Changeset 181256 in webkit


Ignore:
Timestamp:
Mar 8, 2015 7:55:30 PM (9 years ago)
Author:
Chris Dumez
Message:

Crash in WebCore::NotificationCenter::stop()
https://bugs.webkit.org/show_bug.cgi?id=142444
<rdar://problem/20082520>

Reviewed by Darin Adler.

Rework the patch in r181219 so that we do not need a Ref<NotificationCenter> protector
in NotificationCenter::stop(). Instead, we put the client in a local variable and null
out m_client *before* calling NotificationClient::clearNotifications().

No new tests, already covered by:
http/tests/notifications/event-listener-crash.html

  • Modules/notifications/NotificationCenter.cpp:

(WebCore::NotificationCenter::stop):

Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r181247 r181256  
     12015-03-08  Chris Dumez  <cdumez@apple.com>
     2
     3        Crash in WebCore::NotificationCenter::stop()
     4        https://bugs.webkit.org/show_bug.cgi?id=142444
     5        <rdar://problem/20082520>
     6
     7        Reviewed by Darin Adler.
     8
     9        Rework the patch in r181219 so that we do not need a Ref<NotificationCenter> protector
     10        in NotificationCenter::stop(). Instead, we put the client in a local variable and null
     11        out m_client *before* calling NotificationClient::clearNotifications().
     12
     13        No new tests, already covered by:
     14        http/tests/notifications/event-listener-crash.html
     15
     16        * Modules/notifications/NotificationCenter.cpp:
     17        (WebCore::NotificationCenter::stop):
     18
    1192015-03-08  Simon Fraser  <simon.fraser@apple.com>
    220

  • trunk/Source/WebCore/Modules/notifications/NotificationCenter.cpp

    r181219 r181256  
    102102        return;
    103103
    104     // The call to clearNotifications() below will destroy the notifications. The notifications will
    105     // unref the NotificationCenter when destroyed so we need to protect the NotificationCenter here
    106     // in case no-one else holds a ref to the NotificationCenter at this point besides Notifications.
    107     Ref<NotificationCenter> protect(*this);
    108     m_client->cancelRequestsForPermission(scriptExecutionContext());
    109     m_client->clearNotifications(scriptExecutionContext());
     104    // Clear m_client now because the call to NotificationClient::clearNotifications() below potentially
     105    // destroy the NotificationCenter. This is because the notifications will be destroyed and unref the
     106    // NotificationCenter.
     107    auto& client = *m_client;
    110108    m_client = nullptr;
     109
     110    client.cancelRequestsForPermission(scriptExecutionContext());
     111    client.clearNotifications(scriptExecutionContext());
     112    // Do not attempt the access |this|, the NotificationCenter may be destroyed at this point.
    111113}
    112114
Note: See TracChangeset for help on using the changeset viewer.