Title: [195618] branches/safari-601.1.46-branch/Source/WebCore
- Revision
- 195618
- Author
- matthew_han...@apple.com
- Date
- 2016-01-26 13:43:21 -0800 (Tue, 26 Jan 2016)
Log Message
Merge r195606. rdar://problem/24243317
Modified Paths
Diff
Modified: branches/safari-601.1.46-branch/Source/WebCore/ChangeLog (195617 => 195618)
--- branches/safari-601.1.46-branch/Source/WebCore/ChangeLog 2016-01-26 21:38:21 UTC (rev 195617)
+++ branches/safari-601.1.46-branch/Source/WebCore/ChangeLog 2016-01-26 21:43:21 UTC (rev 195618)
@@ -1,3 +1,30 @@
+2016-01-26 Matthew Hanson <matthew_han...@apple.com>
+
+ Merge r195606. rdar://problem/24243317
+
+ 2016-01-25 Dave Hyatt <hy...@apple.com>
+
+ Speculative fixes for crashing in viewportChangeAffectedPicture
+ https://bugs.webkit.org/show_bug.cgi?id=153450
+
+ Reviewed by Dean Jackson.
+
+ Don't attach any conditions to the removal of a picture element from
+ the document's HashSet. This ensures that if the condition is ever
+ wrong for any reason, we'll still remove the picture element on
+ destruction.
+
+ Fix the media query evaluation to match the other evaluations (used by
+ the preload scanner and HTMLImageElement). This includes using the
+ document element's computed style instead of our own and also null
+ checking the document element first. This is the likely cause of the
+ crashes.
+
+ * html/HTMLPictureElement.cpp:
+ (WebCore::HTMLPictureElement::~HTMLPictureElement):
+ (WebCore::HTMLPictureElement::didMoveToNewDocument):
+ (WebCore::HTMLPictureElement::viewportChangeAffectedPicture):
+
2016-01-20 Andy Estes <aes...@apple.com>
Re-enable synchronous popstate event for safari-601-branch
Modified: branches/safari-601.1.46-branch/Source/WebCore/html/HTMLPictureElement.cpp (195617 => 195618)
--- branches/safari-601.1.46-branch/Source/WebCore/html/HTMLPictureElement.cpp 2016-01-26 21:38:21 UTC (rev 195617)
+++ branches/safari-601.1.46-branch/Source/WebCore/html/HTMLPictureElement.cpp 2016-01-26 21:43:21 UTC (rev 195618)
@@ -39,13 +39,12 @@
HTMLPictureElement::~HTMLPictureElement()
{
- if (hasViewportDependentResults())
- document().removeViewportDependentPicture(*this);
+ document().removeViewportDependentPicture(*this);
}
void HTMLPictureElement::didMoveToNewDocument(Document* oldDocument)
{
- if (hasViewportDependentResults() && oldDocument)
+ if (oldDocument)
oldDocument->removeViewportDependentPicture(*this);
HTMLElement::didMoveToNewDocument(oldDocument);
sourcesChanged();
@@ -64,7 +63,7 @@
bool HTMLPictureElement::viewportChangeAffectedPicture()
{
- MediaQueryEvaluator evaluator(document().printing() ? "print" : "screen", document().frame(), computedStyle());
+ MediaQueryEvaluator evaluator(document().printing() ? "print" : "screen", document().frame(), document().documentElement() ? document().documentElement()->computedStyle() : nullptr);
unsigned numResults = m_viewportDependentMediaQueryResults.size();
for (unsigned i = 0; i < numResults; i++) {
if (evaluator.eval(&m_viewportDependentMediaQueryResults[i]->m_expression) != m_viewportDependentMediaQueryResults[i]->m_result)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
