Crash in WebCore::ScrollingTree::updateTreeFromStateNode
authorantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 12 Feb 2019 16:22:18 +0000 (16:22 +0000)
committerantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 12 Feb 2019 16:22:18 +0000 (16:22 +0000)
https://bugs.webkit.org/show_bug.cgi?id=194538
<rdar://problem/47841926>

Reviewed by Zalan Bujtas.

* page/scrolling/ScrollingTree.cpp:
(WebCore::ScrollingTree::updateTreeFromStateNode):

Make sure we don't leave node entry behind in m_nodeMap in case we failed to add it to the parent.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@241296 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/page/scrolling/ScrollingTree.cpp

index c0ad115..0901bfd 100644 (file)
@@ -1,3 +1,16 @@
+2019-02-12  Antti Koivisto  <antti@apple.com>
+
+        Crash in WebCore::ScrollingTree::updateTreeFromStateNode
+        https://bugs.webkit.org/show_bug.cgi?id=194538
+        <rdar://problem/47841926>
+
+        Reviewed by Zalan Bujtas.
+
+        * page/scrolling/ScrollingTree.cpp:
+        (WebCore::ScrollingTree::updateTreeFromStateNode):
+
+        Make sure we don't leave node entry behind in m_nodeMap in case we failed to add it to the parent.
+
 2019-02-12  Zalan Bujtas  <zalan@apple.com>
 
         [LFC] Remove redundant InlineFormattingContext::computeBorderAndPadding
index 393554f..1735b97 100644 (file)
@@ -229,6 +229,9 @@ void ScrollingTree::updateTreeFromStateNode(const ScrollingStateNode* stateNode,
             auto* parent = parentIt->value;
             node->setParent(parent);
             parent->appendChild(*node);
+        } else {
+            // FIXME: Use WeakPtr in m_nodeMap.
+            m_nodeMap.remove(nodeID);
         }
     }