Title: [228476] trunk/Source/WebCore
- Revision
- 228476
- Author
- d...@apple.com
- Date
- 2018-02-14 11:34:35 -0800 (Wed, 14 Feb 2018)
Log Message
CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot + 618
https://bugs.webkit.org/show_bug.cgi?id=182798
<rdar://problem/23337253>
Reviewed by Eric Carlson.
Speculative fix for a crash in HTMLPlugInImageElement::didAddUserAgentShadowRoot.
The guess is that the m_swapRendererTimer is set, and the display state changes to
something that does not require a shadow root, but before the timer fires.
Fix this by ensuring that the timer is reset on every display state change.
* html/HTMLPlugInElement.cpp:
(WebCore::HTMLPlugInElement::setDisplayState): Guard for sets that wouldn't
actually change value, and make sure we always reset the timer.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (228475 => 228476)
--- trunk/Source/WebCore/ChangeLog 2018-02-14 19:27:15 UTC (rev 228475)
+++ trunk/Source/WebCore/ChangeLog 2018-02-14 19:34:35 UTC (rev 228476)
@@ -1,3 +1,20 @@
+2018-02-14 Dean Jackson <d...@apple.com>
+
+ CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot + 618
+ https://bugs.webkit.org/show_bug.cgi?id=182798
+ <rdar://problem/23337253>
+
+ Reviewed by Eric Carlson.
+
+ Speculative fix for a crash in HTMLPlugInImageElement::didAddUserAgentShadowRoot.
+ The guess is that the m_swapRendererTimer is set, and the display state changes to
+ something that does not require a shadow root, but before the timer fires.
+ Fix this by ensuring that the timer is reset on every display state change.
+
+ * html/HTMLPlugInElement.cpp:
+ (WebCore::HTMLPlugInElement::setDisplayState): Guard for sets that wouldn't
+ actually change value, and make sure we always reset the timer.
+
2018-02-14 Antoine Quint <grao...@apple.com>
[Modern Media Controls] Don't use arrays as values for localisable strings
Modified: trunk/Source/WebCore/html/HTMLPlugInElement.cpp (228475 => 228476)
--- trunk/Source/WebCore/html/HTMLPlugInElement.cpp 2018-02-14 19:27:15 UTC (rev 228475)
+++ trunk/Source/WebCore/html/HTMLPlugInElement.cpp 2018-02-14 19:34:35 UTC (rev 228476)
@@ -286,9 +286,13 @@
void HTMLPlugInElement::setDisplayState(DisplayState state)
{
+ if (state == m_displayState)
+ return;
+
m_displayState = state;
- if ((state == DisplayingSnapshot || displayState() == PreparingPluginReplacement) && !m_swapRendererTimer.isActive())
+ m_swapRendererTimer.stop();
+ if (state == DisplayingSnapshot || displayState() == PreparingPluginReplacement)
m_swapRendererTimer.startOneShot(0_s);
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes