Title: [240717] trunk/Source/WebKit
- Revision
- 240717
- Author
- [email protected]
- Date
- 2019-01-30 10:44:24 -0800 (Wed, 30 Jan 2019)
Log Message
Crash in WebKit::RemoteLayerTreePropertyApplier::updateChildren
https://bugs.webkit.org/show_bug.cgi?id=193897
<rdar://problem/47427750>
Reviewed by Simon Fraser.
There has been some null pointer crashes where we fail to find a remote layer tree node that matches
the transaction properties.
* Shared/RemoteLayerTree/RemoteLayerTreePropertyApplier.mm:
(WebKit::RemoteLayerTreePropertyApplier::updateChildren):
Null check the nodes.
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (240716 => 240717)
--- trunk/Source/WebKit/ChangeLog 2019-01-30 18:42:07 UTC (rev 240716)
+++ trunk/Source/WebKit/ChangeLog 2019-01-30 18:44:24 UTC (rev 240717)
@@ -1,3 +1,19 @@
+2019-01-30 Antti Koivisto <[email protected]>
+
+ Crash in WebKit::RemoteLayerTreePropertyApplier::updateChildren
+ https://bugs.webkit.org/show_bug.cgi?id=193897
+ <rdar://problem/47427750>
+
+ Reviewed by Simon Fraser.
+
+ There has been some null pointer crashes where we fail to find a remote layer tree node that matches
+ the transaction properties.
+
+ * Shared/RemoteLayerTree/RemoteLayerTreePropertyApplier.mm:
+ (WebKit::RemoteLayerTreePropertyApplier::updateChildren):
+
+ Null check the nodes.
+
2019-01-30 Simon Fraser <[email protected]>
Add some basic geometry information to the scrolling tree
Modified: trunk/Source/WebKit/Shared/RemoteLayerTree/RemoteLayerTreePropertyApplier.mm (240716 => 240717)
--- trunk/Source/WebKit/Shared/RemoteLayerTree/RemoteLayerTreePropertyApplier.mm 2019-01-30 18:42:07 UTC (rev 240716)
+++ trunk/Source/WebKit/Shared/RemoteLayerTree/RemoteLayerTreePropertyApplier.mm 2019-01-30 18:44:24 UTC (rev 240717)
@@ -277,7 +277,11 @@
auto hasViewChildren = [&] {
if (node.uiView() && [[node.uiView() subviews] count])
return true;
- return !properties.children.isEmpty() && relatedLayers.get(properties.children.first())->uiView();
+ if (properties.children.isEmpty())
+ return false;
+ auto* childNode = relatedLayers.get(properties.children.first());
+ ASSERT(childNode);
+ return childNode && childNode->uiView();
};
auto contentView = [&] {
@@ -295,6 +299,9 @@
RetainPtr<NSMutableArray> subviews = adoptNS([[NSMutableArray alloc] initWithCapacity:properties.children.size()]);
for (auto& child : properties.children) {
auto* childNode = relatedLayers.get(child);
+ ASSERT(childNode);
+ if (!childNode)
+ continue;
ASSERT(childNode->uiView());
[subviews addObject:childNode->uiView()];
}
@@ -307,6 +314,9 @@
RetainPtr<NSMutableArray> sublayers = adoptNS([[NSMutableArray alloc] initWithCapacity:properties.children.size()]);
for (auto& child : properties.children) {
auto* childNode = relatedLayers.get(child);
+ ASSERT(childNode);
+ if (!childNode)
+ continue;
#if PLATFORM(IOS_FAMILY)
ASSERT(!childNode->uiView());
#endif
@@ -339,7 +349,11 @@
return;
}
- CALayer *maskLayer = relatedLayers.get(properties.maskLayerID)->layer();
+ auto* maskNode = relatedLayers.get(properties.maskLayerID);
+ ASSERT(maskNode);
+ if (!maskNode)
+ return;
+ CALayer *maskLayer = maskNode->layer();
ASSERT(!maskLayer.superlayer);
if (maskLayer.superlayer)
return;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
