Bug 162729

Summary: RenderLayer::clipRects may return nullptr.
Product: WebKit Reporter: alan <zalan>
Component: Layout and RenderingAssignee: alan <zalan>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
cdumez: review-
Patch
cdumez: review+
Patch none

alan
Reported 2016-09-29 09:44:58 PDT
clipRects = *parent()->clipRects(clipRectsContext); is unsafe.
Attachments
Patch (4.75 KB, patch)
2016-09-29 09:52 PDT, alan 		cdumez: review-
DetailsFormatted DiffDiff
Patch (12.48 KB, patch)
2016-09-29 12:30 PDT, alan 		cdumez: review+
DetailsFormatted DiffDiff
Patch (12.42 KB, patch)
2016-09-30 09:19 PDT, alan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
alan
Comment 1 2016-09-29 09:52:18 PDT
Created attachment 290208 [details] Patch
Chris Dumez
Comment 2 2016-09-29 10:04:01 PDT
Comment on attachment 290208 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=290208&action=review > Source/WebCore/rendering/RenderLayer.cpp:-5572 > - clipRects = *parent()->clipRects(clipRectsContext); This is actually safe although non obvious. I suggest we update updateClipRects() to return the cached value and return that.
alan
Comment 3 2016-09-29 12:30:14 PDT
Created attachment 290232 [details] Patch
Chris Dumez
Comment 4 2016-09-29 12:32:22 PDT
Comment on attachment 290232 [details] Patch Gorgeous, r=me
alan
Comment 5 2016-09-30 09:19:45 PDT
Created attachment 290335 [details] Patch
WebKit Commit Bot
Comment 6 2016-09-30 09:55:11 PDT
Comment on attachment 290335 [details] Patch Clearing flags on attachment: 290335 Committed r206639: <http://trac.webkit.org/changeset/206639>
WebKit Commit Bot
Comment 7 2016-09-30 09:55:15 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.