Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 7badad9c6f475813cd253f101cc37c8637d7f6d3
https://github.com/WebKit/WebKit/commit/7badad9c6f475813cd253f101cc37c8637d7f6d3
Author: Vitor Roriz <[email protected]>
Date: 2023-06-20 (Tue, 20 Jun 2023)
Changed paths:
M
Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp
Log Message:
-----------
Fix crash: deleting RemoteLayerTreeEventDispatcherDisplayLinkClient
https://bugs.webkit.org/show_bug.cgi?id=258133
rdar://109463023
Reviewed by Simon Fraser.
*
Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:
(WebKit::RemoteLayerTreeEventDispatcher::invalidate):
RemoteLayerTreeEventDispatcherDisplayLinkClient inherits indirectly from
CanMakeCheckedPtrBase. This means that for deleting a object of this type
we should first delete any CheckRef objects pointing to it.
At RemoteLayerTreeEventDispatcher::invalidate we currently call
stopDisplayLinkObserver() to remove the associated observer of
DisplayLink::Client. If that Client has no more observers, we remove
the CheckRef for this client from DisplayLink's m_client's map (See
removeInfoForClientIfUnused()).
The problem is, since we want to delete m_displayClient at the end of
invalidate() we have to make sure that the associated CheckRef gets removed
from the map, independently of how many observers it still has.
Therefore, instead of removing just the single associated observer,
we can remove the reference for the client from DisplayLink.
Canonical link: https://commits.webkit.org/265322@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
