2009-08-13 Simon Fraser <simon.fraser@apple.com>
authorsimon.fraser@apple.com <simon.fraser@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 14 Aug 2009 00:51:12 +0000 (00:51 +0000)
committersimon.fraser@apple.com <simon.fraser@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 14 Aug 2009 00:51:12 +0000 (00:51 +0000)
commit6ea34200f5dd9f3f1216149c4dff4d1ef0f09256
tree7e0f008aeaabede972d1824234ea6442a39b3dc1
parentbcd96f67d826b93bae728494b625bb8c52d54c7d
2009-08-13  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        Fix crash when removing reflection on an absolutely-positioned image.
        https://bugs.webkit.org/show_bug.cgi?id=28289

        Make sure we clean up the reflection layer when removing the reflection,
        so that the RenderLayer tree does not contain pointers to deleted layers.

        Test: fast/reflections/reflected-img-crash.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::~RenderLayer):
        (WebCore::RenderLayer::styleChanged):
        (WebCore::RenderLayer::removeReflection):
        * rendering/RenderLayer.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@47260 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/reflections/reflected-img-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/reflections/reflected-img-crash.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/rendering/RenderLayer.cpp
WebCore/rendering/RenderLayer.h