https://bugs.webkit.org/show_bug.cgi?id=76309
Reviewed by Nikolas Zimmermann.
updateWidgetPositions can blow away the owning renderer
and its frameview, so need to protect it with refptr.
Test: svg/dom/parent-view-layout-crash.html
* page/FrameView.cpp:
(WebCore::FrameView::forceLayoutParentViewIfNeeded):
LayoutTests: Crash in FrameView::forceLayoutParentViewIfNeeded.
https://bugs.webkit.org/show_bug.cgi?id=76309
Reviewed by Nikolas Zimmermann.
* svg/dom/parent-view-layout-crash-expected.txt: Added.
* svg/dom/parent-view-layout-crash.html: Added.
* svg/dom/resources/svg-font-face.svg: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@105250
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2012-01-18 Abhishek Arya <inferno@chromium.org>
+
+ Crash in FrameView::forceLayoutParentViewIfNeeded.
+ https://bugs.webkit.org/show_bug.cgi?id=76309
+
+ Reviewed by Nikolas Zimmermann.
+
+ * svg/dom/parent-view-layout-crash-expected.txt: Added.
+ * svg/dom/parent-view-layout-crash.html: Added.
+ * svg/dom/resources/svg-font-face.svg: Added.
+
2012-01-18 Shinya Kawanaka <shinyak@google.com>
Move ShadowContentElement from dom/ to html/ and make ShadowContentElement subclass of HTMLElement.
--- /dev/null
+Test passes if it does not crash.
--- /dev/null
+<!DOCTYPE html>\r
+<html>\r
+Test passes if it does not crash.\r
+<style></style>\r
+<script>\r
+if (window.layoutTestController)\r
+ layoutTestController.dumpAsText();\r
+\r
+function runTest()\r
+{\r
+ document.styleSheets[0].insertRule("font {}", 0);\r
+}\r
+</script>\r
+<object data="resources/svg-font-face.svg"></object>\r
+<object style="content:counter(item)" data="resources/svg-font-face.svg" onload="runTest()"></object>\r
+</script>\r
+</html>\r
+\r
--- /dev/null
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">\r
+ <font-face-uri xlink:href=""/>\r
+</svg>\r
+\r
+2012-01-18 Abhishek Arya <inferno@chromium.org>
+
+ Crash in FrameView::forceLayoutParentViewIfNeeded.
+ https://bugs.webkit.org/show_bug.cgi?id=76309
+
+ Reviewed by Nikolas Zimmermann.
+
+ updateWidgetPositions can blow away the owning renderer
+ and its frameview, so need to protect it with refptr.
+
+ Test: svg/dom/parent-view-layout-crash.html
+
+ * page/FrameView.cpp:
+ (WebCore::FrameView::forceLayoutParentViewIfNeeded):
+
2012-01-18 Shinya Kawanaka <shinyak@google.com>
Move ShadowContentElement from dom/ to html/ and make ShadowContentElement subclass of HTMLElement.
if (!svgRoot->needsSizeNegotiationWithHostDocument())
return;
+ RefPtr<FrameView> frameView = ownerRenderer->frame()->view();
+
ASSERT(!m_inLayoutParentView);
TemporaryChange<bool> resetInLayoutParentView(m_inLayoutParentView, true);
rootView->updateWidgetPositions();
// Synchronously enter layout, to layout the view containing the host object/embed/iframe.
- FrameView* frameView = ownerRenderer->frame()->view();
ASSERT(frameView);
frameView->layout();
#endif
projects / profile / ivi / webkit-efl.git / commitdiff
