[webkit-changes] [182371] trunk/Source/WebCore

Sun, 05 Apr 2015 18:43:47 -0700

Title: [182371] trunk/Source/WebCore
Revision
182371
Author
da...@apple.com
Date
2015-04-05 18:43:32 -0700 (Sun, 05 Apr 2015)

Log Message

REGRESSION (r181778): Crash after scrolling Google search result page
https://bugs.webkit.org/show_bug.cgi?id=143431

Reviewed by Simon Fraser.

I can't reproduce this crash, nor was I able to make a regression test,
but the crash data makes it clear this is a null dereference.

* page/animation/AnimationController.cpp:
(WebCore::AnimationControllerPrivate::scrollWasUpdated): Check the result
of Frame::view for null. We know this is only called when there is a
valid FrameView, but it can be called after Frame::m_view is already null.

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (182370 => 182371)


--- trunk/Source/WebCore/ChangeLog	2015-04-06 01:32:12 UTC (rev 182370)
+++ trunk/Source/WebCore/ChangeLog	2015-04-06 01:43:32 UTC (rev 182371)
@@ -1,3 +1,18 @@
+2015-04-05  Darin Adler  <da...@apple.com>
+
+        REGRESSION (r181778): Crash after scrolling Google search result page
+        https://bugs.webkit.org/show_bug.cgi?id=143431
+
+        Reviewed by Simon Fraser.
+
+        I can't reproduce this crash, nor was I able to make a regression test,
+        but the crash data makes it clear this is a null dereference.
+
+        * page/animation/AnimationController.cpp:
+        (WebCore::AnimationControllerPrivate::scrollWasUpdated): Check the result
+        of Frame::view for null. We know this is only called when there is a
+        valid FrameView, but it can be called after Frame::m_view is already null.
+
 2015-04-05  Andy Estes  <aes...@apple.com>
 
         [Content Filtering] Tell the filter about requests and redirects

Modified: trunk/Source/WebCore/page/animation/AnimationController.cpp (182370 => 182371)


--- trunk/Source/WebCore/page/animation/AnimationController.cpp	2015-04-06 01:32:12 UTC (rev 182370)
+++ trunk/Source/WebCore/page/animation/AnimationController.cpp	2015-04-06 01:43:32 UTC (rev 182371)
@@ -519,8 +519,10 @@
 #if ENABLE(CSS_ANIMATIONS_LEVEL_2)
 void AnimationControllerPrivate::scrollWasUpdated()
 {
-    m_scrollPosition = m_frame.view()->scrollOffsetForFixedPosition().height().toFloat();
-
+    auto* view = m_frame.view();
+    if (!view)
+        return;
+    m_scrollPosition = view->scrollOffsetForFixedPosition().height().toFloat();
     updateAnimations(CallSetChanged);
 }
 #endif

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to