Some overlay scrollbar API calls in ScrollAnimatorMac can lead to an assertion in...
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 8 Jun 2012 15:23:12 +0000 (15:23 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 8 Jun 2012 15:23:12 +0000 (15:23 +0000)
https://bugs.webkit.org/show_bug.cgi?id=74111

Patch by Ion Rosca <rosca@adobe.com> on 2012-06-08
Reviewed by Simon Fraser.

.:

* ManualTests/scrollbar-crash-on-hide-scrolled-area.html: Added.

Source/WebCore:

Added zero-delay timer for AppKit scroll notification that can be called during layout.
Manual test: ManualTests/scrollbar-crash-on-hide-scrolled-area.html
This assertion does not fire when running layout tests. It can be easly reproduced using a debug build by loading the manual test page.

* platform/mac/ScrollAnimatorMac.h:
(ScrollAnimatorMac):
* platform/mac/ScrollAnimatorMac.mm:
(WebCore::ScrollAnimatorMac::ScrollAnimatorMac):
(WebCore::ScrollAnimatorMac::notifyContentAreaScrolled):
(WebCore::ScrollAnimatorMac::sendContentAreaScrolledSoon):
(WebCore):
(WebCore::ScrollAnimatorMac::sendContentAreaScrolledTimerFired):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@119834 268f45cc-cd09-0410-ab3c-d52691b4dbfc

ChangeLog
ManualTests/scrollbar-crash-on-hide-scrolled-area.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/platform/mac/ScrollAnimatorMac.h
Source/WebCore/platform/mac/ScrollAnimatorMac.mm

index 14f7302..eb8a843 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2012-06-08  Ion Rosca  <rosca@adobe.com>
+
+        Some overlay scrollbar API calls in ScrollAnimatorMac can lead to an assertion in RenderBox::mapAbsoluteToLocalPoint
+        https://bugs.webkit.org/show_bug.cgi?id=74111
+
+        Reviewed by Simon Fraser.
+
+        * ManualTests/scrollbar-crash-on-hide-scrolled-area.html: Added.
+
 2012-06-07  Kentaro Hara  <haraken@chromium.org>
 
         Reduce Node object size from 72 byte to 64 byte
diff --git a/ManualTests/scrollbar-crash-on-hide-scrolled-area.html b/ManualTests/scrollbar-crash-on-hide-scrolled-area.html
new file mode 100644 (file)
index 0000000..4fb8f57
--- /dev/null
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8"/>
+    <title>QuickStart</title>
+    <style>
+    .lessonChapters {
+        position:absolute;
+        top:26px;
+        bottom:22px;
+        overflow:auto;
+    }
+    #hint {
+        height:9000px;
+    }
+</style>
+<script>
+    function runTest()
+    {
+        document.getElementById('lessons').scrollTop = 10000;
+        document.getElementById('toHide').style.display='none';
+    }
+</script>
+</head>
+
+<body onload="runTest();">
+
+<div class="lessonChapters" id="lessons">
+<div class="lessonChapter" id="toHide">
+    <br />
+    Manual repro: scroll down and click on <b>Next step</b>
+    <div id="hint">&nbsp;</div>
+    <a href="#" class="nextStepButton" onclick="document.getElementById('toHide').style.display='none'">Next step</a>
+</div>
+<p>Bug #74111: This test is to make sure that a scrolled element does not crash the browser when it goes hidden. The test passes if it does not crash.</p>
+PASSED
+</div>
+    
+</body>
+</html>
index 69f170d..a216292 100644 (file)
@@ -1,3 +1,23 @@
+2012-06-08  Ion Rosca  <rosca@adobe.com>
+
+        Some overlay scrollbar API calls in ScrollAnimatorMac can lead to an assertion in RenderBox::mapAbsoluteToLocalPoint
+        https://bugs.webkit.org/show_bug.cgi?id=74111
+
+        Reviewed by Simon Fraser.
+
+        Added zero-delay timer for AppKit scroll notification that can be called during layout.
+        Manual test: ManualTests/scrollbar-crash-on-hide-scrolled-area.html
+        This assertion does not fire when running layout tests. It can be easly reproduced using a debug build by loading the manual test page.
+
+        * platform/mac/ScrollAnimatorMac.h:
+        (ScrollAnimatorMac):
+        * platform/mac/ScrollAnimatorMac.mm:
+        (WebCore::ScrollAnimatorMac::ScrollAnimatorMac):
+        (WebCore::ScrollAnimatorMac::notifyContentAreaScrolled):
+        (WebCore::ScrollAnimatorMac::sendContentAreaScrolledSoon):
+        (WebCore):
+        (WebCore::ScrollAnimatorMac::sendContentAreaScrolledTimerFired):
+
 2012-06-08  Renata Hodovan  <reni@webkit.org>
 
