Accepting request 596005 from home:mgorse:branches:GNOME:Factory

- Add webkit2gtk3-boo1088932-a11y-state-set.patch: fix crash when
  atk_object_ref_state_set is called on an AtkObject that's being
  destroyed (boo#1088932 webkit#184366).

OBS-URL: https://build.opensuse.org/request/show/596005
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/webkit2gtk3?expand=0&rev=155
This commit is contained in:
Dominique Leuenberger 2018-04-13 06:52:08 +00:00 committed by Git OBS Bridge
parent 363e4ba039
commit 4f062e3ae0
3 changed files with 68 additions and 0 deletions

View File

@ -0,0 +1,58 @@
diff -urp webkitgtk-2.20.1.orig/Source/WebCore/accessibility/AccessibilityObject.cpp webkitgtk-2.20.1/Source/WebCore/accessibility/AccessibilityObject.cpp
--- webkitgtk-2.20.1.orig/Source/WebCore/accessibility/AccessibilityObject.cpp 2018-04-09 07:00:57.000000000 -0500
+++ webkitgtk-2.20.1/Source/WebCore/accessibility/AccessibilityObject.cpp 2018-04-10 21:07:52.446048647 -0500
@@ -1771,7 +1771,7 @@ void AccessibilityObject::updateBackingS
// Updating the layout may delete this object.
RefPtr<AccessibilityObject> protectedThis(this);
if (auto* document = this->document()) {
- if (!document->view()->layoutContext().isInRenderTreeLayout() && !document->inRenderTreeUpdate() && !document->inStyleRecalc())
+ if (!document->view()->layoutContext().isInRenderTreeLayout() && !document->inRenderTreeUpdate() && document->isSafeToUpdateStyleOrLayout())
document->updateLayoutIgnorePendingStylesheets();
}
updateChildrenIfNecessary();
diff -urp webkitgtk-2.20.1.orig/Source/WebCore/dom/Document.cpp webkitgtk-2.20.1/Source/WebCore/dom/Document.cpp
--- webkitgtk-2.20.1.orig/Source/WebCore/dom/Document.cpp 2018-03-05 05:36:37.000000000 -0600
+++ webkitgtk-2.20.1/Source/WebCore/dom/Document.cpp 2018-04-10 21:07:52.454048680 -0500
@@ -1940,11 +1940,10 @@ bool Document::needsStyleRecalc() const
return false;
}
-static bool isSafeToUpdateStyleOrLayout(const Document& document)
+bool Document::isSafeToUpdateStyleOrLayout() const
{
bool isSafeToExecuteScript = ScriptDisallowedScope::InMainThread::isScriptAllowed();
- auto* frameView = document.view();
- bool isInFrameFlattening = frameView && frameView->isInChildFrameWithFrameFlattening();
+ bool isInFrameFlattening = view() && view()->isInChildFrameWithFrameFlattening();
bool isAssertionDisabled = ScriptDisallowedScope::LayoutAssertionDisableScope::shouldDisable();
return isSafeToExecuteScript || isInFrameFlattening || !isInWebProcess() || isAssertionDisabled;
}
@@ -1967,7 +1966,7 @@ bool Document::updateStyleIfNeeded()
}
// The early exit above for !needsStyleRecalc() is needed when updateWidgetPositions() is called in runOrScheduleAsynchronousTasks().
- RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(isSafeToUpdateStyleOrLayout(*this));
+ RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(isSafeToUpdateStyleOrLayout());
resolveStyle();
return true;
@@ -1983,7 +1982,7 @@ void Document::updateLayout()
ASSERT_NOT_REACHED();
return;
}
- RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(isSafeToUpdateStyleOrLayout(*this));
+ RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(isSafeToUpdateStyleOrLayout());
RenderView::RepaintRegionAccumulator repaintRegionAccumulator(renderView());
diff -urp webkitgtk-2.20.1.orig/Source/WebCore/dom/Document.h webkitgtk-2.20.1/Source/WebCore/dom/Document.h
--- webkitgtk-2.20.1.orig/Source/WebCore/dom/Document.h 2018-03-05 04:11:41.000000000 -0600
+++ webkitgtk-2.20.1/Source/WebCore/dom/Document.h 2018-04-10 21:07:52.454048680 -0500
@@ -1253,6 +1253,7 @@ public:
bool inStyleRecalc() const { return m_inStyleRecalc; }
bool inRenderTreeUpdate() const { return m_inRenderTreeUpdate; }
+ WEBCORE_EXPORT bool isSafeToUpdateStyleOrLayout() const;
void updateTextRenderer(Text&, unsigned offsetOfReplacedText, unsigned lengthOfReplacedText);

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Apr 11 15:53:22 UTC 2018 - mgorse@suse.com
- Add webkit2gtk3-boo1088932-a11y-state-set.patch: fix crash when
atk_object_ref_state_set is called on an AtkObject that's being
destroyed (boo#1088932 webkit#184366).
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Apr 10 10:23:30 UTC 2018 - bjorn.lie@gmail.com Tue Apr 10 10:23:30 UTC 2018 - bjorn.lie@gmail.com

View File

@ -52,6 +52,8 @@ Source99: webkit2gtk3.keyring
Patch0: webkitgtk-typelib-sharelib-link.patch Patch0: webkitgtk-typelib-sharelib-link.patch
# PATCH-FIX-UPSTREAM webkit2gtk3-python3.patch bsc#1079812 mgorse@suse.com -- port to Python 3. # PATCH-FIX-UPSTREAM webkit2gtk3-python3.patch bsc#1079812 mgorse@suse.com -- port to Python 3.
Patch1: webkit2gtk3-python3.patch Patch1: webkit2gtk3-python3.patch
# PATCh-FIX-UPSTREAM webkit2gtk3-boo1088932-a11y-state-set.patch boo#1088932 webkit#184366 mgorse@suse.com -- fix crash when atk_object_ref_state_set is called on an AtkObject that's being destroyed.
Patch2: webkit2gtk3-boo1088932-a11y-state-set.patch
BuildRequires: Mesa-libEGL-devel BuildRequires: Mesa-libEGL-devel
BuildRequires: Mesa-libGL-devel BuildRequires: Mesa-libGL-devel
BuildRequires: Mesa-libGLESv1_CM-devel BuildRequires: Mesa-libGLESv1_CM-devel
@ -260,6 +262,7 @@ invoking a Perl or Python script.
%if %{with python3} %if %{with python3}
%patch1 -p1 %patch1 -p1
%endif %endif
%patch2 -p1
%build %build
# Here we must muzzle our dog so it doesn't eat all the memory # Here we must muzzle our dog so it doesn't eat all the memory