[webkit-changes] [WebKit/WebKit] 42916e: Fix potential crash with InteractionRegion layers ...
Etienne Segonzac
noreply at github.com
Fri Sep 13 00:04:15 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 42916e1617b60d50109fbaf402b3993c169e8068
https://github.com/WebKit/WebKit/commit/42916e1617b60d50109fbaf402b3993c169e8068
Author: Etienne Segonzac <sgz at apple.com>
Date: 2024-09-13 (Fri, 13 Sep 2024)
Changed paths:
A LayoutTests/interaction-region/guard-crash-expected.txt
A LayoutTests/interaction-region/guard-crash.html
M Source/WebCore/rendering/EventRegion.cpp
M Source/WebCore/rendering/EventRegion.h
M Source/WebKit/UIProcess/RemoteLayerTree/RemoteLayerTreeInteractionRegionLayers.mm
Log Message:
-----------
Fix potential crash with InteractionRegion layers management
https://bugs.webkit.org/show_bug.cgi?id=279584
<rdar://134409589>
Reviewed by Mike Wyrzykowski.
This patches addresses 2 sources of assertion failures which could lead
to a crash:
- duplicate Guard layers covering the same IntRect, breaking the
assertion on the uniqueness of the `<IntRect, InteractionRegion::Type>`
pairs.
- layers reused twice, breaking the assertion on the `insertionPoint`
always being <=the sublayers count.
* Source/WebCore/rendering/EventRegion.h:
* Source/WebCore/rendering/EventRegion.cpp:
(WebCore::EventRegionContext::uniteInteractionRegions):
(WebCore::EventRegionContext::removeSuperfluousInteractionRegions):
Keep track of all guard rects, _including_ the inflated ones we add for
small elements or complex shapes, to avoid duplicates.
We still need to differentiate the two since only the inflated ones can
get collided out in `removeSuperfluousInteractionRegions`.
(WebCore::EventRegionContext::convertGuardContainersToInterationIfNeeded):
Finish migrating the InteractionRegion rect tracking code to use
`HashMap#add()` / `isNewEntry` to avoid extra hash lookups.
* Source/WebKit/UIProcess/RemoteLayerTree/RemoteLayerTreeInteractionRegionLayers.mm:
(WebKit::updateLayersForInteractionRegions):
Fix a bug where a layer was sometimes not removed from the reusable map
after use.
* LayoutTests/interaction-region/guard-crash-expected.txt: Added.
* LayoutTests/interaction-region/guard-crash.html: Added.
Introduce a test covering those assertion failures.
(The expected layer tree would reveal the bug even in release mode.)
Canonical link: https://commits.webkit.org/283602@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list