[webkit-changes] [WebKit/WebKit] 9e2447: Assertion may fail when repainting the RenderView ...

Mon May 13 22:14:30 PDT 2024

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 9e2447a61281d50325e3a037455ad6a3b8cd7d7e
      https://github.com/WebKit/WebKit/commit/9e2447a61281d50325e3a037455ad6a3b8cd7d7e
  Author: Said Abou-Hallawa <said at apple.com>
  Date:   2024-05-13 (Mon, 13 May 2024)

  Changed paths:
    M Source/WebCore/rendering/RenderElement.cpp
    M Source/WebCore/rendering/RenderElement.h
    M Source/WebCore/rendering/RenderLayer.cpp
    M Source/WebCore/rendering/RenderObject.cpp
    M Source/WebCore/rendering/RenderObject.h

  Log Message:
  -----------
  Assertion may fail when repainting the RenderView of an SVGImage
https://bugs.webkit.org/show_bug.cgi?id=273803
rdar://127102474

Reviewed by Chris Dumez.

Sometimes repainting the RenderView of an SVGImage is associated with changing
the SVGImage source. This would delete the SVGImage and all its render tree which
includes the repainted RenderView itself.

RenderLayer::recursiveUpdateLayerPositions() should not hold a CheckedPtr to the
repainted renderer because the renderer might be physically deleted while calling
RenderElement::repaintAfterLayoutIfNeeded() which happens before deleting the
CheckedPtr itself.

The fix is make RenderObject::repaintUsingContainer() take a WeakPtr to the
repainted renderer. So this WeakPtr pointer is nullified once it is deleted.
It also can be checked before it is referenced.

* Source/WebCore/rendering/RenderElement.cpp:
(WebCore::RenderElement::repaintAfterLayoutIfNeeded):
* Source/WebCore/rendering/RenderElement.h:
* Source/WebCore/rendering/RenderLayer.cpp:
(WebCore::RenderLayer::recursiveUpdateLayerPositions):
* Source/WebCore/rendering/RenderObject.cpp:
(WebCore::RenderObject::repaintUsingContainer const):
* Source/WebCore/rendering/RenderObject.h:

Canonical link: https://commits.webkit.org/278734@main

To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications