[webkit-changes] [239847] trunk/Source/WebCore

Thu, 10 Jan 2019 14:53:50 -0800

Title: [239847] trunk/Source/WebCore
Revision
239847
Author
simon.fra...@apple.com
Date
2019-01-10 14:50:13 -0800 (Thu, 10 Jan 2019)

Log Message

Fix rare crash under ScrollbarThemeMac::paintScrollCorner()
https://bugs.webkit.org/show_bug.cgi?id=193337
rdar://problem/47179993

Reviewed by Zalan Bujtas.

Async image decoding can trigger a FrameView::traverseForPaintInvalidation() fake paint,
which creates a GraphicsContext with no platform context. However, we could hit ScrollView::paintScrollbars()
which tried to get at the platform context, and then crashed.

So protect two functions in ScrollbarThemeMac with if (context.paintingDisabled()) checks. I verified
that other scrollbar-related painting code paths were already protected.

Hard to test because it depends on async image decoding timing.

* platform/mac/ScrollbarThemeMac.mm:
(WebCore::ScrollbarThemeMac::paint):
(WebCore::ScrollbarThemeMac::paintScrollCorner):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (239846 => 239847)


--- trunk/Source/WebCore/ChangeLog	2019-01-10 22:36:56 UTC (rev 239846)
+++ trunk/Source/WebCore/ChangeLog	2019-01-10 22:50:13 UTC (rev 239847)
@@ -1,3 +1,24 @@
+2019-01-10  Simon Fraser  <simon.fra...@apple.com>
+
+        Fix rare crash under ScrollbarThemeMac::paintScrollCorner()
+        https://bugs.webkit.org/show_bug.cgi?id=193337
+        rdar://problem/47179993
+
+        Reviewed by Zalan Bujtas.
+        
+        Async image decoding can trigger a FrameView::traverseForPaintInvalidation() fake paint,
+        which creates a GraphicsContext with no platform context. However, we could hit ScrollView::paintScrollbars()
+        which tried to get at the platform context, and then crashed.
+        
+        So protect two functions in ScrollbarThemeMac with if (context.paintingDisabled()) checks. I verified
+        that other scrollbar-related painting code paths were already protected.
+
+        Hard to test because it depends on async image decoding timing.
+
+        * platform/mac/ScrollbarThemeMac.mm:
+        (WebCore::ScrollbarThemeMac::paint):
+        (WebCore::ScrollbarThemeMac::paintScrollCorner):
+
 2019-01-10  Myles C. Maxfield  <mmaxfi...@apple.com>
 
         [WHLSL] Implement parser AST nodes

Modified: trunk/Source/WebCore/platform/mac/ScrollbarThemeMac.mm (239846 => 239847)


--- trunk/Source/WebCore/platform/mac/ScrollbarThemeMac.mm	2019-01-10 22:36:56 UTC (rev 239846)
+++ trunk/Source/WebCore/platform/mac/ScrollbarThemeMac.mm	2019-01-10 22:50:13 UTC (rev 239847)
@@ -550,6 +550,9 @@
 
 bool ScrollbarThemeMac::paint(Scrollbar& scrollbar, GraphicsContext& context, const IntRect& damageRect)
 {
+    if (context.paintingDisabled())
+        return false;
+
     setPaintCharacteristicsForScrollbar(scrollbar);
 
     if (scrollbar.supportsUpdateOnSecondaryThread())
@@ -568,6 +571,9 @@
 
 void ScrollbarThemeMac::paintScrollCorner(GraphicsContext& context, const IntRect& cornerRect)
 {
+    if (context.paintingDisabled())
+        return;
+
     LocalCurrentGraphicsContext localContext(context);
 
     auto cornerDrawingOptions = @{ (__bridge NSString *)kCUIWidgetKey: (__bridge NSString *)kCUIWidgetScrollBarTrackCorner,

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to