Title: [228506] branches/safari-605-branch/Source/WebCore
- Revision
- 228506
- Author
- [email protected]
- Date
- 2018-02-14 23:48:14 -0800 (Wed, 14 Feb 2018)
Log Message
Cherry-pick r228476. rdar://problem/37549893
Modified Paths
Diff
Modified: branches/safari-605-branch/Source/WebCore/ChangeLog (228505 => 228506)
--- branches/safari-605-branch/Source/WebCore/ChangeLog 2018-02-15 07:48:13 UTC (rev 228505)
+++ branches/safari-605-branch/Source/WebCore/ChangeLog 2018-02-15 07:48:14 UTC (rev 228506)
@@ -1,5 +1,26 @@
2018-02-14 Jason Marcell <[email protected]>
+ Cherry-pick r228476. rdar://problem/37549893
+
+ 2018-02-14 Dean Jackson <[email protected]>
+
+ CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot + 618
+ https://bugs.webkit.org/show_bug.cgi?id=182798
+ <rdar://problem/23337253>
+
+ Reviewed by Eric Carlson.
+
+ Speculative fix for a crash in HTMLPlugInImageElement::didAddUserAgentShadowRoot.
+ The guess is that the m_swapRendererTimer is set, and the display state changes to
+ something that does not require a shadow root, but before the timer fires.
+ Fix this by ensuring that the timer is reset on every display state change.
+
+ * html/HTMLPlugInElement.cpp:
+ (WebCore::HTMLPlugInElement::setDisplayState): Guard for sets that wouldn't
+ actually change value, and make sure we always reset the timer.
+
+2018-02-14 Jason Marcell <[email protected]>
+
Cherry-pick r228471. rdar://problem/37559829
2018-02-14 Antoine Quint <[email protected]>
Modified: branches/safari-605-branch/Source/WebCore/html/HTMLPlugInElement.cpp (228505 => 228506)
--- branches/safari-605-branch/Source/WebCore/html/HTMLPlugInElement.cpp 2018-02-15 07:48:13 UTC (rev 228505)
+++ branches/safari-605-branch/Source/WebCore/html/HTMLPlugInElement.cpp 2018-02-15 07:48:14 UTC (rev 228506)
@@ -286,9 +286,13 @@
void HTMLPlugInElement::setDisplayState(DisplayState state)
{
+ if (state == m_displayState)
+ return;
+
m_displayState = state;
- if ((state == DisplayingSnapshot || displayState() == PreparingPluginReplacement) && !m_swapRendererTimer.isActive())
+ m_swapRendererTimer.stop();
+ if (state == DisplayingSnapshot || displayState() == PreparingPluginReplacement)
m_swapRendererTimer.startOneShot(0_s);
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
