ASSERT repaintContainer->hasLayer() in WebCore::RenderObject::repaintUsingContainer
authorzalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 7 Feb 2015 04:35:58 +0000 (04:35 +0000)
committerzalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 7 Feb 2015 04:35:58 +0000 (04:35 +0000)
https://bugs.webkit.org/show_bug.cgi?id=140750

Reviewed by Simon Fraser.

There's a short period of time when RenderObject::layer() still returns a valid pointer
even though we already cleared the hasLayer() flag.
Do not use the layer as repaint container in such cases.

Source/WebCore:

Test: compositing/repaint-container-assertion-when-toggling-compositing.html

* rendering/RenderObject.cpp:
(WebCore::RenderObject::enclosingLayer):

LayoutTests:

* compositing/repaint-container-assertion-when-toggling-compositing-expected.txt: Added.
* compositing/repaint-container-assertion-when-toggling-compositing.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@179776 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/compositing/repaint-container-assertion-when-toggling-compositing-expected.txt [new file with mode: 0644]
LayoutTests/compositing/repaint-container-assertion-when-toggling-compositing.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/rendering/RenderObject.cpp

index 69f5943..0152000 100644 (file)
@@ -1,3 +1,17 @@
+2015-02-06  Zalan Bujtas  <zalan@apple.com>
+
+        ASSERT repaintContainer->hasLayer() in WebCore::RenderObject::repaintUsingContainer
+        https://bugs.webkit.org/show_bug.cgi?id=140750
+
+        Reviewed by Simon Fraser.
+
+        There's a short period of time when RenderObject::layer() still returns a valid pointer
+        even though we already cleared the hasLayer() flag.
+        Do not use the layer as repaint container in such cases.
+
+        * compositing/repaint-container-assertion-when-toggling-compositing-expected.txt: Added.
+        * compositing/repaint-container-assertion-when-toggling-compositing.html: Added.
+
 2015-02-06  Said Abou-Hallawa  <sabouhallawa@apple.com>
 
         Invalid cast in WebCore::SVGAnimateElement::calculateAnimatedValue.
diff --git a/LayoutTests/compositing/repaint-container-assertion-when-toggling-compositing-expected.txt b/LayoutTests/compositing/repaint-container-assertion-when-toggling-compositing-expected.txt
new file mode 100644 (file)
index 0000000..1d2e360
--- /dev/null
@@ -0,0 +1 @@
+PASS if no crash or assert in debug mode.
diff --git a/LayoutTests/compositing/repaint-container-assertion-when-toggling-compositing.html b/LayoutTests/compositing/repaint-container-assertion-when-toggling-compositing.html
new file mode 100644 (file)
index 0000000..de0bbe0
--- /dev/null
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>This tests that we don't assert while finding the repaint container for the content that just lost compositing.</title>
+<script>
+  if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<div style="-webkit-columns: 4;">PASS if no crash or assert in debug mode.</div>
+<script>
+  var head = document.getElementsByTagName("head")[0];
+  var div = document.getElementsByTagName("div")[0];
+  var style = document.createElement("style");
+  style.innerHTML="div {-webkit-animation-duration: 1s; -webkit-animation-timing-function: ease-in;}";
+  head.appendChild(style);
+  head.parentNode.removeChild(head);
+  document.execCommand("SelectAll");
+  div.setAttribute("style","color: red;");
+</script>
+</body>
+</html>
\ No newline at end of file
index b76c3f9..7b03e38 100644 (file)
@@ -1,3 +1,19 @@
+2015-02-06  Zalan Bujtas  <zalan@apple.com>
+
+        ASSERT repaintContainer->hasLayer() in WebCore::RenderObject::repaintUsingContainer
+        https://bugs.webkit.org/show_bug.cgi?id=140750
+
+        Reviewed by Simon Fraser.
+
+        There's a short period of time when RenderObject::layer() still returns a valid pointer
+        even though we already cleared the hasLayer() flag.
+        Do not use the layer as repaint container in such cases.
+
+        Test: compositing/repaint-container-assertion-when-toggling-compositing.html
+
+        * rendering/RenderObject.cpp:
+        (WebCore::RenderObject::enclosingLayer):
+
 2015-02-06  Chris Dumez  <cdumez@apple.com>
 
         Have SQLiteStatement::database() return a reference
index eb726d3..c31358d 100644 (file)
@@ -474,7 +474,7 @@ void RenderObject::resetTextAutosizing()
 RenderLayer* RenderObject::enclosingLayer() const
 {
     for (auto& renderer : lineageOfType<RenderLayerModelObject>(*this)) {
-        if (renderer.layer())
+        if (renderer.hasLayer())
             return renderer.layer();
     }
     return nullptr;