Bug 193468 - Frequent null-deref under TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded()
Summary: Frequent null-deref under TiledCoreAnimationDrawingArea::scaleViewToFitDocume...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Tim Horton
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-01-15 15:12 PST by Tim Horton
Modified: 2019-01-16 12:35 PST (History)
4 users (show)

See Also:

Attachments
Patch (1.75 KB, patch)
2019-01-15 15:15 PST, Tim Horton 		no flags Details | Formatted Diff | Diff
Patch (2.57 KB, patch)
2019-01-16 11:27 PST, Tim Horton 		no flags Details | Formatted Diff | Diff
Patch (2.40 KB, patch)
2019-01-16 11:53 PST, Tim Horton 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Horton 2019-01-15 15:12:11 PST 
Frequent null-deref under TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded()
Comment 1 Tim Horton 2019-01-15 15:15:18 PST 
Created attachment 359211 [details]
Patch
Comment 2 Tim Horton 2019-01-15 15:15:21 PST 
<rdar://problem/38645869>
Comment 3 WebKit Commit Bot 2019-01-15 15:55:43 PST 
Comment on attachment 359211 [details]
Patch

Clearing flags on attachment: 359211

Committed r240016: <https://trac.webkit.org/changeset/240016>
Comment 4 WebKit Commit Bot 2019-01-15 15:55:44 PST 
All reviewed patches have been landed.  Closing bug.
Comment 5 Tim Horton 2019-01-16 11:27:48 PST 
Reopening to attach new patch.
Comment 6 Tim Horton 2019-01-16 11:27:49 PST 
Created attachment 359284 [details]
Patch
Comment 7 zalan 2019-01-16 11:41:27 PST 
Comment on attachment 359284 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=359284&action=review

> Source/WebKit/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:375
> +    IntSize documentSize = renderView->unscaledDocumentRect().size();

It's probably not the case but this second layoutIfNeeded() could potentially nuke the frame as well.
Comment 8 Tim Horton 2019-01-16 11:53:50 PST 
Created attachment 359286 [details]
Patch
Comment 9 WebKit Commit Bot 2019-01-16 12:35:16 PST 
Comment on attachment 359286 [details]
Patch

Clearing flags on attachment: 359286

Committed r240045: <https://trac.webkit.org/changeset/240045>
Comment 10 WebKit Commit Bot 2019-01-16 12:35:18 PST 
All reviewed patches have been landed.  Closing bug.