REGRESSION(r207669): Crash after mutating selector text
authorantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 21 Feb 2017 20:06:48 +0000 (20:06 +0000)
committerantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 21 Feb 2017 20:06:48 +0000 (20:06 +0000)
commite27fae54a2ea6d34db8b1fe7b222099738356687
tree978617d6f2c64f3cd6a194a926e39458ff7c6c73
parent29f4276f9c1e2943f946784b75fbe64428979476
REGRESSION(r207669): Crash after mutating selector text
https://bugs.webkit.org/show_bug.cgi?id=168655
<rdar://problem/30632111>

Reviewed by Brent Fulgham.

Source/WebCore:

Test: fast/css/selector-text-mutation-crash.html

* style/StyleScope.cpp:
(WebCore::Style::Scope::scheduleUpdate):

Clear the style resolver immediately if style sheet content changes. The resolver may
have data structures that point to the old sheet contents.

The resolver would get wiped anyway when the scheduled update actually occurs.

LayoutTests:

* fast/css/selector-text-mutation-crash-expected.txt: Added.
* fast/css/selector-text-mutation-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@212737 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/css/selector-text-mutation-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/css/selector-text-mutation-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/style/StyleScope.cpp