Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: abb17906be3a7d238fb402c40620576a6b8951e3
https://github.com/WebKit/WebKit/commit/abb17906be3a7d238fb402c40620576a6b8951e3
Author: Alan Baradlay <za...@apple.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M Source/WebCore/page/FrameView.cpp
Log Message:
-----------
FrameView::m_pendingTextFragmentIndicatorRange may get reset unexpectedly
when the render tree is dirty
https://bugs.webkit.org/show_bug.cgi?id=247687
<rdar://101652475>
Reviewed by Wenson Hsieh.
This is a speculative fix to prevent a crash in TextIterator (via
scrollToTextFragmentRange).
The idea here is to prevent the scrolling code from re-entering layout (through
plainText() -> TextIterator -> updateLayoutIgnorePendingStylesheets())
when the render tree becomes dirty earlier at performPostLayoutTasks.
When we call plainText() the second time inside scrollToTextFragmentRange,
m_pendingTextFragmentIndicatorRange may have already been wiped out
as the result of re-entering layout through the first plainText() call.
* Source/WebCore/page/FrameView.cpp:
(WebCore::FrameView::scrollToTextFragmentRange):
1. Let's not scroll when the tree is dirty (the subsequent layout will call us
again anyway)
2. cache m_pendingTextFragmentIndicatorRange to preserve the range even through
re-entrancy.
Canonical link: https://commits.webkit.org/256506@main
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
