diff options
| author | Anders Edenbrandt <anders.edenbrandt@sonyericsson.com> | 2012-03-09 15:33:38 +0100 |
|---|---|---|
| committer | Kenneth Andersson <kenneth.andersson@sonymobile.com> | 2012-08-31 08:20:15 +0200 |
| commit | e90019d2a3c455d2bee14682e8973dcd33460010 (patch) | |
| tree | b394a6c3670998940531249ff0410ce6a9e84b44 | |
| parent | 5423878ee1cb0965ced62800f36933841eaa40f6 (diff) | |
| download | external_webkit-e90019d2a3c455d2bee14682e8973dcd33460010.zip external_webkit-e90019d2a3c455d2bee14682e8973dcd33460010.tar.gz external_webkit-e90019d2a3c455d2bee14682e8973dcd33460010.tar.bz2 | |
Crash on Orange media portal
Visit orange.deezer.com, press tab marked "My Music".
Browser crashes every time.
Pressing the button will trigger a re-layout of the page.
This in turn will cause some rendering nodes of type
RenderLayer to be removed from the rendering tree.
When such a node is removed, it is important to also
update certain lists in ancestor nodes that may hold references
to this node. A node that may hold such a reference is
identified as being a "stacking context".
However, in Android, when the symbol ENABLE_COMPOSITED_FIXED_ELEMENTS
is defined, the definition of what is a stacking context
is expanded. In this case, a node that is a stacking context
and holds references to descendants, changes one of the conditions
that form part of Android's expanded stacking context definition.
So, now it is no longer a stacking context, but the reference list
is not deleted/updated. When the descendant node is removed a
search for an ancestral stacking context is made, but it will
not find this node since it is no longer a stacking context.
The solution is to make sure that the list of references is
updated/cleared whenever the node changes a condition that
may cause its status as a stacking context to also change.
Change-Id: If5a7b63715020bc3d23749a7c09003a86d90e28d
| -rw-r--r-- | Source/WebCore/rendering/RenderObject.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Source/WebCore/rendering/RenderObject.cpp b/Source/WebCore/rendering/RenderObject.cpp index 012427c..ccd7c14 100644 --- a/Source/WebCore/rendering/RenderObject.cpp +++ b/Source/WebCore/rendering/RenderObject.cpp @@ -1667,6 +1667,12 @@ void RenderObject::styleWillChange(StyleDifference diff, const RenderStyle* newS // If our z-index changes value or our visibility changes, // we need to dirty our stacking context's z-order list. if (newStyle) { +#if ENABLE(COMPOSITED_FIXED_ELEMENTS) + RenderLayer* layer = hasLayer() ? enclosingLayer() : 0; + if (layer && m_style->position() != newStyle->position() + && (m_style->position() == FixedPosition || newStyle->position() == FixedPosition)) + layer->dirtyZOrderLists(); +#endif bool visibilityChanged = m_style->visibility() != newStyle->visibility() || m_style->zIndex() != newStyle->zIndex() || m_style->hasAutoZIndex() != newStyle->hasAutoZIndex(); |