+2014-04-14 Simon Fraser <simon.fraser@apple.com>
+
+ Crash in TileController::tileRevalidationTimerFired
+ https://bugs.webkit.org/show_bug.cgi?id=131656
+ <rdar://problem/16583166>
+
+ Reviewed by Sam Weinig.
+
+ It's possible for the TileController revalidation timer to fire after
+ the GraphicsLayer has been destroyed, so the PlatformCALayer no longer
+ has an owningGraphicsLayer.
+
+ Bail from the timer callback if owningGraphicsLayer() is null.
+
+ Also some drive-by 0 -> nullptr changes.
+
+ * platform/graphics/ca/GraphicsLayerCA.cpp:
+ (WebCore::GraphicsLayerCA::willBeDestroyed):
+ * platform/graphics/ca/PlatformCALayer.cpp:
+ (WebCore::PlatformCALayer::~PlatformCALayer):
+ * platform/graphics/ca/mac/TileController.mm:
+ (WebCore::TileController::tileRevalidationTimerFired):
+
2014-04-14 Bem Jones-Bey <bjonesbe@adobe.com>
[CSS Shapes] Remove some leftover shape-inside code
// We release our references to the PlatformCALayers here, but do not actively unparent them,
// since that will cause a commit and break our batched commit model. The layers will
// get released when the rootmost modified GraphicsLayerCA rebuilds its child layers.
-
+
// Clean up the layer.
if (m_layer)
- m_layer->setOwner(0);
+ m_layer->setOwner(nullptr);
if (m_contentsLayer)
- m_contentsLayer->setOwner(0);
+ m_contentsLayer->setOwner(nullptr);
if (m_contentsClippingLayer)
- m_contentsClippingLayer->setOwner(0);
+ m_contentsClippingLayer->setOwner(nullptr);
if (m_structuralLayer)
- m_structuralLayer->setOwner(0);
+ m_structuralLayer->setOwner(nullptr);
removeCloneLayers();
git://git.webkit.org / WebKit-https.git / commitdiff