Skip to content
Commit e3a3b735 authored by simon.fraser@apple.com's avatar simon.fraser@apple.com
Browse files

2010-07-29 Simon Fraser <simon.fraser@apple.com> 

        Reviewed by Pavel Feldman.

        Crash when computing pseudo-style of a vanished scrollbar in inspector
        https://bugs.webkit.org/show_bug.cgi?id=42561

        When a styled overflow:scroll scrollbar gets destroyed, we need to clear out the m_owner pointer,
        otherwise the event handling code (which keeps the Scrollbar alive) later causes the scrollbar
        to try to use m_owner to get pseudo style.

        Test: scrollbars/overflow-custom-scrollbar-crash.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::destroyScrollbar): If this is a custom scrollbar, clear the owning renderer.
        * rendering/RenderScrollbar.cpp:
        (WebCore::RenderScrollbar::getScrollbarPseudoStyle): Bail if m_owner is 0.
        * rendering/RenderScrollbar.h:
        (WebCore::RenderScrollbar::clearOwningRenderer): New method.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@64289 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 79ca94b3
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment