Title: [248246] releases/WebKitGTK/webkit-2.24/Source/WebCore
- Revision
- 248246
- Author
- [email protected]
- Date
- 2019-08-03 20:23:48 -0700 (Sat, 03 Aug 2019)
Log Message
Merge r247121 - The destructor of CSSAnimationControllerPrivate must explicitly clear the composite animations
https://bugs.webkit.org/show_bug.cgi?id=199415
Reviewed by Simon Fraser.
After the destructor of CSSAnimationControllerPrivate exists, the non
static members are deleted. When the HashMap m_compositeAnimations is
deleted, its entries are deleted. The destructor of CompositeAnimation
calls the method CSSAnimationControllerPrivate::animationWillBeRemoved()
back through its back reference m_animationController. The non static
members of CSSAnimationControllerPrivate are being deleted and it is
incorrect to try to use any of these members after exiting the destructor.
We need to explicitly clear the composite animations before exiting the
destructor of CSSAnimationControllerPrivate.
* page/animation/CSSAnimationController.cpp:
(WebCore::CSSAnimationControllerPrivate::~CSSAnimationControllerPrivate):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.24/Source/WebCore/ChangeLog (248245 => 248246)
--- releases/WebKitGTK/webkit-2.24/Source/WebCore/ChangeLog 2019-08-04 03:23:46 UTC (rev 248245)
+++ releases/WebKitGTK/webkit-2.24/Source/WebCore/ChangeLog 2019-08-04 03:23:48 UTC (rev 248246)
@@ -1,3 +1,24 @@
+2019-07-03 Said Abou-Hallawa <[email protected]>
+
+ The destructor of CSSAnimationControllerPrivate must explicitly clear the composite animations
+ https://bugs.webkit.org/show_bug.cgi?id=199415
+
+ Reviewed by Simon Fraser.
+
+ After the destructor of CSSAnimationControllerPrivate exists, the non
+ static members are deleted. When the HashMap m_compositeAnimations is
+ deleted, its entries are deleted. The destructor of CompositeAnimation
+ calls the method CSSAnimationControllerPrivate::animationWillBeRemoved()
+ back through its back reference m_animationController. The non static
+ members of CSSAnimationControllerPrivate are being deleted and it is
+ incorrect to try to use any of these members after exiting the destructor.
+
+ We need to explicitly clear the composite animations before exiting the
+ destructor of CSSAnimationControllerPrivate.
+
+ * page/animation/CSSAnimationController.cpp:
+ (WebCore::CSSAnimationControllerPrivate::~CSSAnimationControllerPrivate):
+
2019-07-01 Chris Dumez <[email protected]>
It should not be possible to trigger a load while in the middle of restoring a page in PageCache
Modified: releases/WebKitGTK/webkit-2.24/Source/WebCore/page/animation/CSSAnimationController.cpp (248245 => 248246)
--- releases/WebKitGTK/webkit-2.24/Source/WebCore/page/animation/CSSAnimationController.cpp 2019-08-04 03:23:46 UTC (rev 248245)
+++ releases/WebKitGTK/webkit-2.24/Source/WebCore/page/animation/CSSAnimationController.cpp 2019-08-04 03:23:48 UTC (rev 248246)
@@ -78,7 +78,12 @@
{
}
-CSSAnimationControllerPrivate::~CSSAnimationControllerPrivate() = default;
+CSSAnimationControllerPrivate::~CSSAnimationControllerPrivate()
+{
+ // We need to explicitly clear the composite animations here because the
+ // destructor of CompositeAnimation will call members of this class back.
+ m_compositeAnimations.clear();
+}
CompositeAnimation& CSSAnimationControllerPrivate::ensureCompositeAnimation(Element& element)
{
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
