Changeset 228476 in webkit
- Timestamp:
- Feb 14, 2018 11:34:35 AM (6 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
html/HTMLPlugInElement.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r228471 r228476 1 2018-02-14 Dean Jackson <dino@apple.com> 2 3 CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot + 618 4 https://bugs.webkit.org/show_bug.cgi?id=182798 5 <rdar://problem/23337253> 6 7 Reviewed by Eric Carlson. 8 9 Speculative fix for a crash in HTMLPlugInImageElement::didAddUserAgentShadowRoot. 10 The guess is that the m_swapRendererTimer is set, and the display state changes to 11 something that does not require a shadow root, but before the timer fires. 12 Fix this by ensuring that the timer is reset on every display state change. 13 14 * html/HTMLPlugInElement.cpp: 15 (WebCore::HTMLPlugInElement::setDisplayState): Guard for sets that wouldn't 16 actually change value, and make sure we always reset the timer. 17 1 18 2018-02-14 Antoine Quint <graouts@apple.com> 2 19 -
trunk/Source/WebCore/html/HTMLPlugInElement.cpp
r228260 r228476 287 287 void HTMLPlugInElement::setDisplayState(DisplayState state) 288 288 { 289 if (state == m_displayState) 290 return; 291 289 292 m_displayState = state; 290 293 291 if ((state == DisplayingSnapshot || displayState() == PreparingPluginReplacement) && !m_swapRendererTimer.isActive()) 294 m_swapRendererTimer.stop(); 295 if (state == DisplayingSnapshot || displayState() == PreparingPluginReplacement) 292 296 m_swapRendererTimer.startOneShot(0_s); 293 297 }
Note: See TracChangeset
for help on using the changeset viewer.
