    Implementing isRenderScrollbarPart and toRenderScrollbarPart.
    
    LayoutTests:
    
    * scrollbars/scrollbar-scrollbarparts-repaint-crash-expected.txt: Added.
    * scrollbars/scrollbar-scrollbarparts-repaint-crash.html: Added.
    * scrollbars/scrollbar-percent-padding-crash-expected.txt: Added.
    * scrollbars/scrollbar-percent-padding-crash.html: Added.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@117007 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    1c4f5b42
scrollbar-percent-padding-crash-expected.txt 196 Bytes