Skip to site navigation (Press enter)

[webkit-changes] [186134] trunk/Source

simon . fraser Tue, 30 Jun 2015 15:01:15 -0700

Title: [186134] trunk/Source

Revision: 186134
Author: [email protected]
Date: 2015-06-30 15:00:36 -0700 (Tue, 30 Jun 2015)

Log Message

Crash under _layoutForNodeHighlight: when inspecting espn.com
https://bugs.webkit.org/show_bug.cgi?id=146422


Reviewed by Joseph Pecoraro.
Source/WebKit/mac:

When inspecting espn.com, MobileSafari sometimes crashes, because
highlight.quads is empty. I was not able to quickly determine why.

Fix by bailing in this case.

* WebInspector/WebNodeHighlightView.mm:
(-[WebNodeHighlightView _layoutForNodeHighlight:parent:]):

Source/WebKit2:

When inspecting espn.com, MobileSafari sometimes crashes, because
highlight.quads is empty. I was not able to quickly determine why.

Fix by bailing in this case.

* UIProcess/WKInspectorHighlightView.mm:
(-[WKInspectorHighlightView _layoutForNodeHighlight:]):

Modified Paths

trunk/Source/WebKit/mac/ChangeLog
trunk/Source/WebKit/mac/WebInspector/WebNodeHighlightView.mm
trunk/Source/WebKit2/ChangeLog
trunk/Source/WebKit2/UIProcess/WKInspectorHighlightView.mm

Diff

Modified: trunk/Source/WebKit/mac/ChangeLog (186133 => 186134)


--- trunk/Source/WebKit/mac/ChangeLog	2015-06-30 21:45:55 UTC (rev 186133)
+++ trunk/Source/WebKit/mac/ChangeLog	2015-06-30 22:00:36 UTC (rev 186134)
@@ -1,3 +1,18 @@
+2015-06-30  Simon Fraser  <[email protected]>
+
+        Crash under _layoutForNodeHighlight: when inspecting espn.com
+        https://bugs.webkit.org/show_bug.cgi?id=146422
+
+        Reviewed by Joseph Pecoraro.
+
+        When inspecting espn.com, MobileSafari sometimes crashes, because
+        highlight.quads is empty. I was not able to quickly determine why.
+
+        Fix by bailing in this case.
+
+        * WebInspector/WebNodeHighlightView.mm:
+        (-[WebNodeHighlightView _layoutForNodeHighlight:parent:]):
+
 2015-06-30  Anders Carlsson  <[email protected]>
 
         Remove the WK_ENABLE_FORMAL_DELEGATE_PROTOCOLS ifdefs now that this is always true

Modified: trunk/Source/WebKit/mac/WebInspector/WebNodeHighlightView.mm (186133 => 186134)


--- trunk/Source/WebKit/mac/WebInspector/WebNodeHighlightView.mm	2015-06-30 21:45:55 UTC (rev 186133)
+++ trunk/Source/WebKit/mac/WebInspector/WebNodeHighlightView.mm	2015-06-30 22:00:36 UTC (rev 186134)
@@ -261,8 +261,13 @@
     CGPathRelease(path);
 }
 
-- (void)_layoutForNodeHighlight:(Highlight*)h parent:(CALayer *)parentLayer
+- (void)_layoutForNodeHighlight:(Highlight*)highlight parent:(CALayer *)parentLayer
 {
+    if (!highlight->quads.size()) {
+        [self _removeAllLayers];
+        return;
+    }
+
     [self _attach:parentLayer numLayers:4];
 
     CAShapeLayer *marginLayer = [_layers objectAtIndex:0];
@@ -270,15 +275,15 @@
     CAShapeLayer *paddingLayer = [_layers objectAtIndex:2];
     CAShapeLayer *contentLayer = [_layers objectAtIndex:3];
 
-    FloatQuad marginQuad = h->quads[0];
-    FloatQuad borderQuad = h->quads[1];
-    FloatQuad paddingQuad = h->quads[2];
-    FloatQuad contentQuad = h->quads[3];
+    FloatQuad marginQuad = highlight->quads[0];
+    FloatQuad borderQuad = highlight->quads[1];
+    FloatQuad paddingQuad = highlight->quads[2];
+    FloatQuad contentQuad = highlight->quads[3];
 
