Title: [123649] trunk/Source/WebKit2
- Revision
- 123649
- Author
- [email protected]
- Date
- 2012-07-25 13:06:55 -0700 (Wed, 25 Jul 2012)
Log Message
Crash when a web page is closed with outstanding scrolling thread barriers
https://bugs.webkit.org/show_bug.cgi?id=92280
<rdar://problem/11630200>
Reviewed by Andreas Kling.
There was a check in forceRepaintAsync to handle the drawing area going away before the block had
been invoked, but this check needs to be done earlier (as the FIXME suggested).
Move this check to dispatchAfterEnsuringUpdatedScrollPosition instead.
* WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:
(WebKit::TiledCoreAnimationDrawingArea::forceRepaintAsync):
(WebKit::TiledCoreAnimationDrawingArea::dispatchAfterEnsuringUpdatedScrollPosition):
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (123648 => 123649)
--- trunk/Source/WebKit2/ChangeLog 2012-07-25 20:06:34 UTC (rev 123648)
+++ trunk/Source/WebKit2/ChangeLog 2012-07-25 20:06:55 UTC (rev 123649)
@@ -1,3 +1,19 @@
+2012-07-25 Anders Carlsson <[email protected]>
+
+ Crash when a web page is closed with outstanding scrolling thread barriers
+ https://bugs.webkit.org/show_bug.cgi?id=92280
+ <rdar://problem/11630200>
+
+ Reviewed by Andreas Kling.
+
+ There was a check in forceRepaintAsync to handle the drawing area going away before the block had
+ been invoked, but this check needs to be done earlier (as the FIXME suggested).
+ Move this check to dispatchAfterEnsuringUpdatedScrollPosition instead.
+
+ * WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:
+ (WebKit::TiledCoreAnimationDrawingArea::forceRepaintAsync):
+ (WebKit::TiledCoreAnimationDrawingArea::dispatchAfterEnsuringUpdatedScrollPosition):
+
2012-07-25 Alexey Proskuryakov <[email protected]>
Chinese IM receives incorrect/duplicated key events in text fields in webpages in Safari.
Modified: trunk/Source/WebKit2/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm (123648 => 123649)
--- trunk/Source/WebKit2/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm 2012-07-25 20:06:34 UTC (rev 123648)
+++ trunk/Source/WebKit2/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm 2012-07-25 20:06:55 UTC (rev 123649)
@@ -144,15 +144,9 @@
if (m_layerTreeStateIsFrozen)
return false;
- // FIXME: It is possible for the drawing area to be destroyed before the bound block
- // is invoked, so grab a reference to the web page here so we can access the drawing area through it.
- // (The web page is already kept alive by dispatchAfterEnsuringUpdatedScrollPosition).
- // A better fix would be to make sure that we keep the drawing area alive if there are outstanding calls.
- WebPage* webPage = m_webPage;
dispatchAfterEnsuringUpdatedScrollPosition(bind(^{
- if (DrawingArea* drawingArea = webPage->drawingArea())
- drawingArea->forceRepaint();
- webPage->send(Messages::WebPageProxy::VoidCallback(callbackID));
+ m_webPage->drawingArea()->forceRepaint();
+ m_webPage->send(Messages::WebPageProxy::VoidCallback(callbackID));
}));
return true;
}
@@ -230,13 +224,23 @@
m_layerFlushScheduler.suspend();
Function<void ()> function = functionRef;
+
+ // It is possible for the drawing area to be destroyed before the bound block
+ // is invoked, so grab a reference to the web page here so we can access the drawing area through it.
+ // (The web page is already kept alive by dispatchAfterEnsuringUpdatedScrollPosition).
+ WebPage* webPage = m_webPage;
+
ScrollingThread::dispatchBarrier(bind(^{
+ DrawingArea* drawingArea = webPage->drawingArea();
+ if (!drawingArea)
+ return;
+
function();
if (!m_layerTreeStateIsFrozen)
m_layerFlushScheduler.resume();
- m_webPage->deref();
+ webPage->deref();
}));
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
