Title: [225688] tags/Safari-605.1.16.1/Source/WebCore
- Revision
- 225688
- Author
- jmarc...@apple.com
- Date
- 2017-12-08 11:34:26 -0800 (Fri, 08 Dec 2017)
Log Message
Cherry-pick r225647. rdar://problem/35410390
Modified Paths
Diff
Modified: tags/Safari-605.1.16.1/Source/WebCore/ChangeLog (225687 => 225688)
--- tags/Safari-605.1.16.1/Source/WebCore/ChangeLog 2017-12-08 19:29:33 UTC (rev 225687)
+++ tags/Safari-605.1.16.1/Source/WebCore/ChangeLog 2017-12-08 19:34:26 UTC (rev 225688)
@@ -1,3 +1,26 @@
+2017-12-08 Jason Marcell <jmarc...@apple.com>
+
+ Cherry-pick r225647. rdar://problem/35410390
+
+ 2017-12-07 Ryosuke Niwa <rn...@webkit.org>
+
+ iOS: Many AMP pages crash inside Document::updateStyleIfNeeded
+ https://bugs.webkit.org/show_bug.cgi?id=180550
+ <rdar://problem/35410390>
+
+ Reviewed by Zalan Bujtas.
+
+ The crash was caused when updatign the layout of an non-flattened frame inside a flattened frame.
+ In those cases, isInChildFrameWithFrameFlattening is false on the inner frame.
+
+ No new tests for now.
+
+ * dom/NoEventDispatchAssertion.h:
+ * rendering/RenderFrameBase.cpp:
+ (WebCore::RenderFrameBase::performLayoutWithFlattening): Disable the assertion temporarily here.
+ In theory, we should be able to remove the check for isInChildFrameWithFrameFlattening but we err
+ on the safer side for now.
+
2017-12-06 Zan Dobersek <zdober...@igalia.com>
[CoordGraphics] Introduce Nicosia::PaintingContext, add Cairo implementation
Modified: tags/Safari-605.1.16.1/Source/WebCore/dom/NoEventDispatchAssertion.h (225687 => 225688)
--- tags/Safari-605.1.16.1/Source/WebCore/dom/NoEventDispatchAssertion.h 2017-12-08 19:29:33 UTC (rev 225687)
+++ tags/Safari-605.1.16.1/Source/WebCore/dom/NoEventDispatchAssertion.h 2017-12-08 19:34:26 UTC (rev 225688)
@@ -129,7 +129,8 @@
};
#endif
- // FIXME: Remove this class once the sync layout inside SVGImage::draw is removed.
+ // FIXME: Remove this class once the sync layout inside SVGImage::draw is removed
+ // and refactored the code in RenderFrameBase::performLayoutWithFlattening.
class DisableAssertionsInScope {
public:
DisableAssertionsInScope()
Modified: tags/Safari-605.1.16.1/Source/WebCore/rendering/RenderFrameBase.cpp (225687 => 225688)
--- tags/Safari-605.1.16.1/Source/WebCore/rendering/RenderFrameBase.cpp 2017-12-08 19:29:33 UTC (rev 225687)
+++ tags/Safari-605.1.16.1/Source/WebCore/rendering/RenderFrameBase.cpp 2017-12-08 19:34:26 UTC (rev 225688)
@@ -29,6 +29,7 @@
#include "Frame.h"
#include "FrameView.h"
#include "HTMLFrameElementBase.h"
+#include "NoEventDispatchAssertion.h"
#include "RenderView.h"
#include <wtf/IsoMallocInlines.h>
@@ -73,6 +74,8 @@
void RenderFrameBase::performLayoutWithFlattening(bool hasFixedWidth, bool hasFixedHeight)
{
+ // FIXME: Refactor frame flattening code so that we don't need to disable assertions here.
+ NoEventDispatchAssertion::DisableAssertionsInScope scope;
if (!childRenderView())
return;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
