141551 – Crashes under RenderLayer::hitTestLayer under determinePrimarySnapshottedPlugIn()

RESOLVED FIXED 141551

Crashes under RenderLayer::hitTestLayer under determinePrimarySnapshottedPlugIn()

https://bugs.webkit.org/show_bug.cgi?id=141551

Summary Crashes under RenderLayer::hitTestLayer under determinePrimarySnapshottedPlug...

Simon Fraser (smfr)

Reported 2015-02-12 21:06:23 PST

Crashes under RenderLayer::hitTestLayer under determinePrimarySnapshottedPlugIn()

Attachments
Patch (5.29 KB, patch) 2015-02-12 21:16 PST, Simon Fraser (smfr)	zalan: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Simon Fraser (smfr)

Comment 1 2015-02-12 21:16:46 PST

Created attachment 246504 [details] Patch

zalan

Comment 2 2015-02-12 21:30:27 PST

Comment on attachment 246504 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=246504&action=review > Source/WebCore/page/FrameView.cpp:2577 > + for (auto& widget : children()) { const auto&? > Source/WebCore/page/FrameView.cpp:4008 > + // A child frame may have dirtied us during its layout. This is what frame flattening does and by judging the assertion above, it manages to resolve it without the extra layout. How is it different from that setup? > Source/WebCore/page/FrameView.h:125 > + bool needsStyleRecalcOrLayout(bool includeSubframes = true) const; We never call this function with includeSubframes = false; Could we drop this parameter?

Simon Fraser (smfr)

Comment 3 2015-02-13 11:05:19 PST

https://trac.webkit.org/r180063

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

Simon Fraser (smfr)

Reported

2015-02-12 21:06 PST

Modified

2015-02-13 11:05 PST History

CC List

8 users Show

URL

Keywords

Depends on

Blocks