Crash in RenderScrollbarPart::imageChanged.
https://bugs.webkit.org/show_bug.cgi?id=68009 Reviewed by Simon Fraser. Source/WebCore: When a custom scrollbar is removed from its FrameView, its destruction can be delayed because of RefPtr maintained in EventHandler class (m_lastScrollbarUnderMouse). Upon removal, we delete all the scrollbar parts so that they don't link back to scrollbar. However, because of the delay, we can have a call to updateScrollbarPart which recreates it. When scrollbar is getting destroyed, we just check to see if there are remaining scrollbar parts and if yes, we destroy them. Test: scrollbars/scrollbar-part-created-with-no-parent-crash.html * rendering/RenderScrollbar.cpp: (WebCore::RenderScrollbar::~RenderScrollbar): LayoutTests: * scrollbars/scrollbar-part-created-with-no-parent-crash-expected.txt: Added. * scrollbars/scrollbar-part-created-with-no-parent-crash.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95074 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Loading
Please register or sign in to comment