Bug 33863

Summary: Occasional crash when interacting with page with reflected WebGL
Product: WebKit Reporter: Simon Fraser (smfr) <simon.fraser>
Component: Layout and RenderingAssignee: Simon Fraser (smfr) <simon.fraser>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
Attachments:
Description Flags
Patch mitz: review+

Simon Fraser (smfr)
Reported 2010-01-19 13:42:19 PST
There's an issue where compositing layers for a reflection can be torn down, without clearing the original layer's replicaLayer pointer.
Attachments
Patch (5.89 KB, patch)
2010-01-19 13:50 PST, Simon Fraser (smfr) 		mitz: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Simon Fraser (smfr)
Comment 1 2010-01-19 13:50:09 PST
Created attachment 46949 [details] Patch
mitz
Comment 2 2010-01-19 14:39:20 PST
Comment on attachment 46949 [details] Patch > if (layer->backing()) { > + // If we're removing backing on a reflection, clear the source GraphicsLayer's pointer to > + // its replica GraphicsLayer. In practise this should never happen So can we add an assertion? > + if (layer->isReflection()) { > + RenderLayer* sourceLayer = toRenderBoxModelObject(layer->renderer()->parent())->layer(); > + if (RenderLayerBacking* backing = sourceLayer->backing()) > + backing->graphicsLayer()->setReplicatedByLayer(0); And also assert right before here that the graphicsLayer currently thinks that it’s replicated by our layer? r=me
Simon Fraser (smfr)
Comment 3 2010-01-19 16:37:59 PST
http://trac.webkit.org/changeset/53507
Simon Fraser (smfr)
Comment 4 2010-01-19 16:45:37 PST
http://trac.webkit.org/changeset/53507
Note You need to log in before you can comment on or make changes to this bug.