Changeset 137140 in webkit

Timestamp:

Dec 10, 2012, 5:34:44 AM (13 years ago)

Author:

charles.wei@torchmobile.com.cn

Message:

[BlackBerry] Webkit crashes sometimes (even though very rarely) when deleting a webview
​https://bugs.webkit.org/show_bug.cgi?id=104504

Reviewed by George Staikos.

When deleting a webview, the webkit thread will send a sync message to userInterfaceThread
to delete handlers, including the viewport accessor. But the UserInterfaceThread could be
doing a blit after it has deleted the viewport accessor and before the webkit thread gets
the time slot to resume it's operation to clean up the webview, which leaves a very short
time that viewport accessor of a webpage has been deleted while the webpage is still in
the process of deleting, and the viewport accessor is referenced in the UserInterfaceThread.

So we need to check if the viewport accessor is NULL before using it in the backingstore code.

• Api/BackingStore.cpp:

(BlackBerry::WebKit::BackingStorePrivate::blitVisibleContents):
(BlackBerry::WebKit::BackingStorePrivate::invalidateWindow):

Location:

trunk/Source/WebKit/blackberry

Files:

• Api/BackingStore.cpp (modified) (2 diffs)
• ChangeLog (modified) (1 diff)

trunk/Source/WebKit/blackberry/Api/BackingStore.cpp

@@ -1286 +1286 @@
 
     Platform::ViewportAccessor* viewportAccessor = m_webPage->client()->userInterfaceViewportAccessor();
+    if (!viewportAccessor)
+        return;
     const Platform::IntRect dstRect = viewportAccessor->destinationSurfaceRect();
 
@@ -2285 +2287 @@
 {
     // Grab a rect appropriate for the current thread.
-    if (BlackBerry::Platform::userInterfaceThreadMessageClient()->isCurrentThread())
-        invalidateWindow(m_webPage->client()->userInterfaceViewportAccessor()->destinationSurfaceRect());
-    else
+    if (BlackBerry::Platform::userInterfaceThreadMessageClient()->isCurrentThread()) {
+        if (m_webPage->client()->userInterfaceViewportAccessor())
+            invalidateWindow(m_webPage->client()->userInterfaceViewportAccessor()->destinationSurfaceRect());
+    } else
         invalidateWindow(Platform::IntRect(Platform::IntPoint(0, 0), m_client->transformedViewportSize()));
 }

trunk/Source/WebKit/blackberry/ChangeLog

@@ +1 @@
+2012-12-10  Charles Wei  <charles.wei@torchmobile.com.cn>
+
+        [BlackBerry] Webkit crashes sometimes (even though very rarely) when deleting a webview
+        https://bugs.webkit.org/show_bug.cgi?id=104504
+
+        Reviewed by George Staikos.
+
+        When deleting a webview, the webkit thread will send a sync message to userInterfaceThread
+        to delete handlers, including the viewport accessor. But the UserInterfaceThread could be
+        doing a blit after it has deleted the viewport accessor and before the webkit thread gets
+        the time slot to resume it's operation to clean up the webview, which leaves a very short
+        time that viewport accessor of a webpage has been deleted while the webpage is still in
+        the process of deleting, and the viewport accessor is referenced in the UserInterfaceThread.
+
+        So we need to check if the viewport accessor is NULL before using it in the backingstore code.
+
+        * Api/BackingStore.cpp:
+        (BlackBerry::WebKit::BackingStorePrivate::blitVisibleContents):
+        (BlackBerry::WebKit::BackingStorePrivate::invalidateWindow):
+
 2012-12-10  Kent Tamura  <tkent@chromium.org>