[webkit-changes] [WebKit/WebKit] b5fe94: Cherry-pick 252432.947 at safari-7614-branch (2d531cf...
Nikos Mouchtaris
noreply at github.com
Thu Jan 26 12:02:08 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: b5fe944862632c834056aba49b3cccc5ca10509a
https://github.com/WebKit/WebKit/commit/b5fe944862632c834056aba49b3cccc5ca10509a
Author: Nikolaos Mouchtaris <nmouchtaris at apple.com>
Date: 2023-01-26 (Thu, 26 Jan 2023)
Changed paths:
A LayoutTests/fast/scrolling/mac/smooth-scroll-crash-expected.txt
A LayoutTests/fast/scrolling/mac/smooth-scroll-crash.html
M Source/WebCore/rendering/RenderLayerScrollableArea.cpp
Log Message:
-----------
Cherry-pick 252432.947 at safari-7614-branch (2d531cf29dfa). rdar://104657691
jsc_fuz/wktr: heap-use-after-free in WebCore::ScrollableArea::existingScrollAnimator() const ScrollableArea.h:188
https://bugs.webkit.org/show_bug.cgi?id=249242
<rdar://103294792>
Reviewed by Simon Fraser and Ryan Haddad.
Remove scrollable area from m_scrollableAreasForAnimatedScroll
if scrollable area will be destroyed.
* LayoutTests/fast/scrolling/mac/smooth-scroll-crash-expected.txt: Added.
* LayoutTests/fast/scrolling/mac/smooth-scroll-crash.html: Added.
* Source/WebCore/rendering/RenderLayerScrollableArea.cpp:
(WebCore::RenderLayerScrollableArea::clear):
Canonical link: https://commits.webkit.org/252432.947@safari-7614-branch
Canonical link: https://commits.webkit.org/259448@main
More information about the webkit-changes
mailing list