[webkit-changes] [WebKit/WebKit] abb179: FrameView::m_pendingTextFragmentIndicatorRange may...
Alan Baradlay
noreply at github.com
Wed Nov 9 15:49:11 PST 2022
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: abb17906be3a7d238fb402c40620576a6b8951e3
https://github.com/WebKit/WebKit/commit/abb17906be3a7d238fb402c40620576a6b8951e3
Author: Alan Baradlay <zalan at apple.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M Source/WebCore/page/FrameView.cpp
Log Message:
-----------
FrameView::m_pendingTextFragmentIndicatorRange may get reset unexpectedly when the render tree is dirty
https://bugs.webkit.org/show_bug.cgi?id=247687
<rdar://101652475>
Reviewed by Wenson Hsieh.
This is a speculative fix to prevent a crash in TextIterator (via scrollToTextFragmentRange).
The idea here is to prevent the scrolling code from re-entering layout (through plainText() -> TextIterator -> updateLayoutIgnorePendingStylesheets())
when the render tree becomes dirty earlier at performPostLayoutTasks.
When we call plainText() the second time inside scrollToTextFragmentRange, m_pendingTextFragmentIndicatorRange may have already been wiped out
as the result of re-entering layout through the first plainText() call.
* Source/WebCore/page/FrameView.cpp:
(WebCore::FrameView::scrollToTextFragmentRange):
1. Let's not scroll when the tree is dirty (the subsequent layout will call us again anyway)
2. cache m_pendingTextFragmentIndicatorRange to preserve the range even through re-entrancy.
Canonical link: https://commits.webkit.org/256506@main
More information about the webkit-changes
mailing list