CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::Node::invalidateStyle
authorantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 6 Feb 2017 17:35:12 +0000 (17:35 +0000)
committerantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 6 Feb 2017 17:35:12 +0000 (17:35 +0000)
https://bugs.webkit.org/show_bug.cgi?id=167878
rdar://problem/30251840

Reviewed by Andreas Kling.

Speculative fix.

We are trying to invalidate a null node from ~PostResolutionCallbackDisabler. Looks like the only way
this could happen is if HTMLFrameOwnerElement::scheduleinvalidateStyleAndLayerComposition is called
with null 'this'. There is one place where this might happen.

* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::attachRootLayer): Add null check.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@211730 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/rendering/RenderLayerCompositor.cpp

index 8fa4fe5..c2b9c5a 100644 (file)
@@ -1,3 +1,20 @@
+2017-02-06  Antti Koivisto  <antti@apple.com>
+
+        CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::Node::invalidateStyle
+        https://bugs.webkit.org/show_bug.cgi?id=167878
+        rdar://problem/30251840
+
+        Reviewed by Andreas Kling.
+
+        Speculative fix.
+
+        We are trying to invalidate a null node from ~PostResolutionCallbackDisabler. Looks like the only way
+        this could happen is if HTMLFrameOwnerElement::scheduleinvalidateStyleAndLayerComposition is called
+        with null 'this'. There is one place where this might happen.
+
+        * rendering/RenderLayerCompositor.cpp:
+        (WebCore::RenderLayerCompositor::attachRootLayer): Add null check.
+
 2017-02-06  Ryan Haddad  <ryanhaddad@apple.com>
 
         Unreviewed, rolling out r211722.
index 50b6709..3c86153 100644 (file)
@@ -3459,7 +3459,8 @@ void RenderLayerCompositor::attachRootLayer(RootLayerAttachment attachment)
         case RootLayerAttachedViaEnclosingFrame: {
             // The layer will get hooked up via RenderLayerBacking::updateConfiguration()
             // for the frame's renderer in the parent document.
-            m_renderView.document().ownerElement()->scheduleinvalidateStyleAndLayerComposition();
+            if (auto* ownerElement = m_renderView.document().ownerElement())
+                ownerElement->scheduleinvalidateStyleAndLayerComposition();
             break;
         }
     }