[webkit-changes] [293286] trunk/Source/WebCore

[simon . fraser]

Title: [293286] trunk/Source/WebCore

Revision

293286

Author

simon.fra...@apple.com

Date

2022-04-22 21:40:17 -0700 (Fri, 22 Apr 2022)

Log Message

Crash under AsyncScrollingCoordinator::scrollingThreadAddedPendingUpdate()
https://bugs.webkit.org/show_bug.cgi?id=239683
<rdar://92198272>

Reviewed by Alan Bujtas.

Crash data suggest that m_page can be null in
AsyncScrollingCoordinator::scheduleRenderingUpdate(), which does seem possible because
scheduleRenderingUpdate() is a dispatch from the scrolling thread, and
ScrollingCoordinator::pageDestroyed() may have run before it runs.

* page/scrolling/AsyncScrollingCoordinator.cpp:
(WebCore::AsyncScrollingCoordinator::scheduleRenderingUpdate):

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/page/scrolling/AsyncScrollingCoordinator.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (293285 => 293286)

--- trunk/Source/WebCore/ChangeLog	2022-04-23 04:21:25 UTC (rev 293285)
+++ trunk/Source/WebCore/ChangeLog	2022-04-23 04:40:17 UTC (rev 293286)
@@ -1,3 +1,19 @@
+2022-04-22  Simon Fraser  <simon.fra...@apple.com>
+
+        Crash under AsyncScrollingCoordinator::scrollingThreadAddedPendingUpdate()
+        https://bugs.webkit.org/show_bug.cgi?id=239683
+        <rdar://92198272>
+
+        Reviewed by Alan Bujtas.
+
+        Crash data suggest that m_page can be null in
+        AsyncScrollingCoordinator::scheduleRenderingUpdate(), which does seem possible because
+        scheduleRenderingUpdate() is a dispatch from the scrolling thread, and
+        ScrollingCoordinator::pageDestroyed() may have run before it runs.
+
+        * page/scrolling/AsyncScrollingCoordinator.cpp:
+        (WebCore::AsyncScrollingCoordinator::scheduleRenderingUpdate):
+
 2022-04-22  Chris Dumez  <cdu...@apple.com>
 
         Move global AtomStrings to a common header to promote reuse

Modified: trunk/Source/WebCore/page/scrolling/AsyncScrollingCoordinator.cpp (293285 => 293286)

--- trunk/Source/WebCore/page/scrolling/AsyncScrollingCoordinator.cpp	2022-04-23 04:21:25 UTC (rev 293285)
+++ trunk/Source/WebCore/page/scrolling/AsyncScrollingCoordinator.cpp	2022-04-23 04:40:17 UTC (rev 293286)
@@ -373,7 +373,8 @@
 
 void AsyncScrollingCoordinator::scheduleRenderingUpdate()
 {
-    m_page->scheduleRenderingUpdate(RenderingUpdateStep::ScrollingTreeUpdate);
+    if (m_page)
+        m_page->scheduleRenderingUpdate(RenderingUpdateStep::ScrollingTreeUpdate);
 }
 
 FrameView* AsyncScrollingCoordinator::frameViewForScrollingNode(ScrollingNodeID scrollingNodeID) const

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes