Diff
Modified: trunk/Source/WebKit2/ChangeLog (217551 => 217552)
--- trunk/Source/WebKit2/ChangeLog 2017-05-30 13:02:47 UTC (rev 217551)
+++ trunk/Source/WebKit2/ChangeLog 2017-05-30 14:02:48 UTC (rev 217552)
@@ -1,3 +1,35 @@
+2017-05-30 Antti Koivisto <[email protected]>
+
+ REGRESSION(r191402?): Safari, Mail crash at com.apple.WebKit: WebKit::WebContextMenuListenerProxy::invalidate + 4
+ https://bugs.webkit.org/show_bug.cgi?id=172704
+
+ Reviewed by Andreas Kling.
+
+ r191402 made WebContextMenuProxy non-refcounted. However there are several potential ways for WebContextMenuProxyMac::show()
+ to re-enter WebPageProxy and delete itself. This patch partially reverts r191402 bringing refcounting back and protects
+ WebContextMenuProxy during show().
+
+ Speculative fix. No test, can't repro the crash.
+
+ * UIProcess/PageClient.h:
+ * UIProcess/WebContextMenuProxy.h:
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::internalShowContextMenu):
+
+ Protect WebContextMenuProxy during show().
+
+ * UIProcess/WebPageProxy.h:
+ * UIProcess/gtk/WebContextMenuProxyGtk.h:
+ (WebKit::WebContextMenuProxyGtk::create):
+ * UIProcess/ios/PageClientImplIOS.h:
+ * UIProcess/ios/PageClientImplIOS.mm:
+ (WebKit::PageClientImpl::createContextMenuProxy):
+ * UIProcess/mac/PageClientImpl.h:
+ * UIProcess/mac/PageClientImpl.mm:
+ (WebKit::PageClientImpl::createContextMenuProxy):
+ * UIProcess/mac/WebContextMenuProxyMac.h:
+ (WebKit::WebContextMenuProxyMac::create):
+
2017-05-30 Zan Dobersek <[email protected]>
Invalidate the LayerTreeHost when destroying the DrawingAreaWPE object.
Modified: trunk/Source/WebKit2/UIProcess/API/gtk/PageClientImpl.cpp (217551 => 217552)
--- trunk/Source/WebKit2/UIProcess/API/gtk/PageClientImpl.cpp 2017-05-30 13:02:47 UTC (rev 217551)
+++ trunk/Source/WebKit2/UIProcess/API/gtk/PageClientImpl.cpp 2017-05-30 14:02:48 UTC (rev 217552)
@@ -209,9 +209,9 @@
return WebPopupMenuProxyGtk::create(m_viewWidget, page);
}
-std::unique_ptr<WebContextMenuProxy> PageClientImpl::createContextMenuProxy(WebPageProxy& page, const ContextMenuContextData& context, const UserData& userData)
+RefPtr<WebContextMenuProxy> PageClientImpl::createContextMenuProxy(WebPageProxy& page, const ContextMenuContextData& context, const UserData& userData)
{
- return std::make_unique<WebContextMenuProxyGtk>(m_viewWidget, page, context, userData);
+ return WebContextMenuProxyGtk::create(m_viewWidget, page, context, userData);
}
RefPtr<WebColorPicker> PageClientImpl::createColorPicker(WebPageProxy* page, const WebCore::Color& color, const WebCore::IntRect& rect)
Modified: trunk/Source/WebKit2/UIProcess/API/gtk/PageClientImpl.h (217551 => 217552)
--- trunk/Source/WebKit2/UIProcess/API/gtk/PageClientImpl.h 2017-05-30 13:02:47 UTC (rev 217551)
+++ trunk/Source/WebKit2/UIProcess/API/gtk/PageClientImpl.h 2017-05-30 14:02:48 UTC (rev 217552)
@@ -81,7 +81,7 @@
WebCore::IntRect rootViewToScreen(const WebCore::IntRect&) override;
void doneWithKeyEvent(const NativeWebKeyboardEvent&, bool wasEventHandled) override;
RefPtr<WebPopupMenuProxy> createPopupMenuProxy(WebPageProxy&) override;
- std::unique_ptr<WebContextMenuProxy> createContextMenuProxy(WebPageProxy&, const ContextMenuContextData&, const UserData&) override;
+ RefPtr<WebContextMenuProxy> createContextMenuProxy(WebPageProxy&, const ContextMenuContextData&, const UserData&) override;
#if ENABLE(INPUT_TYPE_COLOR)
