Title: [131345] tags/Safari-537.15/Source/WebCore
- Revision
- 131345
- Author
- lforsch...@apple.com
- Date
- 2012-10-15 13:21:20 -0700 (Mon, 15 Oct 2012)
Log Message
Merged r131336.
Modified Paths
Diff
Modified: tags/Safari-537.15/Source/WebCore/ChangeLog (131344 => 131345)
--- tags/Safari-537.15/Source/WebCore/ChangeLog 2012-10-15 20:11:41 UTC (rev 131344)
+++ tags/Safari-537.15/Source/WebCore/ChangeLog 2012-10-15 20:21:20 UTC (rev 131345)
@@ -1,3 +1,23 @@
+2012-10-15 Lucas Forschler <lforsch...@apple.com>
+
+ Merge r131336.
+
+ 2012-10-15 Beth Dakin <bda...@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=99350
+ REGRESSION (r131238): Repro crash in
+ WebCore::ScrollingStateTree::removeNode(WebCore::ScrollingStateNode*)
+ opening pdf page
+ -and corresponding-
+ <rdar://problem/12499839>
+
+ Reviewed by Simon Fraser.
+
+ We have to null-check node here. It won't be found if
+ clearStateTree() was recently called.
+ * page/scrolling/mac/ScrollingCoordinatorMac.mm:
+ (WebCore::ScrollingCoordinatorMac::detachFromStateTree):
+
2012-10-14 Sam Weinig <s...@webkit.org>
Simplify user content in WebKit2 by using WebCore::UserStyleSheet and WebCore::UserScript directly
Modified: tags/Safari-537.15/Source/WebCore/page/scrolling/mac/ScrollingCoordinatorMac.mm (131344 => 131345)
--- tags/Safari-537.15/Source/WebCore/page/scrolling/mac/ScrollingCoordinatorMac.mm 2012-10-15 20:11:41 UTC (rev 131344)
+++ tags/Safari-537.15/Source/WebCore/page/scrolling/mac/ScrollingCoordinatorMac.mm 2012-10-15 20:21:20 UTC (rev 131345)
@@ -257,12 +257,16 @@
if (!scrollLayerID)
return;
+ // The node may not be found if clearStateTree() was recently called.
ScrollingStateNode* node = m_stateNodeMap.take(scrollLayerID);
+ if (!node)
+ return;
+
m_scrollingStateTree->removeNode(node);
// ScrollingStateTree::removeNode() will destroy children, so we have to make sure we remove those children
// from the HashMap.
- const Vector<ScrollingNodeID>& removedNodes = m_scrollingStateTree->removedNodes();
+ const Vector<ScrollingNodeID>& removedNodes = m_scrollingStateTree->removedNodes();
size_t size = removedNodes.size();
for (size_t i = 0; i < size; ++i)
m_stateNodeMap.remove(removedNodes[i]);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes
