Title: [289961] branches/safari-613.1.17.3-branch/Source/WebCore
- Revision
- 289961
- Author
- repst...@apple.com
- Date
- 2022-02-16 13:59:47 -0800 (Wed, 16 Feb 2022)
Log Message
Cherry-pick r289567. rdar://problem/88323864
Crash in in WebCore::CSSStyleSheet::didMutateRules
https://bugs.webkit.org/show_bug.cgi?id=236450
Patch by Gabriel Nava Marino <gnavamar...@apple.com> on 2022-02-10
Reviewed by Antti Koivisto.
Replace the raw pointer rule in RuleMutationScope with a RefPtr so it can be accessible
for the scope.
* css/CSSStyleSheet.cpp:
(WebCore::CSSStyleSheet::RuleMutationScope::~RuleMutationScope):
* css/CSSStyleSheet.h:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289567 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-613.1.17.3-branch/Source/WebCore/ChangeLog (289960 => 289961)
--- branches/safari-613.1.17.3-branch/Source/WebCore/ChangeLog 2022-02-16 21:59:41 UTC (rev 289960)
+++ branches/safari-613.1.17.3-branch/Source/WebCore/ChangeLog 2022-02-16 21:59:47 UTC (rev 289961)
@@ -1,3 +1,36 @@
+2022-02-16 Russell Epstein <repst...@apple.com>
+
+ Cherry-pick r289567. rdar://problem/88323864
+
+ Crash in in WebCore::CSSStyleSheet::didMutateRules
+ https://bugs.webkit.org/show_bug.cgi?id=236450
+
+ Patch by Gabriel Nava Marino <gnavamar...@apple.com> on 2022-02-10
+ Reviewed by Antti Koivisto.
+
+ Replace the raw pointer rule in RuleMutationScope with a RefPtr so it can be accessible
+ for the scope.
+
+ * css/CSSStyleSheet.cpp:
+ (WebCore::CSSStyleSheet::RuleMutationScope::~RuleMutationScope):
+ * css/CSSStyleSheet.h:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289567 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2022-02-10 Gabriel Nava Marino <gnavamar...@apple.com>
+
+ Crash in in WebCore::CSSStyleSheet::didMutateRules
+ https://bugs.webkit.org/show_bug.cgi?id=236450
+
+ Reviewed by Antti Koivisto.
+
+ Replace the raw pointer rule in RuleMutationScope with a RefPtr so it can be accessible
+ for the scope.
+
+ * css/CSSStyleSheet.cpp:
+ (WebCore::CSSStyleSheet::RuleMutationScope::~RuleMutationScope):
+ * css/CSSStyleSheet.h:
+
2022-02-10 Alan Coon <alanc...@apple.com>
Cherry-pick r288434. rdar://problem/56436745
Modified: branches/safari-613.1.17.3-branch/Source/WebCore/css/CSSStyleSheet.cpp (289960 => 289961)
--- branches/safari-613.1.17.3-branch/Source/WebCore/css/CSSStyleSheet.cpp 2022-02-16 21:59:41 UTC (rev 289960)
+++ branches/safari-613.1.17.3-branch/Source/WebCore/css/CSSStyleSheet.cpp 2022-02-16 21:59:47 UTC (rev 289961)
@@ -418,7 +418,7 @@
CSSStyleSheet::RuleMutationScope::~RuleMutationScope()
{
if (m_styleSheet)
- m_styleSheet->didMutateRules(m_mutationType, m_contentsWereClonedForMutation, m_insertedKeyframesRule, m_modifiedKeyframesRuleName);
+ m_styleSheet->didMutateRules(m_mutationType, m_contentsWereClonedForMutation, m_insertedKeyframesRule.get(), m_modifiedKeyframesRuleName);
}
}
Modified: branches/safari-613.1.17.3-branch/Source/WebCore/css/CSSStyleSheet.h (289960 => 289961)
--- branches/safari-613.1.17.3-branch/Source/WebCore/css/CSSStyleSheet.h 2022-02-16 21:59:41 UTC (rev 289960)
+++ branches/safari-613.1.17.3-branch/Source/WebCore/css/CSSStyleSheet.h 2022-02-16 21:59:47 UTC (rev 289961)
@@ -109,7 +109,7 @@
CSSStyleSheet* m_styleSheet;
RuleMutationType m_mutationType;
WhetherContentsWereClonedForMutation m_contentsWereClonedForMutation;
- StyleRuleKeyframes* m_insertedKeyframesRule;
+ RefPtr<StyleRuleKeyframes> m_insertedKeyframesRule;
String m_modifiedKeyframesRuleName;
};
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
