git://git.webkit.org / WebKit-https.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2168ae7) | patch
[iOS] Crash in WebCore::Node::renderRect
authordino@apple.com <dino@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 20 Mar 2019 22:49:44 +0000 (22:49 +0000)
committerdino@apple.com <dino@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 20 Mar 2019 22:49:44 +0000 (22:49 +0000)
commit2c859ac9be87433c07bee697e3bd659783ce0e55
tree7c8311ddca9316fb17c00407d6e2da05525e6019tree | snapshot
parent2168ae7512189975fe3a5cfcf8773c5f3bb96356commit | diff
[iOS] Crash in WebCore::Node::renderRect
https://bugs.webkit.org/show_bug.cgi?id=196035
<rdar://problem/49076783>

Reviewed by Antoine Quint.

When renderRect was called on an HTMLAreaElement, it would
ASSERT because it doesn't have a renderer. We hadn't noticed
this before because none of our tests were hitting this in
debug mode.

The fix is to ask the corresponding HTMLImageElement for
its renderer, and use that for the returned rectangle.

Covered by these tests that had become flakey:
    fast/images/imagemap-in-shadow-tree.html
    http/tests/download/area-download.html

* dom/Node.cpp:
(WebCore::Node::renderRect):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243249 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog diff | blob | history
Source/WebCore/dom/Node.cpp diff | blob | history
Mirror of the WebKit open source project from svn.webkit.org.