Title: [165133] branches/safari-537.75-branch/Source/WebCore
Diff
Modified: branches/safari-537.75-branch/Source/WebCore/ChangeLog (165132 => 165133)
--- branches/safari-537.75-branch/Source/WebCore/ChangeLog 2014-03-05 22:41:51 UTC (rev 165132)
+++ branches/safari-537.75-branch/Source/WebCore/ChangeLog 2014-03-05 22:59:18 UTC (rev 165133)
@@ -1,5 +1,46 @@
2014-03-05 Matthew Hanson <[email protected]>
+ Merge r159986.
+
+ 2013-12-02 Brady Eidson <[email protected]>
+
+ Possible crash in ProgressTracker::progressHeartbeatTimerFired(Timer<ProgressTracker>*)
+ https://bugs.webkit.org/show_bug.cgi?id=125110
+
+ Reviewed by Darin Adler.
+
+ FrameLoader::loadProgressingStatusChanged() might be called while the Frame has a null FrameView.
+
+ It’s unclear how to reproduce, but there’s no harm in a null check.
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::loadProgressingStatusChanged):
+
+2014-03-05 Matthew Hanson <[email protected]>
+
+ Merge r159974.
+
+ 2013-12-02 Brady Eidson <[email protected]>
+
+ Possible crash in ProgressTracker::progressHeartbeatTimerFired(Timer<ProgressTracker>*)
+ https://bugs.webkit.org/show_bug.cgi?id=125110
+
+ Reviewed by Darin Adler.
+
+ It’s possible to have a null m_originatingProgressFrame when the heartbeat timer fires.
+
+ On the surface this seems impossible because the only time m_originatingProgressFrame is cleared
+ out the heartbeat timer is also stopped.
+
+ But there’s likely still a race condition in multi-threaded environments.
+
+ There’s no harm in null-checking m_originatingProgressFrame before accessing its loader.
+
+ * loader/ProgressTracker.cpp:
+ (WebCore::ProgressTracker::progressHeartbeatTimerFired):
+
+2014-03-05 Matthew Hanson <[email protected]>
+
Merge r162063.
2014-01-15 Antti Koivisto <[email protected]>
Modified: branches/safari-537.75-branch/Source/WebCore/loader/FrameLoader.cpp (165132 => 165133)
--- branches/safari-537.75-branch/Source/WebCore/loader/FrameLoader.cpp 2014-03-05 22:41:51 UTC (rev 165132)
+++ branches/safari-537.75-branch/Source/WebCore/loader/FrameLoader.cpp 2014-03-05 22:59:18 UTC (rev 165133)
@@ -3383,6 +3383,9 @@
void FrameLoader::loadProgressingStatusChanged()
{
FrameView* view = m_frame->page()->mainFrame()->view();
+ if (!view)
+ return;
+
view->updateLayerFlushThrottlingInAllFrames();
view->adjustTiledBackingCoverage();
}
Modified: branches/safari-537.75-branch/Source/WebCore/loader/ProgressTracker.cpp (165132 => 165133)
--- branches/safari-537.75-branch/Source/WebCore/loader/ProgressTracker.cpp 2014-03-05 22:41:51 UTC (rev 165132)
+++ branches/safari-537.75-branch/Source/WebCore/loader/ProgressTracker.cpp 2014-03-05 22:59:18 UTC (rev 165133)
@@ -302,7 +302,8 @@
m_totalBytesReceivedBeforePreviousHeartbeat = m_totalBytesReceived;
- m_originatingProgressFrame->loader()->loadProgressingStatusChanged();
+ if (m_originatingProgressFrame)
+ m_originatingProgressFrame->loader()->loadProgressingStatusChanged();
if (m_progressValue >= finalProgressValue)
m_progressHeartbeatTimer.stop();
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
