[webkit-changes] [207256] branches/safari-602.2.14.0-branch/Source/WebCore

Wed, 12 Oct 2016 16:01:32 -0700

Title: [207256] branches/safari-602.2.14.0-branch/Source/WebCore
Revision
207256
Author
matthew_han...@apple.com
Date
2016-10-12 16:02:05 -0700 (Wed, 12 Oct 2016)

Log Message

Merge r204631. rdar://problem/28481427


Modified Paths

Diff

Modified: branches/safari-602.2.14.0-branch/Source/WebCore/ChangeLog (207255 => 207256)


--- branches/safari-602.2.14.0-branch/Source/WebCore/ChangeLog	2016-10-12 23:02:01 UTC (rev 207255)
+++ branches/safari-602.2.14.0-branch/Source/WebCore/ChangeLog	2016-10-12 23:02:05 UTC (rev 207256)
@@ -1,5 +1,30 @@
 2016-10-12  Matthew Hanson  <matthew_han...@apple.com>
 
+        Merge r204631. rdar://problem/28481427
+
+    2016-08-19  Chris Dumez  <cdu...@apple.com>
+
+            DumpRenderTree crashed in com.apple.WebCore: WebCore::DOMWindow::resetDOMWindowProperties + 607
+            https://bugs.webkit.org/show_bug.cgi?id=160983
+            <rdar://problem/26768524>
+
+            Reviewed by Brent Fulgham.
+
+            Update DOMWindow::frameDestroyed() to ref the window object as the crash
+            traces seem to indicate it can get destroyed during the execution of this
+            method. Also update the code in the ~Frame destructor to not iterate over
+            the list of FrameDestructionObservers because observers remove themselves
+            from the list when they get destroyed.
+
+            No new tests, do not know how to reproduce.
+
+            * page/DOMWindow.cpp:
+            (WebCore::DOMWindow::frameDestroyed):
+            * page/Frame.cpp:
+            (WebCore::Frame::~Frame):
+
+2016-10-12  Matthew Hanson  <matthew_han...@apple.com>
+
         Merge r204266. rdar://problem/28216261
 
     2016-08-08  John Wilander  <wilan...@apple.com>

Modified: branches/safari-602.2.14.0-branch/Source/WebCore/page/DOMWindow.cpp (207255 => 207256)


--- branches/safari-602.2.14.0-branch/Source/WebCore/page/DOMWindow.cpp	2016-10-12 23:02:01 UTC (rev 207255)
+++ branches/safari-602.2.14.0-branch/Source/WebCore/page/DOMWindow.cpp	2016-10-12 23:02:05 UTC (rev 207256)
@@ -480,6 +480,8 @@
 
 void DOMWindow::frameDestroyed()
 {
+    Ref<DOMWindow> protectedThis(*this);
+
     willDestroyDocumentInFrame();
     FrameDestructionObserver::frameDestroyed();
     resetDOMWindowProperties();

Modified: branches/safari-602.2.14.0-branch/Source/WebCore/page/Frame.cpp (207255 => 207256)


--- branches/safari-602.2.14.0-branch/Source/WebCore/page/Frame.cpp	2016-10-12 23:02:01 UTC (rev 207255)
+++ branches/safari-602.2.14.0-branch/Source/WebCore/page/Frame.cpp	2016-10-12 23:02:05 UTC (rev 207256)
@@ -217,8 +217,8 @@
 
     disconnectOwnerElement();
 
-    for (auto& observer : m_destructionObservers)
-        observer->frameDestroyed();
+    while (auto* destructionObserver = m_destructionObservers.takeAny())
+        destructionObserver->frameDestroyed();
 
     if (!isMainFrame())
         m_mainFrame.selfOnlyDeref();

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to