[webkit-changes] [228764] releases/WebKitGTK/webkit-2.20/Source/WebCore

Tue, 20 Feb 2018 01:34:30 -0800

Title: [228764] releases/WebKitGTK/webkit-2.20/Source/WebCore
Revision
228764
Author
carlo...@webkit.org
Date
2018-02-20 01:33:40 -0800 (Tue, 20 Feb 2018)

Log Message

Merge r228476 - CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot + 618
https://bugs.webkit.org/show_bug.cgi?id=182798
<rdar://problem/23337253>

Reviewed by Eric Carlson.

Speculative fix for a crash in HTMLPlugInImageElement::didAddUserAgentShadowRoot.
The guess is that the m_swapRendererTimer is set, and the display state changes to
something that does not require a shadow root, but before the timer fires.
Fix this by ensuring that the timer is reset on every display state change.

* html/HTMLPlugInElement.cpp:
(WebCore::HTMLPlugInElement::setDisplayState): Guard for sets that wouldn't
actually change value, and make sure we always reset the timer.

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog (228763 => 228764)


--- releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog	2018-02-20 09:33:35 UTC (rev 228763)
+++ releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog	2018-02-20 09:33:40 UTC (rev 228764)
@@ -1,3 +1,20 @@
+2018-02-14  Dean Jackson  <d...@apple.com>
+
+        CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot + 618
+        https://bugs.webkit.org/show_bug.cgi?id=182798
+        <rdar://problem/23337253>
+
+        Reviewed by Eric Carlson.
+
+        Speculative fix for a crash in HTMLPlugInImageElement::didAddUserAgentShadowRoot.
+        The guess is that the m_swapRendererTimer is set, and the display state changes to
+        something that does not require a shadow root, but before the timer fires.
+        Fix this by ensuring that the timer is reset on every display state change.
+
+        * html/HTMLPlugInElement.cpp:
+        (WebCore::HTMLPlugInElement::setDisplayState): Guard for sets that wouldn't
+        actually change value, and make sure we always reset the timer.
+
 2018-02-14  Brent Fulgham  <bfulg...@apple.com>
 
         Confirm proper thread in UserGestureIndicator constructor

Modified: releases/WebKitGTK/webkit-2.20/Source/WebCore/html/HTMLPlugInElement.cpp (228763 => 228764)


--- releases/WebKitGTK/webkit-2.20/Source/WebCore/html/HTMLPlugInElement.cpp	2018-02-20 09:33:35 UTC (rev 228763)
+++ releases/WebKitGTK/webkit-2.20/Source/WebCore/html/HTMLPlugInElement.cpp	2018-02-20 09:33:40 UTC (rev 228764)
@@ -286,9 +286,13 @@
 
 void HTMLPlugInElement::setDisplayState(DisplayState state)
 {
+    if (state == m_displayState)
+        return;
+
     m_displayState = state;
     
-    if ((state == DisplayingSnapshot || displayState() == PreparingPluginReplacement) && !m_swapRendererTimer.isActive())
+    m_swapRendererTimer.stop();
+    if (state == DisplayingSnapshot || displayState() == PreparingPluginReplacement)
         m_swapRendererTimer.startOneShot(0_s);
 }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to