Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(207)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/rendering/RenderLayerScrollableArea.cpp

Issue 132913002: Harden the machinery around updateWidgetPositions() (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Add FIXME Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/core/frame/FrameView.cpp ('k') | Source/core/rendering/RenderView.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Apple Inc. All rights reserved. 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Apple Inc. All rights reserved.
3 * 3 *
4 * Portions are Copyright (C) 1998 Netscape Communications Corporation. 4 * Portions are Copyright (C) 1998 Netscape Communications Corporation.
5 * 5 *
6 * Other contributors: 6 * Other contributors:
7 * Robert O'Callahan <roc+@cs.cmu.edu> 7 * Robert O'Callahan <roc+@cs.cmu.edu>
8 * David Baron <dbaron@fas.harvard.edu> 8 * David Baron <dbaron@fas.harvard.edu>
9 * Christian Biesinger <cbiesinger@web.de> 9 * Christian Biesinger <cbiesinger@web.de>
10 * Randall Jesup <rjesup@wgate.com> 10 * Randall Jesup <rjesup@wgate.com>
(...skipping 312 matching lines...) Expand 10 before | Expand all | Expand 10 after
323 if (m_scrollDimensionsDirty) 323 if (m_scrollDimensionsDirty)
324 computeScrollDimensions(); 324 computeScrollDimensions();
325 } 325 }
326 326
327 if (scrollOffset() == toIntSize(newScrollOffset)) 327 if (scrollOffset() == toIntSize(newScrollOffset))
328 return; 328 return;
329 329
330 setScrollOffset(toIntSize(newScrollOffset)); 330 setScrollOffset(toIntSize(newScrollOffset));
331 331
332 Frame* frame = m_box->frame(); 332 Frame* frame = m_box->frame();
333 ASSERT(frame);
334
335 RefPtr<FrameView> frameView = m_box->frameView();
336
333 InspectorInstrumentation::willScrollLayer(m_box); 337 InspectorInstrumentation::willScrollLayer(m_box);
334 338
335 RenderView* view = m_box->view();
336
337 // We should have a RenderView if we're trying to scroll.
338 ASSERT(view);
339
340 // Update the positions of our child layers (if needed as only fixed layers should be impacted by a scroll). 339 // Update the positions of our child layers (if needed as only fixed layers should be impacted by a scroll).
341 // We don't update compositing layers, because we need to do a deep update f rom the compositing ancestor. 340 // We don't update compositing layers, because we need to do a deep update f rom the compositing ancestor.
342 bool inLayout = view ? view->frameView()->isInLayout() : false; 341 if (!frameView->isInLayout()) {
343 if (!inLayout) {
344 // If we're in the middle of layout, we'll just update layers once layou t has finished. 342 // If we're in the middle of layout, we'll just update layers once layou t has finished.
345 layer()->updateLayerPositionsAfterOverflowScroll(); 343 layer()->updateLayerPositionsAfterOverflowScroll();
346 if (view) { 344 // Update regions, scrolling may change the clip of a particular region.
347 // Update regions, scrolling may change the clip of a particular reg ion. 345 frameView->updateAnnotatedRegions();
348 view->frameView()->updateAnnotatedRegions(); 346 // FIXME: We shouldn't call updateWidgetPositions() here since it might tear down the render tree,
349 view->updateWidgetPositions(); 347 // for now we just crash to avoid allowing an attacker to use after free .
350 } 348 frameView->updateWidgetPositions();
351 349 RELEASE_ASSERT(frameView->renderView());
352 updateCompositingLayersAfterScroll(); 350 updateCompositingLayersAfterScroll();
353 } 351 }
354 352
355 RenderLayerModelObject* repaintContainer = m_box->containerForRepaint(); 353 RenderLayerModelObject* repaintContainer = m_box->containerForRepaint();
356 if (frame) { 354 // The caret rect needs to be invalidated after scrolling
357 // The caret rect needs to be invalidated after scrolling 355 frame->selection().setCaretRectNeedsUpdate();
358 frame->selection().setCaretRectNeedsUpdate();
359 356
360 FloatQuad quadForFakeMouseMoveEvent = FloatQuad(layer()->repainter().rep aintRect()); 357 FloatQuad quadForFakeMouseMoveEvent = FloatQuad(layer()->repainter().repaint Rect());
361 if (repaintContainer) 358 if (repaintContainer)
362 quadForFakeMouseMoveEvent = repaintContainer->localToAbsoluteQuad(qu adForFakeMouseMoveEvent); 359 quadForFakeMouseMoveEvent = repaintContainer->localToAbsoluteQuad(quadFo rFakeMouseMoveEvent);
363 frame->eventHandler().dispatchFakeMouseMoveEventSoonInQuad(quadForFakeMo useMoveEvent); 360 frame->eventHandler().dispatchFakeMouseMoveEventSoonInQuad(quadForFakeMouseM oveEvent);
364 }
365 361
366 bool requiresRepaint = true; 362 bool requiresRepaint = true;
367 363
368 if (m_box->view()->compositor()->inCompositingMode()) { 364 if (m_box->view()->compositor()->inCompositingMode()) {
369 bool onlyScrolledCompositedLayers = scrollsOverflow() 365 bool onlyScrolledCompositedLayers = scrollsOverflow()
370 && !layer()->hasVisibleNonLayerContent() 366 && !layer()->hasVisibleNonLayerContent()
371 && !layer()->hasNonCompositedChild() 367 && !layer()->hasNonCompositedChild()
372 && !layer()->hasBlockSelectionGapBounds() 368 && !layer()->hasBlockSelectionGapBounds()
373 && !m_box->isMarquee(); 369 && !m_box->isMarquee();
374 370
375 if (usesCompositedScrolling() || onlyScrolledCompositedLayers) 371 if (usesCompositedScrolling() || onlyScrolledCompositedLayers)
376 requiresRepaint = false; 372 requiresRepaint = false;
377 } 373 }
378 374
379 // Just schedule a full repaint of our object. 375 // Just schedule a full repaint of our object.
380 if (view && requiresRepaint) 376 if (requiresRepaint)
381 m_box->repaintUsingContainer(repaintContainer, pixelSnappedIntRect(layer ()->repainter().repaintRect())); 377 m_box->repaintUsingContainer(repaintContainer, pixelSnappedIntRect(layer ()->repainter().repaintRect()));
382 378
383 // Schedule the scroll DOM event. 379 // Schedule the scroll DOM event.
384 if (m_box->node()) 380 if (m_box->node())
385 m_box->node()->document().enqueueScrollEventForNode(m_box->node()); 381 m_box->node()->document().enqueueScrollEventForNode(m_box->node());
386 382
387 InspectorInstrumentation::didScrollLayer(m_box); 383 InspectorInstrumentation::didScrollLayer(m_box);
388 } 384 }
389 385
390 IntPoint RenderLayerScrollableArea::scrollPosition() const 386 IntPoint RenderLayerScrollableArea::scrollPosition() const
(...skipping 1075 matching lines...) Expand 10 before | Expand all | Expand 10 after
1466 void RenderLayerScrollableArea::setForceNeedsCompositedScrolling(ForceNeedsCompo sitedScrollingMode mode) 1462 void RenderLayerScrollableArea::setForceNeedsCompositedScrolling(ForceNeedsCompo sitedScrollingMode mode)
1467 { 1463 {
1468 if (m_forceNeedsCompositedScrolling == mode) 1464 if (m_forceNeedsCompositedScrolling == mode)
1469 return; 1465 return;
1470 1466
1471 m_forceNeedsCompositedScrolling = mode; 1467 m_forceNeedsCompositedScrolling = mode;
1472 layer()->didUpdateNeedsCompositedScrolling(); 1468 layer()->didUpdateNeedsCompositedScrolling();
1473 } 1469 }
1474 1470
1475 } // Namespace WebCore 1471 } // Namespace WebCore
OLDNEW
« no previous file with comments | « Source/core/frame/FrameView.cpp ('k') | Source/core/rendering/RenderView.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698