Crash in WebCore::RenderLayer::FilterInfo::updateReferenceFilterClients
authorjhoneycutt@apple.com <jhoneycutt@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 2 Apr 2014 02:48:14 +0000 (02:48 +0000)
committerjhoneycutt@apple.com <jhoneycutt@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 2 Apr 2014 02:48:14 +0000 (02:48 +0000)
commit993aab35f76efab2b0227175f6325958dff2c1cf
treea0638ea9936e987ec5d63fc86998ef7ceb86cf53
parent7e084e7bca93dcabdc3887a616c16a24255e95c0
Crash in WebCore::RenderLayer::FilterInfo::updateReferenceFilterClients

<https://bugs.webkit.org/show_bug.cgi?id=121887>
<rdar://problem/15073043>

Reviewed by Dean Jackson.

Source/WebCore:

Test: svg/filters/first-letter-crash.html

* rendering/FilterEffectRenderer.cpp:
(WebCore::FilterEffectRenderer::buildReferenceFilter):
Added a null check to prevent crashes for anonymous RenderObjects.

* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::filterNeedsRepaint):
Get the enclosing element, if there is one, and recalculate its style.
We use the enclosing element so that we recalculate style for the
ancestor of an anonymous RenderElement.
(WebCore::RenderLayer::enclosingElement):
Remove an assertion; we may now reach this condition if loading a
cached SVG document results in RenderLayer::filterNeedsRepaint() being
called before the object has been inserted into the render tree.

* rendering/RenderLayerFilterInfo.cpp:
(WebCore::RenderLayer::FilterInfo::notifyFinished):
Tell the RenderLayer that the filter needs repainting.
(WebCore::RenderLayer::FilterInfo::updateReferenceFilterClients):
Get the Element from the renderer rather than asking the renderer's
Element, which will be null for anonymous RenderObjects.

* rendering/RenderLayerFilterInfo.h:
Removed declaration for the old workaround function, layerElement().

LayoutTests:

* svg/filters/first-letter-crash-expected.txt: Added.
* svg/filters/first-letter-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@166628 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/svg/filters/first-letter-crash-expected.txt [new file with mode: 0644]
LayoutTests/svg/filters/first-letter-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/rendering/FilterEffectRenderer.cpp
Source/WebCore/rendering/RenderLayer.cpp
Source/WebCore/rendering/RenderLayerFilterInfo.cpp
Source/WebCore/rendering/RenderLayerFilterInfo.h