Robo
GitHub
parent
459a8417e3
commit
19a6286dfd
2 changed files with 49 additions and 0 deletions
|
|
@ -101,3 +101,4 @@ build_do_not_depend_on_packed_resource_integrity.patch
|
||||||
refactor_restore_base_adaptcallbackforrepeating.patch
|
refactor_restore_base_adaptcallbackforrepeating.patch
|
||||||
hack_to_allow_gclient_sync_with_host_os_mac_on_linux_in_ci.patch
|
hack_to_allow_gclient_sync_with_host_os_mac_on_linux_in_ci.patch
|
||||||
don_t_run_pcscan_notifythreadcreated_if_pcscan_is_disabled.patch
|
don_t_run_pcscan_notifythreadcreated_if_pcscan_is_disabled.patch
|
||||||
|
set_svgimage_page_after_document_install.patch
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,48 @@
|
||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Fredrik=20S=C3=B6derqvist?= <fs@opera.com>
|
||||||
|
Date: Fri, 9 Jul 2021 08:44:55 +0000
|
||||||
|
Subject: Set SVGImage::page_ after document install
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
We can end up having the associated ImageResource call
|
||||||
|
SVGImage::ResetAnimation() before the Document has been associated with
|
||||||
|
the SVGImage's LocalFrame, but after the link to the initial Document
|
||||||
|
was severed, if a GC is triggered within that window and ends up
|
||||||
|
collecting the last observer of the ImageResource.
|
||||||
|
|
||||||
|
By assigning |SVGImage::page_| after the installing the document, we
|
||||||
|
close this hole since SVGImage::RootElement() (called by
|
||||||
|
SVGImage::ResetAnimation()) will now observe a null Page and return null
|
||||||
|
without attempting to dereference the document.
|
||||||
|
|
||||||
|
Bug: 1216190
|
||||||
|
Change-Id: I26e08848e5b9bd52e3377841eee35e4acc03d320
|
||||||
|
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3010140
|
||||||
|
Reviewed-by: Stephen Chenney <schenney@chromium.org>
|
||||||
|
Commit-Queue: Fredrik Söderquist <fs@opera.com>
|
||||||
|
Cr-Commit-Position: refs/heads/master@{#899922}
|
||||||
|
|
||||||
|
diff --git a/third_party/blink/renderer/core/svg/graphics/svg_image.cc b/third_party/blink/renderer/core/svg/graphics/svg_image.cc
|
||||||
|
index b23ad2192bec4d1cac9d704074d12c9e00d4d2f5..ff2bf69be27f0afcb6a9909e716495e8d4a127ef 100644
|
||||||
|
--- a/third_party/blink/renderer/core/svg/graphics/svg_image.cc
|
||||||
|
+++ b/third_party/blink/renderer/core/svg/graphics/svg_image.cc
|
||||||
|
@@ -851,12 +851,15 @@ Image::SizeAvailability SVGImage::DataChanged(bool all_data_received) {
|
||||||
|
// SVG Images are transparent.
|
||||||
|
frame->View()->SetBaseBackgroundColor(Color::kTransparent);
|
||||||
|
|
||||||
|
- page_ = page;
|
||||||
|
-
|
||||||
|
TRACE_EVENT0("blink", "SVGImage::dataChanged::load");
|
||||||
|
|
||||||
|
frame->ForceSynchronousDocumentInstall("image/svg+xml", Data());
|
||||||
|
|
||||||
|
+ // Set up our Page reference after installing our document. This avoids
|
||||||
|
+ // tripping on a non-existing (null) Document if a GC is triggered during the
|
||||||
|
+ // set up and ends up collecting the last owner/observer of this image.
|
||||||
|
+ page_ = page;
|
||||||
|
+
|
||||||
|
// Intrinsic sizing relies on computed style (e.g. font-size and
|
||||||
|
// writing-mode).
|
||||||
|
frame->GetDocument()->UpdateStyleAndLayoutTree();
|
||||||
Loading…
Add table
Add a link
Reference in a new issue