REGRESSION (r226385?): Crash in com.apple.WebCore: WebCore::MediaQueryEvaluator:...
authorantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 17 Jan 2018 21:53:26 +0000 (21:53 +0000)
committerantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 17 Jan 2018 21:53:26 +0000 (21:53 +0000)
commit90e0c042b116f01c8c2a5ef6147b35ed1b58799b
tree5153110e6e48122bc9aae3d89714d8d2487efa6d
parent33edfc1040faaf4883557f383eae80f28d3c1e23
REGRESSION (r226385?): Crash in com.apple.WebCore: WebCore::MediaQueryEvaluator::evaluate const + 32
https://bugs.webkit.org/show_bug.cgi?id=181742
<rdar://problem/36334726>

Reviewed by David Kilzer.

Source/WebCore:

Test: fast/media/mediaqueryevaluator-crash.html

* css/MediaQueryEvaluator.cpp:
(WebCore::MediaQueryEvaluator::MediaQueryEvaluator):

Use WeakPtr<Document> instead of a plain Frame pointer.

(WebCore::MediaQueryEvaluator::evaluate const):

Get the frame via document.

* css/MediaQueryEvaluator.h:
* dom/Document.cpp:
(WebCore::Document::prepareForDestruction):

Take care to clear style resolver.

LayoutTests:

* fast/media/mediaqueryevaluator-crash-expected.txt: Added.
* fast/media/mediaqueryevaluator-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227082 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/media/mediaqueryevaluator-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/media/mediaqueryevaluator-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/css/MediaQueryEvaluator.cpp
Source/WebCore/css/MediaQueryEvaluator.h
Source/WebCore/dom/Document.cpp