RESOLVED FIXED Bug 162729
RenderLayer::clipRects may return nullptr. 
https://bugs.webkit.org/show_bug.cgi?id=162729
Summary RenderLayer::clipRects may return nullptr.
zalan
Reported 2016-09-29 09:44:58 PDT
clipRects = *parent()->clipRects(clipRectsContext); is unsafe.
Attachments
Patch (4.75 KB, patch)
2016-09-29 09:52 PDT, zalan 		cdumez: review-
DetailsFormatted DiffDiff
Patch (12.48 KB, patch)
2016-09-29 12:30 PDT, zalan 		cdumez: review+
DetailsFormatted DiffDiff
Patch (12.42 KB, patch)
2016-09-30 09:19 PDT, zalan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
zalan
Comment 1 2016-09-29 09:52:18 PDT
Created attachment 290208 [details] Patch
Chris Dumez
Comment 2 2016-09-29 10:04:01 PDT
Comment on attachment 290208 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=290208&action=review > Source/WebCore/rendering/RenderLayer.cpp:-5572 > - clipRects = *parent()->clipRects(clipRectsContext); This is actually safe although non obvious. I suggest we update updateClipRects() to return the cached value and return that.
zalan
Comment 3 2016-09-29 12:30:14 PDT
Created attachment 290232 [details] Patch
Chris Dumez
Comment 4 2016-09-29 12:32:22 PDT
Comment on attachment 290232 [details] Patch Gorgeous, r=me
zalan
Comment 5 2016-09-30 09:19:45 PDT
Created attachment 290335 [details] Patch
WebKit Commit Bot
Comment 6 2016-09-30 09:55:11 PDT
Comment on attachment 290335 [details] Patch Clearing flags on attachment: 290335 Committed r206639: <http://trac.webkit.org/changeset/206639>
WebKit Commit Bot
Comment 7 2016-09-30 09:55:15 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.