Title: [152504] branches/safari-537-branch/Source/WebKit2
- Revision
- 152504
- Author
- [email protected]
- Date
- 2013-07-09 11:17:18 -0700 (Tue, 09 Jul 2013)
Log Message
Merged r152403. <rdar://problem/14155051>
Modified Paths
Diff
Modified: branches/safari-537-branch/Source/WebKit2/ChangeLog (152503 => 152504)
--- branches/safari-537-branch/Source/WebKit2/ChangeLog 2013-07-09 18:14:53 UTC (rev 152503)
+++ branches/safari-537-branch/Source/WebKit2/ChangeLog 2013-07-09 18:17:18 UTC (rev 152504)
@@ -1,5 +1,23 @@
2013-07-09 Lucas Forschler <[email protected]>
+ Merge r152403
+
+ 2013-07-04 Anders Carlsson <[email protected]>
+
+ Crash when createPluginInternal ends up destroying the plug-in
+ https://bugs.webkit.org/show_bug.cgi?id=118397
+ <rdar://problem/14155051>
+
+ Reviewed by Simon Fraser.
+
+ Keep the WebProcessConnection object alive while calling createPluginInternal and handle
+ the IPC connection going away.
+
+ * PluginProcess/WebProcessConnection.cpp:
+ (WebKit::WebProcessConnection::createPluginAsynchronously):
+
+2013-07-09 Lucas Forschler <[email protected]>
+
Merge r152382
2013-07-03 Gordon Sheridan <[email protected]>
Modified: branches/safari-537-branch/Source/WebKit2/PluginProcess/WebProcessConnection.cpp (152503 => 152504)
--- branches/safari-537-branch/Source/WebKit2/PluginProcess/WebProcessConnection.cpp 2013-07-09 18:14:53 UTC (rev 152503)
+++ branches/safari-537-branch/Source/WebKit2/PluginProcess/WebProcessConnection.cpp 2013-07-09 18:17:18 UTC (rev 152504)
@@ -289,7 +289,17 @@
// Normally the plug-in process doesn't give its synchronous messages the special flag to allow for that.
// We can force it to do so by incrementing the "DispatchMessageMarkedDispatchWhenWaitingForSyncReply" count.
m_connection->incrementDispatchMessageMarkedDispatchWhenWaitingForSyncReplyCount();
+
+ // The call to createPluginInternal can potentially cause the plug-in to be destroyed and
+ // thus free the WebProcessConnection object. Protect it.
+ RefPtr<WebProcessConnection> protect(this);
createPluginInternal(creationParameters, result, wantsWheelEvents, remoteLayerClientID);
+
+ if (!m_connection) {
+ // createPluginInternal caused the connection to go away.
+ return;
+ }
+
m_connection->decrementDispatchMessageMarkedDispatchWhenWaitingForSyncReplyCount();
// If someone asked for this plug-in synchronously while it was in the middle of being created then we need perform the
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