-    marginLayer.fillColor = cachedCGColor(h->marginColor, ColorSpaceDeviceRGB);
-    borderLayer.fillColor = cachedCGColor(h->borderColor, ColorSpaceDeviceRGB);
-    paddingLayer.fillColor = cachedCGColor(h->paddingColor, ColorSpaceDeviceRGB);
-    contentLayer.fillColor = cachedCGColor(h->contentColor, ColorSpaceDeviceRGB);
+    marginLayer.fillColor = cachedCGColor(highlight->marginColor, ColorSpaceDeviceRGB);
+    borderLayer.fillColor = cachedCGColor(highlight->borderColor, ColorSpaceDeviceRGB);
+    paddingLayer.fillColor = cachedCGColor(highlight->paddingColor, ColorSpaceDeviceRGB);
+    contentLayer.fillColor = cachedCGColor(highlight->contentColor, ColorSpaceDeviceRGB);
 
     layerPathWithHole(marginLayer, marginQuad, borderQuad);
     layerPathWithHole(borderLayer, borderQuad, paddingQuad);
@@ -286,9 +291,9 @@
     layerPath(contentLayer, contentQuad);
 }
 
-- (void)_layoutForRectsHighlight:(Highlight*)h parent:(CALayer *)parentLayer
+- (void)_layoutForRectsHighlight:(Highlight*)highlight parent:(CALayer *)parentLayer
 {
-    NSUInteger numLayers = (NSUInteger)h->quads.size();
+    NSUInteger numLayers = highlight->quads.size();
     if (!numLayers) {
         [self _removeAllLayers];
         return;
@@ -296,11 +301,11 @@
 
     [self _attach:parentLayer numLayers:numLayers];
 
-    CGColorRef contentColor = cachedCGColor(h->contentColor, ColorSpaceDeviceRGB);
+    CGColorRef contentColor = cachedCGColor(highlight->contentColor, ColorSpaceDeviceRGB);
     for (NSUInteger i = 0; i < numLayers; ++i) {
         CAShapeLayer *layer = [_layers objectAtIndex:i];
         layer.fillColor = contentColor;
-        layerPath(layer, h->quads[i]);
+        layerPath(layer, highlight->quads[i]);
     }
 }

Modified: trunk/Source/WebKit2/ChangeLog (186133 => 186134)


--- trunk/Source/WebKit2/ChangeLog	2015-06-30 21:45:55 UTC (rev 186133)
+++ trunk/Source/WebKit2/ChangeLog	2015-06-30 22:00:36 UTC (rev 186134)
@@ -1,3 +1,18 @@
+2015-06-30  Simon Fraser  <[email protected]>
+
+        Crash under _layoutForNodeHighlight: when inspecting espn.com
+        https://bugs.webkit.org/show_bug.cgi?id=146422
+
+        Reviewed by Joseph Pecoraro.
+        
+        When inspecting espn.com, MobileSafari sometimes crashes, because
+        highlight.quads is empty. I was not able to quickly determine why.
+
+        Fix by bailing in this case.
+
+        * UIProcess/WKInspectorHighlightView.mm:
+        (-[WKInspectorHighlightView _layoutForNodeHighlight:]):
+
 2015-06-30  Matt Baker  <[email protected]>
 
         Web Inspector: Reduce rendering frames "Other" time by instrumenting compositing

Modified: trunk/Source/WebKit2/UIProcess/WKInspectorHighlightView.mm (186133 => 186134)


--- trunk/Source/WebKit2/UIProcess/WKInspectorHighlightView.mm	2015-06-30 21:45:55 UTC (rev 186133)
+++ trunk/Source/WebKit2/UIProcess/WKInspectorHighlightView.mm	2015-06-30 22:00:36 UTC (rev 186134)
@@ -214,6 +214,11 @@
 
 - (void)_layoutForNodeHighlight:(const Highlight&)highlight
 {
+    if (!highlight.quads.size()) {
+        [self _removeAllLayers];
+        return;
+    }
+
     [self _createLayers:4];
 
     CAShapeLayer *marginLayer = [_layers objectAtIndex:0];
@@ -239,7 +244,7 @@
 
 - (void)_layoutForRectsHighlight:(const Highlight&)highlight
 {
-    NSUInteger numLayers = (NSUInteger)highlight.quads.size();
+    NSUInteger numLayers = highlight.quads.size();
     if (!numLayers) {
         [self _removeAllLayers];
         return;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes