Changeset 74134 in webkit

Timestamp:

Dec 15, 2010 12:15:38 PM (13 years ago)

Author:

andersca@apple.com

Message:

2010-12-15 Anders Carlsson <​andersca@apple.com>

Reviewed by Maciej Stachowiak.

Semi-reproducible crash in ChunkedUpdateDrawingArea::paintIntoUpdateChunk closing a particular yahoo page
​https://bugs.webkit.org/show_bug.cgi?id=51126
<rdar://problem/8771219>

Laying out the web page can cause the drawing area to change so we need to protect against this.

• WebProcess/WebPage/ChunkedUpdateDrawingArea.cpp: (WebKit::ChunkedUpdateDrawingArea::display):
• WebProcess/WebPage/LayerBackedDrawingArea.cpp: (WebKit::LayerBackedDrawingArea::display):
• WebProcess/WebPage/mac/LayerBackedDrawingAreaMac.mm: (WebKit::LayerBackedDrawingArea::updateLayoutRunLoopObserverFired):

Location:

trunk/WebKit2

Files:

• ChangeLog (modified) (1 diff)
• WebProcess/WebPage/ChunkedUpdateDrawingArea.cpp (modified) (2 diffs)
• WebProcess/WebPage/LayerBackedDrawingArea.cpp (modified) (2 diffs)
• WebProcess/WebPage/mac/LayerBackedDrawingAreaMac.mm (modified) (1 diff)

trunk/WebKit2/ChangeLog

@@ +1 @@
+2010-12-15  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Semi-reproducible crash in ChunkedUpdateDrawingArea::paintIntoUpdateChunk closing a particular yahoo page
+        https://bugs.webkit.org/show_bug.cgi?id=51126
+        <rdar://problem/8771219>
+
+        Laying out the web page can cause the drawing area to change so we need to protect against this.
+
+        * WebProcess/WebPage/ChunkedUpdateDrawingArea.cpp:
+        (WebKit::ChunkedUpdateDrawingArea::display):
+        * WebProcess/WebPage/LayerBackedDrawingArea.cpp:
+        (WebKit::LayerBackedDrawingArea::display):
+        * WebProcess/WebPage/mac/LayerBackedDrawingAreaMac.mm:
+        (WebKit::LayerBackedDrawingArea::updateLayoutRunLoopObserverFired):
+
 2010-12-15  Brian Weinstein  <bweinstein@apple.com>
 

trunk/WebKit2/WebProcess/WebPage/ChunkedUpdateDrawingArea.cpp

@@ -88 +88 @@
         return;
 
+    // Laying out the page can cause the drawing area to change so we keep an extra reference.
+    RefPtr<ChunkedUpdateDrawingArea> protect(this);
+
     // Layout if necessary.
     m_webPage->layoutIfNeeded();
  
+    if (m_webPage->drawingArea() != this)
+        return;
+    
     IntRect dirtyRect = m_dirtyRect;
     m_dirtyRect = IntRect();
@@ -134 +140 @@
     m_webPage->layoutIfNeeded();
 
-    if (m_webPage->drawingArea() != this) {
-        // The drawing area changed, return early.
-        return;
-    }
+    if (m_webPage->drawingArea() != this)
+        return;
 
     if (m_paintingIsSuspended) {

trunk/WebKit2/WebProcess/WebPage/LayerBackedDrawingArea.cpp

@@ -89 +89 @@
 void LayerBackedDrawingArea::display()
 {
+    // Laying out the page can cause the drawing area to change so we keep an extra reference.
+    RefPtr<LayerBackedDrawingArea> protect(this);
+
     // Layout if necessary.
     m_webPage->layoutIfNeeded();
+
+    if (m_webPage->drawingArea() != this)
+        return;
 }
 
@@ -111 +117 @@
     m_webPage->layoutIfNeeded();
 
-    if (m_webPage->drawingArea() != this) {
-        // The drawing area changed, return early.
-        return;
-    }
+    if (m_webPage->drawingArea() != this)
+        return;
     
     WebProcess::shared().connection()->send(DrawingAreaProxyMessage::DidSetSize, m_webPage->pageID(), CoreIPC::In(viewSize));

trunk/WebKit2/WebProcess/WebPage/mac/LayerBackedDrawingAreaMac.mm

@@ -164 +164 @@
 void LayerBackedDrawingArea::updateLayoutRunLoopObserverFired()
 {
+    // Laying out the page can cause the drawing area to change so we keep an extra reference.
+    RefPtr<LayerBackedDrawingArea> protect(this);
+
     m_webPage->layoutIfNeeded();
+
+    if (m_webPage->drawingArea() != this)
+        return;
     
     if (m_attached)