RefPtr<WebColorPicker> createColorPicker(WebPageProxy*, const WebCore::Color& intialColor, const WebCore::IntRect&) override;
#endif
Modified: trunk/Source/WebKit2/UIProcess/API/wpe/PageClientImpl.cpp (217551 => 217552)
--- trunk/Source/WebKit2/UIProcess/API/wpe/PageClientImpl.cpp 2017-05-30 13:02:47 UTC (rev 217551)
+++ trunk/Source/WebKit2/UIProcess/API/wpe/PageClientImpl.cpp 2017-05-30 14:02:48 UTC (rev 217552)
@@ -228,7 +228,7 @@
}
#if ENABLE(CONTEXT_MENUS)
-std::unique_ptr<WebContextMenuProxy> PageClientImpl::createContextMenuProxy(WebPageProxy&, const ContextMenuContextData&, const UserData&)
+RefPtr<WebContextMenuProxy> PageClientImpl::createContextMenuProxy(WebPageProxy&, const ContextMenuContextData&, const UserData&)
{
return nullptr;
}
Modified: trunk/Source/WebKit2/UIProcess/API/wpe/PageClientImpl.h (217551 => 217552)
--- trunk/Source/WebKit2/UIProcess/API/wpe/PageClientImpl.h 2017-05-30 13:02:47 UTC (rev 217551)
+++ trunk/Source/WebKit2/UIProcess/API/wpe/PageClientImpl.h 2017-05-30 14:02:48 UTC (rev 217552)
@@ -83,7 +83,7 @@
RefPtr<WebPopupMenuProxy> createPopupMenuProxy(WebPageProxy&) override;
#if ENABLE(CONTEXT_MENUS)
- std::unique_ptr<WebContextMenuProxy> createContextMenuProxy(WebPageProxy&, const ContextMenuContextData&, const UserData&) override;
+ RefPtr<WebContextMenuProxy> createContextMenuProxy(WebPageProxy&, const ContextMenuContextData&, const UserData&) override;
#endif
void enterAcceleratedCompositingMode(const LayerTreeContext&) override;
Modified: trunk/Source/WebKit2/UIProcess/PageClient.h (217551 => 217552)
--- trunk/Source/WebKit2/UIProcess/PageClient.h 2017-05-30 13:02:47 UTC (rev 217551)
+++ trunk/Source/WebKit2/UIProcess/PageClient.h 2017-05-30 14:02:48 UTC (rev 217552)
@@ -218,7 +218,7 @@
virtual RefPtr<WebPopupMenuProxy> createPopupMenuProxy(WebPageProxy&) = 0;
#if ENABLE(CONTEXT_MENUS)
- virtual std::unique_ptr<WebContextMenuProxy> createContextMenuProxy(WebPageProxy&, const ContextMenuContextData&, const UserData&) = 0;
+ virtual RefPtr<WebContextMenuProxy> createContextMenuProxy(WebPageProxy&, const ContextMenuContextData&, const UserData&) = 0;
#endif
#if ENABLE(INPUT_TYPE_COLOR)
Modified: trunk/Source/WebKit2/UIProcess/WebContextMenuProxy.h (217551 => 217552)
--- trunk/Source/WebKit2/UIProcess/WebContextMenuProxy.h 2017-05-30 13:02:47 UTC (rev 217551)
+++ trunk/Source/WebKit2/UIProcess/WebContextMenuProxy.h 2017-05-30 14:02:48 UTC (rev 217552)
@@ -23,8 +23,7 @@
* THE POSSIBILITY OF SUCH DAMAGE.
*/
-#ifndef WebContextMenuProxy_h
-#define WebContextMenuProxy_h
+#pragma once
#if ENABLE(CONTEXT_MENUS)
@@ -36,7 +35,7 @@
class WebContextMenuItem;
-class WebContextMenuProxy {
+class WebContextMenuProxy : public RefCounted<WebContextMenuProxy> {
public:
virtual ~WebContextMenuProxy();
@@ -54,5 +53,3 @@
} // namespace WebKit
#endif
-
-#endif // WebPopupMenuProxy_h
Modified: trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp (217551 => 217552)
--- trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp 2017-05-30 13:02:47 UTC (rev 217551)
+++ trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp 2017-05-30 14:02:48 UTC (rev 217552)
@@ -4594,6 +4594,8 @@
// Since showContextMenu() can spin a nested run loop we need to turn off the responsiveness timer.
m_process->responsivenessTimer().stop();
+ // m_activeContextMenu might get cleared if WebPageProxy code is re-entered from the menu runloop or delegates.
+ Ref<WebContextMenuProxy> protector(*m_activeContextMenu);
m_activeContextMenu->show();
}
Modified: trunk/Source/WebKit2/UIProcess/WebPageProxy.h (217551 => 217552)
--- trunk/Source/WebKit2/UIProcess/WebPageProxy.h 2017-05-30 13:02:47 UTC (rev 217551)
+++ trunk/Source/WebKit2/UIProcess/WebPageProxy.h 2017-05-30 14:02:48 UTC (rev 217552)
@@ -1685,7 +1685,7 @@
RefPtr<WebPopupMenuProxy> m_activePopupMenu;
#if ENABLE(CONTEXT_MENUS)
- std::unique_ptr<WebContextMenuProxy> m_activeContextMenu;
+ RefPtr<WebContextMenuProxy> m_activeContextMenu;
ContextMenuContextData m_activeContextMenuContextData;
#endif
RefPtr<API::HitTestResult> m_lastMouseMoveHitTestResult;
Modified: trunk/Source/WebKit2/UIProcess/gtk/WebContextMenuProxyGtk.h (217551 => 217552)
--- trunk/Source/WebKit2/UIProcess/gtk/WebContextMenuProxyGtk.h 2017-05-30 13:02:47 UTC (rev 217551)
+++ trunk/Source/WebKit2/UIProcess/gtk/WebContextMenuProxyGtk.h 2017-05-30 14:02:48 UTC (rev 217552)
@@ -44,7 +44,10 @@
class WebContextMenuProxyGtk : public WebContextMenuProxy {
public:
- WebContextMenuProxyGtk(GtkWidget*, WebPageProxy&, const ContextMenuContextData&, const UserData&);
+ static auto create(GtkWidget* widget, WebPageProxy& page, const ContextMenuContextData& context, const UserData& userData)
+ {
+ return adoptRef(*new WebContextMenuProxyGtk(widget, page, context, userData));
+ }
~WebContextMenuProxyGtk();
void populate(const Vector<WebContextMenuItemGtk>&);
@@ -51,6 +54,7 @@
GtkMenu* gtkMenu() const { return m_menu; }
private:
+ WebContextMenuProxyGtk(GtkWidget*, WebPageProxy&, const ContextMenuContextData&, const UserData&);
void show() override;
void showContextMenuWithItems(const Vector<WebContextMenuItemData>&) override;
void append(GMenu*, const WebContextMenuItemGtk&);
Modified: trunk/Source/WebKit2/UIProcess/ios/PageClientImplIOS.h (217551 => 217552)
--- trunk/Source/WebKit2/UIProcess/ios/PageClientImplIOS.h 2017-05-30 13:02:47 UTC (rev 217551)
+++ trunk/Source/WebKit2/UIProcess/ios/PageClientImplIOS.h 2017-05-30 14:02:48 UTC (rev 217552)
@@ -96,7 +96,7 @@
#endif
RefPtr<WebPopupMenuProxy> createPopupMenuProxy(WebPageProxy&) override;
#if ENABLE(CONTEXT_MENUS)
- std::unique_ptr<WebContextMenuProxy> createContextMenuProxy(WebPageProxy&, const ContextMenuContextData&, const UserData&) override;
+ RefPtr<WebContextMenuProxy> createContextMenuProxy(WebPageProxy&, const ContextMenuContextData&, const UserData&) override;
#endif
Ref<WebCore::ValidationBubble> createValidationBubble(const String& message, const WebCore::ValidationBubble::Settings&) final;
Modified: trunk/Source/WebKit2/UIProcess/ios/PageClientImplIOS.mm (217551 => 217552)
--- trunk/Source/WebKit2/UIProcess/ios/PageClientImplIOS.mm 2017-05-30 13:02:47 UTC (rev 217551)
+++ trunk/Source/WebKit2/UIProcess/ios/PageClientImplIOS.mm 2017-05-30 14:02:48 UTC (rev 217552)
@@ -451,7 +451,7 @@
}
#if ENABLE(CONTEXT_MENUS)
