Skip to site navigation (Press enter)

[webkit-changes] [269006] branches/safari-611.1.4-branch/Source/WebCore

alancoon Mon, 26 Oct 2020 18:14:22 -0700

Title: [269006] branches/safari-611.1.4-branch/Source/WebCore

Revision: 269006
Author: [email protected]
Date: 2020-10-26 18:12:56 -0700 (Mon, 26 Oct 2020)

Log Message

Cherry-pick r268701. rdar://problem/70702378


    Fix possible crash in GraphicsLayerCA::computeVisibleAndCoverageRect()
    https://bugs.webkit.org/show_bug.cgi?id=217930
    <rdar://problem/70316943>

    Reviewed by Tim Horton.

    If we made a m_overflowControlsHostLayerAncestorClippingStack, make sure we unparent
    its layers when tearing down the RenderLayerBacking, and when we determine that we
    longer need a m_ancestorClippingStack (having a m_overflowControlsHostLayerAncestorClippingStack
    implies that we have a m_ancestorClippingStack).

    * rendering/RenderLayerBacking.cpp:
    (WebCore::RenderLayerBacking::destroyGraphicsLayers):
    (WebCore::RenderLayerBacking::updateAncestorClipping):

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268701 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

branches/safari-611.1.4-branch/Source/WebCore/ChangeLog
branches/safari-611.1.4-branch/Source/WebCore/rendering/RenderLayerBacking.cpp

Diff

Modified: branches/safari-611.1.4-branch/Source/WebCore/ChangeLog (269005 => 269006)


--- branches/safari-611.1.4-branch/Source/WebCore/ChangeLog	2020-10-27 01:12:52 UTC (rev 269005)
+++ branches/safari-611.1.4-branch/Source/WebCore/ChangeLog	2020-10-27 01:12:56 UTC (rev 269006)
@@ -1,5 +1,43 @@
 2020-10-26  Alan Coon  <[email protected]>
 
+        Cherry-pick r268701. rdar://problem/70702378
+
+    Fix possible crash in GraphicsLayerCA::computeVisibleAndCoverageRect()
+    https://bugs.webkit.org/show_bug.cgi?id=217930
+    <rdar://problem/70316943>
+    
+    Reviewed by Tim Horton.
+    
+    If we made a m_overflowControlsHostLayerAncestorClippingStack, make sure we unparent
+    its layers when tearing down the RenderLayerBacking, and when we determine that we
+    longer need a m_ancestorClippingStack (having a m_overflowControlsHostLayerAncestorClippingStack
+    implies that we have a m_ancestorClippingStack).
+    
+    * rendering/RenderLayerBacking.cpp:
+    (WebCore::RenderLayerBacking::destroyGraphicsLayers):
+    (WebCore::RenderLayerBacking::updateAncestorClipping):
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268701 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2020-10-19  Simon Fraser  <[email protected]>
+
+            Fix possible crash in GraphicsLayerCA::computeVisibleAndCoverageRect()
+            https://bugs.webkit.org/show_bug.cgi?id=217930
+            <rdar://problem/70316943>
+
+            Reviewed by Tim Horton.
+
+            If we made a m_overflowControlsHostLayerAncestorClippingStack, make sure we unparent
+            its layers when tearing down the RenderLayerBacking, and when we determine that we
+            longer need a m_ancestorClippingStack (having a m_overflowControlsHostLayerAncestorClippingStack
+            implies that we have a m_ancestorClippingStack).
+
+            * rendering/RenderLayerBacking.cpp:
+            (WebCore::RenderLayerBacking::destroyGraphicsLayers):
+            (WebCore::RenderLayerBacking::updateAncestorClipping):
+
+2020-10-26  Alan Coon  <[email protected]>
+
         Cherry-pick r268695. rdar://problem/70702399
 
     Unreviewed, reverting r267175 and r267779.

Modified: branches/safari-611.1.4-branch/Source/WebCore/rendering/RenderLayerBacking.cpp (269005 => 269006)


--- branches/safari-611.1.4-branch/Source/WebCore/rendering/RenderLayerBacking.cpp	2020-10-27 01:12:52 UTC (rev 269005)
+++ branches/safari-611.1.4-branch/Source/WebCore/rendering/RenderLayerBacking.cpp	2020-10-27 01:12:56 UTC (rev 269006)
@@ -578,11 +578,12 @@
 
     GraphicsLayer::clear(m_maskLayer);
 
-    if (m_ancestorClippingStack) {
-        for (auto& entry : m_ancestorClippingStack->stack())
-            GraphicsLayer::unparentAndClear(entry.clippingLayer);
-    }
+    if (m_ancestorClippingStack)
+        removeClippingStackLayers(*m_ancestorClippingStack);
 
+    if (m_overflowControlsHostLayerAncestorClippingStack)
+        removeClippingStackLayers(*m_overflowControlsHostLayerAncestorClippingStack);
+
     GraphicsLayer::unparentAndClear(m_contentsContainmentLayer);
     GraphicsLayer::unparentAndClear(m_foregroundLayer);
     GraphicsLayer::unparentAndClear(m_backgroundLayer);
@@ -1926,8 +1927,13 @@
         }
     } else if (m_ancestorClippingStack) {
         removeClippingStackLayers(*m_ancestorClippingStack);
-
         m_ancestorClippingStack = nullptr;
+        
+        if (m_overflowControlsHostLayerAncestorClippingStack) {
+            removeClippingStackLayers(*m_overflowControlsHostLayerAncestorClippingStack);
+            m_overflowControlsHostLayerAncestorClippingStack = nullptr;
+        }
+        
         layersChanged = true;
     }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes