Title: [225647] trunk/Source/WebCore
- Revision
- 225647
- Author
- rn...@webkit.org
- Date
- 2017-12-07 15:25:04 -0800 (Thu, 07 Dec 2017)
Log Message
iOS: Many AMP pages crash inside Document::updateStyleIfNeeded
https://bugs.webkit.org/show_bug.cgi?id=180550
<rdar://problem/35410390>
Reviewed by Zalan Bujtas.
The crash was caused when updatign the layout of an non-flattened frame inside a flattened frame.
In those cases, isInChildFrameWithFrameFlattening is false on the inner frame.
No new tests for now.
* dom/NoEventDispatchAssertion.h:
* rendering/RenderFrameBase.cpp:
(WebCore::RenderFrameBase::performLayoutWithFlattening): Disable the assertion temporarily here.
In theory, we should be able to remove the check for isInChildFrameWithFrameFlattening but we err
on the safer side for now.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (225646 => 225647)
--- trunk/Source/WebCore/ChangeLog 2017-12-07 23:17:56 UTC (rev 225646)
+++ trunk/Source/WebCore/ChangeLog 2017-12-07 23:25:04 UTC (rev 225647)
@@ -1,3 +1,22 @@
+2017-12-07 Ryosuke Niwa <rn...@webkit.org>
+
+ iOS: Many AMP pages crash inside Document::updateStyleIfNeeded
+ https://bugs.webkit.org/show_bug.cgi?id=180550
+ <rdar://problem/35410390>
+
+ Reviewed by Zalan Bujtas.
+
+ The crash was caused when updatign the layout of an non-flattened frame inside a flattened frame.
+ In those cases, isInChildFrameWithFrameFlattening is false on the inner frame.
+
+ No new tests for now.
+
+ * dom/NoEventDispatchAssertion.h:
+ * rendering/RenderFrameBase.cpp:
+ (WebCore::RenderFrameBase::performLayoutWithFlattening): Disable the assertion temporarily here.
+ In theory, we should be able to remove the check for isInChildFrameWithFrameFlattening but we err
+ on the safer side for now.
+
2017-12-07 Alex Christensen <achristen...@webkit.org>
Always synchronously continue with fragment navigations
Modified: trunk/Source/WebCore/dom/NoEventDispatchAssertion.h (225646 => 225647)
--- trunk/Source/WebCore/dom/NoEventDispatchAssertion.h 2017-12-07 23:17:56 UTC (rev 225646)
+++ trunk/Source/WebCore/dom/NoEventDispatchAssertion.h 2017-12-07 23:25:04 UTC (rev 225647)
@@ -129,7 +129,8 @@
};
#endif
- // FIXME: Remove this class once the sync layout inside SVGImage::draw is removed.
+ // FIXME: Remove this class once the sync layout inside SVGImage::draw is removed
+ // and refactored the code in RenderFrameBase::performLayoutWithFlattening.
class DisableAssertionsInScope {
public:
DisableAssertionsInScope()
Modified: trunk/Source/WebCore/rendering/RenderFrameBase.cpp (225646 => 225647)
--- trunk/Source/WebCore/rendering/RenderFrameBase.cpp 2017-12-07 23:17:56 UTC (rev 225646)
+++ trunk/Source/WebCore/rendering/RenderFrameBase.cpp 2017-12-07 23:25:04 UTC (rev 225647)
@@ -29,6 +29,7 @@
#include "Frame.h"
#include "FrameView.h"
#include "HTMLFrameElementBase.h"
+#include "NoEventDispatchAssertion.h"
#include "RenderView.h"
#include <wtf/IsoMallocInlines.h>
@@ -73,6 +74,8 @@
void RenderFrameBase::performLayoutWithFlattening(bool hasFixedWidth, bool hasFixedHeight)
{
+ // FIXME: Refactor frame flattening code so that we don't need to disable assertions here.
+ NoEventDispatchAssertion::DisableAssertionsInScope scope;
if (!childRenderView())
return;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
