Changeset 68761 in webkit


Ignore:
Timestamp:
Sep 30, 2010 12:22:51 AM (14 years ago)
Author:
benjamin.poulain@nokia.com
Message:

2010-09-30 Benjamin Poulain <benjamin.poulain@nokia.com>

Reviewed by Andreas Kling.

[Qt] Crash if an scene with accelerated compositing layout during the paint event
https://bugs.webkit.org/show_bug.cgi?id=46812

Delay the deletion of the overlay after the current event is processed.

Removing the overlay can sometimes be done inside the rendering code of
the overlay itself. When the rendering code is using the reference after
the deletion of the overlay, WebKit crashes.

  • Api/qgraphicswebview.cpp: (QGraphicsWebViewPrivate::overlay):
  • WebCoreSupport/PageClientQt.cpp: (WebCore::PageClientQGraphicsWidget::~PageClientQGraphicsWidget): (WebCore::PageClientQGraphicsWidget::createOrDeleteOverlay):
  • WebCoreSupport/PageClientQt.h: (WebCore::PageClientQGraphicsWidget::PageClientQGraphicsWidget):
Location:
trunk/WebKit/qt
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/WebKit/qt/Api/qgraphicswebview.cpp

    r68653 r68761  
    8181        if (!page || !page->d->client)
    8282            return 0;
    83         return static_cast<PageClientQGraphicsWidget*>(page->d->client)->overlay.data();
     83        return static_cast<PageClientQGraphicsWidget*>(page->d->client)->overlay;
    8484    }
    8585};
  • trunk/WebKit/qt/ChangeLog

    r68760 r68761  
     12010-09-30  Benjamin Poulain  <benjamin.poulain@nokia.com>
     2
     3        Reviewed by Andreas Kling.
     4
     5        [Qt] Crash if an scene with accelerated compositing layout during the paint event
     6        https://bugs.webkit.org/show_bug.cgi?id=46812
     7
     8        Delay the deletion of the overlay after the current event is processed.
     9
     10        Removing the overlay can sometimes be done inside the rendering code of
     11        the overlay itself. When the rendering code is using the reference after
     12        the deletion of the overlay, WebKit crashes.
     13
     14        * Api/qgraphicswebview.cpp:
     15        (QGraphicsWebViewPrivate::overlay):
     16        * WebCoreSupport/PageClientQt.cpp:
     17        (WebCore::PageClientQGraphicsWidget::~PageClientQGraphicsWidget):
     18        (WebCore::PageClientQGraphicsWidget::createOrDeleteOverlay):
     19        * WebCoreSupport/PageClientQt.h:
     20        (WebCore::PageClientQGraphicsWidget::PageClientQGraphicsWidget):
     21
    1222010-09-30  Benjamin Poulain  <benjamin.poulain@nokia.com>
    223
  • trunk/WebKit/qt/WebCoreSupport/PageClientQt.cpp

    r68517 r68761  
    106106PageClientQGraphicsWidget::~PageClientQGraphicsWidget()
    107107{
     108    delete overlay;
    108109#if USE(ACCELERATED_COMPOSITING)
    109110    if (!rootGraphicsLayer)
     
    151152    if (useOverlay == !!overlay)
    152153        return;
     154
    153155    if (useOverlay) {
    154         overlay = QSharedPointer<QGraphicsItemOverlay>(new QGraphicsItemOverlay(view, page));
     156        overlay = new QGraphicsItemOverlay(view, page);
    155157        overlay->setZValue(OverlayZValue);
    156     } else
    157         overlay.clear();
     158    } else {
     159        // Changing the overlay might be done inside paint events.
     160        overlay->deleteLater();
     161        overlay = 0;
     162    }
    158163}
    159164
  • trunk/WebKit/qt/WebCoreSupport/PageClientQt.h

    r68517 r68761  
    3333#include "qwebpage_p.h"
    3434#include <QtCore/qmetaobject.h>
    35 #include <QtCore/qsharedpointer.h>
    3635#include <QtGui/qgraphicsscene.h>
    3736#include <QtGui/qgraphicsview.h>
     
    8483// the overlay is here for one reason only: to have the scroll-bars and other
    8584// extra UI elements appear on top of any QGraphicsItems created by CSS compositing layers
    86 class QGraphicsItemOverlay : public QGraphicsItem {
     85class QGraphicsItemOverlay : public QGraphicsObject {
    8786    public:
    8887    QGraphicsItemOverlay(QGraphicsWidget* view, QWebPage* p)
    89             :QGraphicsItem(view)
     88            :QGraphicsObject(view)
    9089            , q(view)
    9190            , page(p)
     
    125124        , shouldSync(false)
    126125#endif
     126        , overlay(0)
    127127    {
    128128       Q_ASSERT(view);
     
    195195#endif
    196196    // the overlay gets instantiated when the root layer is attached, and get deleted when it's detached
    197     QSharedPointer<QGraphicsItemOverlay> overlay;
     197    QGraphicsItemOverlay* overlay;
    198198
    199199    // we need to put the root graphics layer behind the overlay (which contains the scrollbar)
Note: See TracChangeset for help on using the changeset viewer.