Title: [195720] branches/safari-601-branch/Source/WebCore
- Revision
- 195720
- Author
- matthew_han...@apple.com
- Date
- 2016-01-27 17:34:31 -0800 (Wed, 27 Jan 2016)
Log Message
Merge r195606. rdar://problem/24242476
Modified Paths
Diff
Modified: branches/safari-601-branch/Source/WebCore/ChangeLog (195719 => 195720)
--- branches/safari-601-branch/Source/WebCore/ChangeLog 2016-01-28 01:34:28 UTC (rev 195719)
+++ branches/safari-601-branch/Source/WebCore/ChangeLog 2016-01-28 01:34:31 UTC (rev 195720)
@@ -1,5 +1,32 @@
2016-01-27 Matthew Hanson <matthew_han...@apple.com>
+ Merge r195606. rdar://problem/24242476
+
+ 2016-01-25 Dave Hyatt <hy...@apple.com>
+
+ Speculative fixes for crashing in viewportChangeAffectedPicture
+ https://bugs.webkit.org/show_bug.cgi?id=153450
+
+ Reviewed by Dean Jackson.
+
+ Don't attach any conditions to the removal of a picture element from
+ the document's HashSet. This ensures that if the condition is ever
+ wrong for any reason, we'll still remove the picture element on
+ destruction.
+
+ Fix the media query evaluation to match the other evaluations (used by
+ the preload scanner and HTMLImageElement). This includes using the
+ document element's computed style instead of our own and also null
+ checking the document element first. This is the likely cause of the
+ crashes.
+
+ * html/HTMLPictureElement.cpp:
+ (WebCore::HTMLPictureElement::~HTMLPictureElement):
+ (WebCore::HTMLPictureElement::didMoveToNewDocument):
+ (WebCore::HTMLPictureElement::viewportChangeAffectedPicture):
+
+2016-01-27 Matthew Hanson <matthew_han...@apple.com>
+
Merge r195477. rdar://problem/24002217
2016-01-21 Sam Weinig <s...@webkit.org>
Modified: branches/safari-601-branch/Source/WebCore/html/HTMLPictureElement.cpp (195719 => 195720)
--- branches/safari-601-branch/Source/WebCore/html/HTMLPictureElement.cpp 2016-01-28 01:34:28 UTC (rev 195719)
+++ branches/safari-601-branch/Source/WebCore/html/HTMLPictureElement.cpp 2016-01-28 01:34:31 UTC (rev 195720)
@@ -39,13 +39,12 @@
HTMLPictureElement::~HTMLPictureElement()
{
- if (hasViewportDependentResults())
- document().removeViewportDependentPicture(*this);
+ document().removeViewportDependentPicture(*this);
}
void HTMLPictureElement::didMoveToNewDocument(Document* oldDocument)
{
- if (hasViewportDependentResults() && oldDocument)
+ if (oldDocument)
oldDocument->removeViewportDependentPicture(*this);
HTMLElement::didMoveToNewDocument(oldDocument);
sourcesChanged();
@@ -64,7 +63,7 @@
bool HTMLPictureElement::viewportChangeAffectedPicture()
{
- MediaQueryEvaluator evaluator(document().printing() ? "print" : "screen", document().frame(), computedStyle());
+ MediaQueryEvaluator evaluator(document().printing() ? "print" : "screen", document().frame(), document().documentElement() ? document().documentElement()->computedStyle() : nullptr);
unsigned numResults = m_viewportDependentMediaQueryResults.size();
for (unsigned i = 0; i < numResults; i++) {
if (evaluator.eval(&m_viewportDependentMediaQueryResults[i]->m_expression) != m_viewportDependentMediaQueryResults[i]->m_result)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
