Title: [128200] trunk/Source/WebKit/blackberry
- Revision
- 128200
- Author
- [email protected]
- Date
- 2012-09-11 10:21:03 -0700 (Tue, 11 Sep 2012)
Log Message
[BlackBerry] InRegion scrollable area dangling pointers were accessed in UI thread
https://bugs.webkit.org/show_bug.cgi?id=96318
Reviewed by Antonio Gomes.
Patch by Jacky Jiang <[email protected]>
PR: 204066
Dangling pointers were accessed in UI thread, as the actual InRegion
scrollable areas of WebKit side had been destroyed before that in
WebKit thread after UI thread set scrolling to false.
Notify the client side to clear InRegion scrollable areas before we
destroy them in WebKit side.
Internally reviewed by Gen Mak and George Staikos.
* Api/WebPage.cpp:
(BlackBerry::WebKit::WebPagePrivate::notifyInRegionScrollStopped):
(BlackBerry::WebKit::WebPagePrivate::setScrollOriginPoint):
* Api/WebPageClient.h:
Modified Paths
Diff
Modified: trunk/Source/WebKit/blackberry/Api/WebPage.cpp (128199 => 128200)
--- trunk/Source/WebKit/blackberry/Api/WebPage.cpp 2012-09-11 16:59:08 UTC (rev 128199)
+++ trunk/Source/WebKit/blackberry/Api/WebPage.cpp 2012-09-11 17:21:03 UTC (rev 128200)
@@ -1486,6 +1486,9 @@
{
if (m_inRegionScroller->d->isActive()) {
enqueueRenderingOfClippedContentOfScrollableAreaAfterInRegionScrolling();
+ // Notify the client side to clear InRegion scrollable areas before we destroy them here.
+ std::vector<Platform::ScrollViewBase*> emptyInRegionScrollableAreas;
+ m_client->notifyInRegionScrollableAreasChanged(emptyInRegionScrollableAreas);
m_inRegionScroller->d->reset();
}
}
@@ -4156,7 +4159,7 @@
m_inRegionScroller->d->calculateInRegionScrollableAreasForPoint(point);
if (!m_inRegionScroller->d->activeInRegionScrollableAreas().empty())
- m_client->notifyInRegionScrollingStartingPointChanged(m_inRegionScroller->d->activeInRegionScrollableAreas());
+ m_client->notifyInRegionScrollableAreasChanged(m_inRegionScroller->d->activeInRegionScrollableAreas());
}
void WebPage::setScrollOriginPoint(const Platform::IntPoint& point)
Modified: trunk/Source/WebKit/blackberry/Api/WebPageClient.h (128199 => 128200)
--- trunk/Source/WebKit/blackberry/Api/WebPageClient.h 2012-09-11 16:59:08 UTC (rev 128199)
+++ trunk/Source/WebKit/blackberry/Api/WebPageClient.h 2012-09-11 17:21:03 UTC (rev 128200)
@@ -101,7 +101,7 @@
virtual void notifyRunLayoutTestsFinished() = 0;
- virtual void notifyInRegionScrollingStartingPointChanged(const std::vector<Platform::ScrollViewBase*>&) = 0;
+ virtual void notifyInRegionScrollableAreasChanged(const std::vector<Platform::ScrollViewBase*>&) = 0;
virtual void notifyNoMouseMoveOrTouchMoveHandlers() = 0;
virtual void notifyDocumentOnLoad(bool) = 0;
Modified: trunk/Source/WebKit/blackberry/ChangeLog (128199 => 128200)
--- trunk/Source/WebKit/blackberry/ChangeLog 2012-09-11 16:59:08 UTC (rev 128199)
+++ trunk/Source/WebKit/blackberry/ChangeLog 2012-09-11 17:21:03 UTC (rev 128200)
@@ -1,3 +1,24 @@
+2012-09-11 Jacky Jiang <[email protected]>
+
+ [BlackBerry] InRegion scrollable area dangling pointers were accessed in UI thread
+ https://bugs.webkit.org/show_bug.cgi?id=96318
+
+ Reviewed by Antonio Gomes.
+
+ PR: 204066
+ Dangling pointers were accessed in UI thread, as the actual InRegion
+ scrollable areas of WebKit side had been destroyed before that in
+ WebKit thread after UI thread set scrolling to false.
+ Notify the client side to clear InRegion scrollable areas before we
+ destroy them in WebKit side.
+
+ Internally reviewed by Gen Mak and George Staikos.
+
+ * Api/WebPage.cpp:
+ (BlackBerry::WebKit::WebPagePrivate::notifyInRegionScrollStopped):
+ (BlackBerry::WebKit::WebPagePrivate::setScrollOriginPoint):
+ * Api/WebPageClient.h:
+
2012-09-11 Mike Fenton <[email protected]>
[BlackBerry] Suppress keyboard requests while processing spell checking suggestions.
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