-std::unique_ptr<WebContextMenuProxy> PageClientImpl::createContextMenuProxy(WebPageProxy&, const UserData&)
+RefPtr<WebContextMenuProxy> PageClientImpl::createContextMenuProxy(WebPageProxy&, const UserData&)
{
return nullptr;
}
Modified: trunk/Source/WebKit2/UIProcess/mac/PageClientImpl.h (217551 => 217552)
--- trunk/Source/WebKit2/UIProcess/mac/PageClientImpl.h 2017-05-30 13:02:47 UTC (rev 217551)
+++ trunk/Source/WebKit2/UIProcess/mac/PageClientImpl.h 2017-05-30 14:02:48 UTC (rev 217552)
@@ -125,7 +125,7 @@
RefPtr<WebPopupMenuProxy> createPopupMenuProxy(WebPageProxy&) override;
#if ENABLE(CONTEXT_MENUS)
- std::unique_ptr<WebContextMenuProxy> createContextMenuProxy(WebPageProxy&, const ContextMenuContextData&, const UserData&) override;
+ RefPtr<WebContextMenuProxy> createContextMenuProxy(WebPageProxy&, const ContextMenuContextData&, const UserData&) override;
#endif
#if ENABLE(INPUT_TYPE_COLOR)
Modified: trunk/Source/WebKit2/UIProcess/mac/PageClientImpl.mm (217551 => 217552)
--- trunk/Source/WebKit2/UIProcess/mac/PageClientImpl.mm 2017-05-30 13:02:47 UTC (rev 217551)
+++ trunk/Source/WebKit2/UIProcess/mac/PageClientImpl.mm 2017-05-30 14:02:48 UTC (rev 217552)
@@ -435,9 +435,9 @@
}
#if ENABLE(CONTEXT_MENUS)
-std::unique_ptr<WebContextMenuProxy> PageClientImpl::createContextMenuProxy(WebPageProxy& page, const ContextMenuContextData& context, const UserData& userData)
+RefPtr<WebContextMenuProxy> PageClientImpl::createContextMenuProxy(WebPageProxy& page, const ContextMenuContextData& context, const UserData& userData)
{
- return std::make_unique<WebContextMenuProxyMac>(m_view, page, context, userData);
+ return WebContextMenuProxyMac::create(m_view, page, context, userData);
}
#endif
Modified: trunk/Source/WebKit2/UIProcess/mac/WebContextMenuProxyMac.h (217551 => 217552)
--- trunk/Source/WebKit2/UIProcess/mac/WebContextMenuProxyMac.h 2017-05-30 13:02:47 UTC (rev 217551)
+++ trunk/Source/WebKit2/UIProcess/mac/WebContextMenuProxyMac.h 2017-05-30 14:02:48 UTC (rev 217552)
@@ -23,8 +23,7 @@
* THE POSSIBILITY OF SUCH DAMAGE.
*/
-#ifndef WebContextMenuProxyMac_h
-#define WebContextMenuProxyMac_h
+#pragma once
#if PLATFORM(MAC)
@@ -48,7 +47,10 @@
class WebContextMenuProxyMac : public WebContextMenuProxy {
public:
- WebContextMenuProxyMac(NSView*, WebPageProxy&, const ContextMenuContextData&, const UserData&);
+ static auto create(NSView* view, WebPageProxy& page, const ContextMenuContextData& context, const UserData& userData)
+ {
+ return adoptRef(*new WebContextMenuProxyMac(view, page, context, userData));
+ }
~WebContextMenuProxyMac();
void contextMenuItemSelected(const WebContextMenuItemData&);
@@ -62,6 +64,7 @@
NSWindow *window() const;
private:
+ WebContextMenuProxyMac(NSView*, WebPageProxy&, const ContextMenuContextData&, const UserData&);
void show() override;
RefPtr<WebContextMenuListenerProxy> m_contextMenuListener;
@@ -84,5 +87,3 @@
} // namespace WebKit
#endif // PLATFORM(MAC)
-
-#endif // WebContextMenuProxyMac_h
