[webkit-changes] [247121] trunk/Source/WebCore

Wed, 03 Jul 2019 17:50:29 -0700

Title: [247121] trunk/Source/WebCore
Revision
247121
Author
s...@apple.com
Date
2019-07-03 17:49:01 -0700 (Wed, 03 Jul 2019)

Log Message

The destructor of CSSAnimationControllerPrivate must explicitly clear the composite animations
https://bugs.webkit.org/show_bug.cgi?id=199415

Reviewed by Simon Fraser.

After the destructor of CSSAnimationControllerPrivate exists, the non
static members are deleted. When the HashMap m_compositeAnimations is
deleted, its entries are deleted. The destructor of CompositeAnimation
calls the method CSSAnimationControllerPrivate::animationWillBeRemoved()
back through its back reference m_animationController. The non static
members of CSSAnimationControllerPrivate are being deleted and it is
incorrect to try to use any of these members after exiting the destructor.

We need to explicitly clear the composite animations before exiting the 
destructor of CSSAnimationControllerPrivate.

* page/animation/CSSAnimationController.cpp:
(WebCore::CSSAnimationControllerPrivate::~CSSAnimationControllerPrivate):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (247120 => 247121)


--- trunk/Source/WebCore/ChangeLog	2019-07-04 00:42:30 UTC (rev 247120)
+++ trunk/Source/WebCore/ChangeLog	2019-07-04 00:49:01 UTC (rev 247121)
@@ -1,3 +1,24 @@
+2019-07-03  Said Abou-Hallawa  <sabouhall...@apple.com>
+
+        The destructor of CSSAnimationControllerPrivate must explicitly clear the composite animations
+        https://bugs.webkit.org/show_bug.cgi?id=199415
+
+        Reviewed by Simon Fraser.
+
+        After the destructor of CSSAnimationControllerPrivate exists, the non
+        static members are deleted. When the HashMap m_compositeAnimations is
+        deleted, its entries are deleted. The destructor of CompositeAnimation
+        calls the method CSSAnimationControllerPrivate::animationWillBeRemoved()
+        back through its back reference m_animationController. The non static
+        members of CSSAnimationControllerPrivate are being deleted and it is
+        incorrect to try to use any of these members after exiting the destructor.
+
+        We need to explicitly clear the composite animations before exiting the 
+        destructor of CSSAnimationControllerPrivate.
+
+        * page/animation/CSSAnimationController.cpp:
+        (WebCore::CSSAnimationControllerPrivate::~CSSAnimationControllerPrivate):
+
 2019-07-03  Jer Noble  <jer.no...@apple.com>
 
         HTMLMediaElement can hold onto display sleep assertion while process is suspended.

Modified: trunk/Source/WebCore/page/animation/CSSAnimationController.cpp (247120 => 247121)


--- trunk/Source/WebCore/page/animation/CSSAnimationController.cpp	2019-07-04 00:42:30 UTC (rev 247120)
+++ trunk/Source/WebCore/page/animation/CSSAnimationController.cpp	2019-07-04 00:49:01 UTC (rev 247121)
@@ -78,7 +78,12 @@
 {
 }
 
-CSSAnimationControllerPrivate::~CSSAnimationControllerPrivate() = default;
+CSSAnimationControllerPrivate::~CSSAnimationControllerPrivate()
+{
+    // We need to explicitly clear the composite animations here because the
+    // destructor of CompositeAnimation will call members of this class back.
+    m_compositeAnimations.clear();
+}
 
 CompositeAnimation& CSSAnimationControllerPrivate::ensureCompositeAnimation(Element& element)
 {

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to