Skip to site navigation (Press enter)

[webkit-changes] [268743] branches/safari-610.2.11.51-branch/Source/WebCore

alancoon Tue, 20 Oct 2020 10:19:15 -0700

Title: [268743] branches/safari-610.2.11.51-branch/Source/WebCore

Revision: 268743
Author: alanc...@apple.com
Date: 2020-10-20 10:17:59 -0700 (Tue, 20 Oct 2020)

Log Message

Cherry-pick r268701. rdar://problem/70488900


    Fix possible crash in GraphicsLayerCA::computeVisibleAndCoverageRect()
    https://bugs.webkit.org/show_bug.cgi?id=217930
    <rdar://problem/70316943>

    Reviewed by Tim Horton.

    If we made a m_overflowControlsHostLayerAncestorClippingStack, make sure we unparent
    its layers when tearing down the RenderLayerBacking, and when we determine that we
    longer need a m_ancestorClippingStack (having a m_overflowControlsHostLayerAncestorClippingStack
    implies that we have a m_ancestorClippingStack).

    * rendering/RenderLayerBacking.cpp:
    (WebCore::RenderLayerBacking::destroyGraphicsLayers):
    (WebCore::RenderLayerBacking::updateAncestorClipping):

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268701 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

branches/safari-610.2.11.51-branch/Source/WebCore/ChangeLog
branches/safari-610.2.11.51-branch/Source/WebCore/rendering/RenderLayerBacking.cpp

Diff

Modified: branches/safari-610.2.11.51-branch/Source/WebCore/ChangeLog (268742 => 268743)


--- branches/safari-610.2.11.51-branch/Source/WebCore/ChangeLog	2020-10-20 17:16:16 UTC (rev 268742)
+++ branches/safari-610.2.11.51-branch/Source/WebCore/ChangeLog	2020-10-20 17:17:59 UTC (rev 268743)
@@ -1,3 +1,41 @@
+2020-10-20  Alan Coon  <alanc...@apple.com>
+
+        Cherry-pick r268701. rdar://problem/70488900
+
+    Fix possible crash in GraphicsLayerCA::computeVisibleAndCoverageRect()
+    https://bugs.webkit.org/show_bug.cgi?id=217930
+    <rdar://problem/70316943>
+    
+    Reviewed by Tim Horton.
+    
+    If we made a m_overflowControlsHostLayerAncestorClippingStack, make sure we unparent
+    its layers when tearing down the RenderLayerBacking, and when we determine that we
+    longer need a m_ancestorClippingStack (having a m_overflowControlsHostLayerAncestorClippingStack
+    implies that we have a m_ancestorClippingStack).
+    
+    * rendering/RenderLayerBacking.cpp:
+    (WebCore::RenderLayerBacking::destroyGraphicsLayers):
+    (WebCore::RenderLayerBacking::updateAncestorClipping):
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268701 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2020-10-19  Simon Fraser  <simon.fra...@apple.com>
+
+            Fix possible crash in GraphicsLayerCA::computeVisibleAndCoverageRect()
+            https://bugs.webkit.org/show_bug.cgi?id=217930
+            <rdar://problem/70316943>
+
+            Reviewed by Tim Horton.
+
+            If we made a m_overflowControlsHostLayerAncestorClippingStack, make sure we unparent
+            its layers when tearing down the RenderLayerBacking, and when we determine that we
+            longer need a m_ancestorClippingStack (having a m_overflowControlsHostLayerAncestorClippingStack
+            implies that we have a m_ancestorClippingStack).
+
+            * rendering/RenderLayerBacking.cpp:
+            (WebCore::RenderLayerBacking::destroyGraphicsLayers):
+            (WebCore::RenderLayerBacking::updateAncestorClipping):
+
 2020-10-19  Kocsen Chung  <kocsen_ch...@apple.com>
 
         Cherry-pick r266787. rdar://problem/70447326

Modified: branches/safari-610.2.11.51-branch/Source/WebCore/rendering/RenderLayerBacking.cpp (268742 => 268743)


--- branches/safari-610.2.11.51-branch/Source/WebCore/rendering/RenderLayerBacking.cpp	2020-10-20 17:16:16 UTC (rev 268742)
+++ branches/safari-610.2.11.51-branch/Source/WebCore/rendering/RenderLayerBacking.cpp	2020-10-20 17:17:59 UTC (rev 268743)
@@ -583,11 +583,12 @@
 
     GraphicsLayer::clear(m_maskLayer);
 
-    if (m_ancestorClippingStack) {
-        for (auto& entry : m_ancestorClippingStack->stack())
-            GraphicsLayer::unparentAndClear(entry.clippingLayer);
-    }
+    if (m_ancestorClippingStack)
+        removeClippingStackLayers(*m_ancestorClippingStack);
 
+    if (m_overflowControlsHostLayerAncestorClippingStack)
+        removeClippingStackLayers(*m_overflowControlsHostLayerAncestorClippingStack);
+
     GraphicsLayer::unparentAndClear(m_contentsContainmentLayer);
     GraphicsLayer::unparentAndClear(m_foregroundLayer);
     GraphicsLayer::unparentAndClear(m_backgroundLayer);
@@ -1937,8 +1938,13 @@
         }
     } else if (m_ancestorClippingStack) {
         removeClippingStackLayers(*m_ancestorClippingStack);
-
         m_ancestorClippingStack = nullptr;
+        
+        if (m_overflowControlsHostLayerAncestorClippingStack) {
+            removeClippingStackLayers(*m_overflowControlsHostLayerAncestorClippingStack);
+            m_overflowControlsHostLayerAncestorClippingStack = nullptr;
+        }
+        
         layersChanged = true;
     }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes