Crashes with guard malloc under RenderFullScreen::unwrapRenderer
authorantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 2 Oct 2017 18:29:25 +0000 (18:29 +0000)
committerantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 2 Oct 2017 18:29:25 +0000 (18:29 +0000)
https://bugs.webkit.org/show_bug.cgi?id=177760

Unreviewed.

* rendering/RenderFullScreen.cpp:
(WebCore::RenderFullScreen::unwrapRenderer):

The assert accesses 'this' after it has been deleted. It is not very valuable so remove the assert.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@222726 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/rendering/RenderFullScreen.cpp

index 46913fb..0902852 100644 (file)
@@ -1,3 +1,15 @@
+2017-10-02  Antti Koivisto  <antti@apple.com>
+
+        Crashes with guard malloc under RenderFullScreen::unwrapRenderer
+        https://bugs.webkit.org/show_bug.cgi?id=177760
+
+        Unreviewed.
+
+        * rendering/RenderFullScreen.cpp:
+        (WebCore::RenderFullScreen::unwrapRenderer):
+
+        The assert accesses 'this' after it has been deleted. It is not very valuable so remove the assert.
+
 2017-10-02  Zan Dobersek  <zdobersek@igalia.com>
 
         GraphicsContext: remove unused ENABLE(3D_TRANSFORMS) && USE(TEXTURE_MAPPER)
index 364c3ae..69888cd 100644 (file)
@@ -192,8 +192,6 @@ void RenderFullScreen::unwrapRenderer(bool& requiresRenderTreeRebuild)
     ASSERT(!placeholder());
 
     removeFromParentAndDestroy();
-    
-    ASSERT(!document().fullScreenRenderer());
 }
 
 void RenderFullScreen::setPlaceholder(RenderBlock* placeholder)