RELEASE_ASSERT in WebCore: WebCore::ScrollingStateTree::insertNode()
authorsimon.fraser@apple.com <simon.fraser@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 4 Jul 2019 01:29:55 +0000 (01:29 +0000)
committersimon.fraser@apple.com <simon.fraser@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 4 Jul 2019 01:29:55 +0000 (01:29 +0000)
commitf3c80ff8c76afb312c3ee2ef08699a87ceb13a56
treea656b0cd4bc0d7670d249512212fd259eeb23253
parentadee718c71e313231766c5666779859add6e52d7
RELEASE_ASSERT in WebCore: WebCore::ScrollingStateTree::insertNode()
https://bugs.webkit.org/show_bug.cgi?id=199479
rdar://problem/52392556

Reviewed by Zalan Bujtas.
Source/WebCore:

Certain compositing tree updates could leave a layer with a ScrollingProxy role, but having an
AncestorClippingStack with no overflow scrolling layers - for example, a related scroller could become
scrollable, but we failed to mark the layer with the ancestor clippings stack as needing a geometry update.

When this happened updateScrollingNodeForScrollingProxyRole() would return 0, causing the next child to be
inserted with a parent of 0 (which should only happen for the root), and triggering a release assert in
ScrollingStateTree::insertNode().

Fix by ensuring that updateScrollingNodeForScrollingProxyRole() always returns the existing parentNodeID if we
don't have a new node to insert.

Test: scrollingcoordinator/scrolling-tree/scrolling-proxy-with-no-scrolling-layer.html

* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::updateAncestorClippingStack):
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::updateScrollingNodeForScrollingProxyRole):

LayoutTests:

* scrollingcoordinator/scrolling-tree/scrolling-proxy-with-no-scrolling-layer-expected.txt: Added.
* scrollingcoordinator/scrolling-tree/scrolling-proxy-with-no-scrolling-layer.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247129 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/scrollingcoordinator/scrolling-tree/scrolling-proxy-with-no-scrolling-layer-expected.txt [new file with mode: 0644]
LayoutTests/scrollingcoordinator/scrolling-tree/scrolling-proxy-with-no-scrolling-layer.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/rendering/RenderLayerBacking.cpp
Source/WebCore/rendering/RenderLayerCompositor.cpp