Remove slow repaint object from FrameView when style changes.
authorzalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 20 Nov 2017 17:18:57 +0000 (17:18 +0000)
committerzalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 20 Nov 2017 17:18:57 +0000 (17:18 +0000)
commite10261194a6c629dd62b7397ac01c2adb892ff7b
treeb9b5dab3b3ba43ccae1406703d48dcb2601ec549
parent5917a77ff4a0d8ca6f6f3707c98c06f59750f0dd
Remove slow repaint object from FrameView when style changes.
https://bugs.webkit.org/show_bug.cgi?id=179871

Reviewed by Antti Koivisto.

Source/WebCore:

The "oldStyleSlowScroll" value does not need to be computed. We already know its value
by checking the HashSet. This code is also unnecessarily complicated and error prone
(could lead to UAF errors by leaving stale renderers in the slow paint list).

Test: fast/repaint/slow-repaint-object-crash.html

* rendering/RenderElement.cpp:
(WebCore::RenderElement::styleWillChange):

LayoutTests:

* fast/repaint/slow-repaint-object-crash-expected.txt: Added.
* fast/repaint/slow-repaint-object-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@225052 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/repaint/slow-repaint-object-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/repaint/slow-repaint-object-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/page/FrameView.cpp
Source/WebCore/page/FrameView.h
Source/WebCore/rendering/RenderElement.cpp