Skip to content

W
webkit
Switch branch/tag
  1. 14 May, 2012 1 commit
    • commit-queue@webkit.org's avatar
      Crash in WebCore::RenderObject::repaint · 1c4f5b42
      commit-queue@webkit.org authored 
      https://bugs.webkit.org/show_bug.cgi?id=86162

Patch by Takashi Sakamoto <tasak@google.com> on 2012-05-14
Reviewed by Abhishek Arya.

Source/WebCore:

As RenderScrollbarPart has no parent renderer, we crash in
WebCore::RenderBoxModelObject::paddingLeft when paddingLeft has
percent value, e.g. 5%. However if we set the scrollbar's parent
renderer to a renderer owning the scrollbar by using setParent method,
RenderScrollbarPart::styleWillChange will invoke parent renderer's
repaint. This causes crash in WebCore::RenderObject::repaint if the
owning renderer is already destroyed.
To fix the first crash without the second crash, modify
RenderObject::containingBlock() to check isRenderScrollbarPart or not,
if parent() is 0.
If so, use scrollbar's owningRenderer from RenderScrollbarPart.

Test: scrollbars/scrollbar-percent-padding-crash.html
      scrollbars/scrollbar-scrollbarparts-repaint-crash.html

* rendering/RenderObject.cpp:
(WebCore::RenderObject::containingBlock):
Modifying containingBlock. If parent() is 0 and isRenderScrollbarPart()
is true, use RenderScrollbarPart's m_scrollbar->owningRenderer()
instead of parent().
* rendering/RenderObject.h:
(WebCore::RenderObject::isRenderScrollbarPart):
(RenderObject):
Adding a new method, isRenderScrollbarPart.
* rendering/RenderScrollbarPart.cpp:
(WebCore::RenderScrollbarPart::rendererOwningScrollbar):
(WebCore):
Adding a new method, scrollbarOwningRenderer to obtain m_scrollar's
owningRenderer.
* rendering/RenderScrollbarPart.h:
(RenderScrollbarPart):
Removing "friend class RenderScrollbar".
(WebCore::RenderScrollbarPart::isRenderScrollbarPart):
(WebCore::toRenderScrollbarPart):
(WebCore):
Implementing isRenderScrollbarPart and toRenderScrollbarPart.

LayoutTests:

* scrollbars/scrollbar-scrollbarparts-repaint-crash-expected.txt: Added.
* scrollbars/scrollbar-scrollbarparts-repaint-crash.html: Added.
* scrollbars/scrollbar-percent-padding-crash-expected.txt: Added.
* scrollbars/scrollbar-percent-padding-crash.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@117007 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1c4f5b42