         Adding few already supported features to the FeatureSet in DOMImplementation
index caf3514..6d00f25 100644 (file)
@@ -65,6 +65,8 @@ public:
     void startScrollbarPaintTimer();
     void stopScrollbarPaintTimer();
 
+    void sendContentAreaScrolledSoon();
+
     void setVisibleScrollerThumbRect(const IntRect&);
 
 private:
@@ -79,6 +81,9 @@ private:
     void initialScrollbarPaintTimerFired(Timer<ScrollAnimatorMac>*);
     Timer<ScrollAnimatorMac> m_initialScrollbarPaintTimer;
 
+    void sendContentAreaScrolledTimerFired(Timer<ScrollAnimatorMac>*);
+    Timer<ScrollAnimatorMac> m_sendContentAreaScrolledTimer;
+
     virtual bool scroll(ScrollbarOrientation, ScrollGranularity, float step, float multiplier);
     virtual void scrollToOffsetWithoutAnimation(const FloatPoint&);
 
index cd8fb90..0ab464e 100644 (file)
@@ -601,6 +601,7 @@ PassOwnPtr<ScrollAnimator> ScrollAnimator::create(ScrollableArea* scrollableArea
 ScrollAnimatorMac::ScrollAnimatorMac(ScrollableArea* scrollableArea)
     : ScrollAnimator(scrollableArea)
     , m_initialScrollbarPaintTimer(this, &ScrollAnimatorMac::initialScrollbarPaintTimerFired)
+    , m_sendContentAreaScrolledTimer(this, &ScrollAnimatorMac::sendContentAreaScrolledTimerFired)
 #if ENABLE(RUBBER_BANDING)
     , m_scrollElasticityController(this)
     , m_snapRubberBandTimer(this, &ScrollAnimatorMac::snapRubberBandTimerFired)
@@ -946,7 +947,7 @@ void ScrollAnimatorMac::notifyContentAreaScrolled()
     // isn't really scrolling in that case. We should only pass the message on to the
     // ScrollbarPainterController when we're really scrolling on an active page.
     if (scrollableArea()->isOnActivePage())
-        [m_scrollbarPainterController.get() contentAreaScrolled];
+        sendContentAreaScrolledSoon();
 }
 
 void ScrollAnimatorMac::cancelAnimations()
@@ -1232,6 +1233,17 @@ void ScrollAnimatorMac::initialScrollbarPaintTimerFired(Timer<ScrollAnimatorMac>
     }
 }
 
+void ScrollAnimatorMac::sendContentAreaScrolledSoon()
+{
+    if (!m_sendContentAreaScrolledTimer.isActive())
+        m_sendContentAreaScrolledTimer.startOneShot(0);
+}
+
+void ScrollAnimatorMac::sendContentAreaScrolledTimerFired(Timer<ScrollAnimatorMac>*)
+{
+    [m_scrollbarPainterController.get() contentAreaScrolled];
+}
+
 void ScrollAnimatorMac::setVisibleScrollerThumbRect(const IntRect& scrollerThumb)
 {
     IntRect rectInViewCoordinates = scrollerThumb;