[webkit-changes] [228476] trunk/Source/WebCore

Wed, 14 Feb 2018 11:35:28 -0800

Title: [228476] trunk/Source/WebCore
Revision
228476
Author
d...@apple.com
Date
2018-02-14 11:34:35 -0800 (Wed, 14 Feb 2018)

Log Message

CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot + 618
https://bugs.webkit.org/show_bug.cgi?id=182798
<rdar://problem/23337253>

Reviewed by Eric Carlson.

Speculative fix for a crash in HTMLPlugInImageElement::didAddUserAgentShadowRoot.
The guess is that the m_swapRendererTimer is set, and the display state changes to
something that does not require a shadow root, but before the timer fires.
Fix this by ensuring that the timer is reset on every display state change.

* html/HTMLPlugInElement.cpp:
(WebCore::HTMLPlugInElement::setDisplayState): Guard for sets that wouldn't
actually change value, and make sure we always reset the timer.

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (228475 => 228476)


--- trunk/Source/WebCore/ChangeLog	2018-02-14 19:27:15 UTC (rev 228475)
+++ trunk/Source/WebCore/ChangeLog	2018-02-14 19:34:35 UTC (rev 228476)
@@ -1,3 +1,20 @@
+2018-02-14  Dean Jackson  <d...@apple.com>
+
+        CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot + 618
+        https://bugs.webkit.org/show_bug.cgi?id=182798
+        <rdar://problem/23337253>
+
+        Reviewed by Eric Carlson.
+
+        Speculative fix for a crash in HTMLPlugInImageElement::didAddUserAgentShadowRoot.
+        The guess is that the m_swapRendererTimer is set, and the display state changes to
+        something that does not require a shadow root, but before the timer fires.
+        Fix this by ensuring that the timer is reset on every display state change.
+
+        * html/HTMLPlugInElement.cpp:
+        (WebCore::HTMLPlugInElement::setDisplayState): Guard for sets that wouldn't
+        actually change value, and make sure we always reset the timer.
+
 2018-02-14  Antoine Quint  <grao...@apple.com>
 
         [Modern Media Controls] Don't use arrays as values for localisable strings

Modified: trunk/Source/WebCore/html/HTMLPlugInElement.cpp (228475 => 228476)


--- trunk/Source/WebCore/html/HTMLPlugInElement.cpp	2018-02-14 19:27:15 UTC (rev 228475)
+++ trunk/Source/WebCore/html/HTMLPlugInElement.cpp	2018-02-14 19:34:35 UTC (rev 228476)
@@ -286,9 +286,13 @@
 
 void HTMLPlugInElement::setDisplayState(DisplayState state)
 {
+    if (state == m_displayState)
+        return;
+
     m_displayState = state;
     
-    if ((state == DisplayingSnapshot || displayState() == PreparingPluginReplacement) && !m_swapRendererTimer.isActive())
+    m_swapRendererTimer.stop();
+    if (state == DisplayingSnapshot || displayState() == PreparingPluginReplacement)
         m_swapRendererTimer.startOneShot(0_s);
 }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to