- Revision
- 186088
- Author
- [email protected]
- Date
- 2015-06-29 15:07:11 -0700 (Mon, 29 Jun 2015)
Log Message
Don't try to access a possibly deallocated WebFrameProxy object
https://bugs.webkit.org/show_bug.cgi?id=146428
rdar://problem/21446364
Reviewed by Tim Horton.
Make sure to call isMainFrame before calling out to the client inside
WebPageProxy::didFailLoadForFrame, matching what we do for WebPageProxy::didFinishLoadForFrame.
Also, add a ViewGestureController::didFailLoadForMainFrame function and call that instead of
calling didFinishLoadForMainFrame in the failure case.
* UIProcess/API/mac/WKView.mm:
(-[WKView _didFailLoadForMainFrame]):
* UIProcess/API/mac/WKViewInternal.h:
* UIProcess/PageClient.h:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::didFailLoadForFrame):
* UIProcess/ios/ViewGestureControllerIOS.mm:
(WebKit::ViewGestureController::mainFrameLoadDidReachTerminalState):
(WebKit::ViewGestureController::didFinishLoadForMainFrame): Deleted.
* UIProcess/mac/PageClientImpl.h:
* UIProcess/mac/PageClientImpl.mm:
(WebKit::PageClientImpl::didFailLoadForMainFrame):
* UIProcess/mac/ViewGestureController.h:
(WebKit::ViewGestureController::didFinishLoadForMainFrame):
(WebKit::ViewGestureController::didFailLoadForMainFrame):
* UIProcess/mac/ViewGestureControllerMac.mm:
(WebKit::ViewGestureController::mainFrameLoadDidReachTerminalState):
(WebKit::ViewGestureController::didFinishLoadForMainFrame): Deleted.
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (186087 => 186088)
--- trunk/Source/WebKit2/ChangeLog 2015-06-29 21:56:29 UTC (rev 186087)
+++ trunk/Source/WebKit2/ChangeLog 2015-06-29 22:07:11 UTC (rev 186088)
@@ -1,3 +1,36 @@
+2015-06-29 Anders Carlsson <[email protected]>
+
+ Don't try to access a possibly deallocated WebFrameProxy object
+ https://bugs.webkit.org/show_bug.cgi?id=146428
+ rdar://problem/21446364
+
+ Reviewed by Tim Horton.
+
+ Make sure to call isMainFrame before calling out to the client inside
+ WebPageProxy::didFailLoadForFrame, matching what we do for WebPageProxy::didFinishLoadForFrame.
+
+ Also, add a ViewGestureController::didFailLoadForMainFrame function and call that instead of
+ calling didFinishLoadForMainFrame in the failure case.
+
+ * UIProcess/API/mac/WKView.mm:
+ (-[WKView _didFailLoadForMainFrame]):
+ * UIProcess/API/mac/WKViewInternal.h:
+ * UIProcess/PageClient.h:
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::didFailLoadForFrame):
+ * UIProcess/ios/ViewGestureControllerIOS.mm:
+ (WebKit::ViewGestureController::mainFrameLoadDidReachTerminalState):
+ (WebKit::ViewGestureController::didFinishLoadForMainFrame): Deleted.
+ * UIProcess/mac/PageClientImpl.h:
+ * UIProcess/mac/PageClientImpl.mm:
+ (WebKit::PageClientImpl::didFailLoadForMainFrame):
+ * UIProcess/mac/ViewGestureController.h:
+ (WebKit::ViewGestureController::didFinishLoadForMainFrame):
+ (WebKit::ViewGestureController::didFailLoadForMainFrame):
+ * UIProcess/mac/ViewGestureControllerMac.mm:
+ (WebKit::ViewGestureController::mainFrameLoadDidReachTerminalState):
+ (WebKit::ViewGestureController::didFinishLoadForMainFrame): Deleted.
+
2015-06-29 Yongjun Zhang <[email protected]>
Disable default gesture recognizers on preview.
Modified: trunk/Source/WebKit2/UIProcess/API/mac/WKView.mm (186087 => 186088)
--- trunk/Source/WebKit2/UIProcess/API/mac/WKView.mm 2015-06-29 21:56:29 UTC (rev 186087)
+++ trunk/Source/WebKit2/UIProcess/API/mac/WKView.mm 2015-06-29 22:07:11 UTC (rev 186088)
@@ -3932,6 +3932,12 @@
_data->_gestureController->didFinishLoadForMainFrame();
}
+- (void)_didFailLoadForMainFrame
+{
+ if (_data->_gestureController)
+ _data->_gestureController->didFailLoadForMainFrame();
+}
+
- (void)_didSameDocumentNavigationForMainFrame:(SameDocumentNavigationType)type
{
if (_data->_gestureController)
Modified: trunk/Source/WebKit2/UIProcess/API/mac/WKViewInternal.h (186087 => 186088)
--- trunk/Source/WebKit2/UIProcess/API/mac/WKViewInternal.h 2015-06-29 21:56:29 UTC (rev 186087)
+++ trunk/Source/WebKit2/UIProcess/API/mac/WKViewInternal.h 2015-06-29 22:07:11 UTC (rev 186088)
@@ -122,6 +122,7 @@
- (void)_didFirstVisuallyNonEmptyLayoutForMainFrame;
- (void)_didFinishLoadForMainFrame;
+- (void)_didFailLoadForMainFrame;
- (void)_didSameDocumentNavigationForMainFrame:(WebKit::SameDocumentNavigationType)type;
- (void)_removeNavigationGestureSnapshot;
Modified: trunk/Source/WebKit2/UIProcess/PageClient.h (186087 => 186088)
--- trunk/Source/WebKit2/UIProcess/PageClient.h 2015-06-29 21:56:29 UTC (rev 186087)
+++ trunk/Source/WebKit2/UIProcess/PageClient.h 2015-06-29 22:07:11 UTC (rev 186088)
@@ -313,6 +313,7 @@
virtual void didFirstVisuallyNonEmptyLayoutForMainFrame() = 0;
virtual void didFinishLoadForMainFrame() = 0;
+ virtual void didFailLoadForMainFrame() = 0;
virtual void didSameDocumentNavigationForMainFrame(SameDocumentNavigationType) = 0;
virtual void didChangeBackgroundColor() = 0;
Modified: trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp (186087 => 186088)
--- trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp 2015-06-29 21:56:29 UTC (rev 186087)
+++ trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp 2015-06-29 22:07:11 UTC (rev 186088)
@@ -3045,7 +3045,9 @@
auto transaction = m_pageLoadState.transaction();
- if (frame->isMainFrame())
+ bool isMainFrame = frame->isMainFrame();
+
+ if (isMainFrame)
m_pageLoadState.didFailLoad(transaction);
frame->didFailLoad();
@@ -3057,10 +3059,8 @@
} else
m_loaderClient->didFailLoadWithErrorForFrame(*this, *frame, navigation.get(), error, m_process->transformHandlesToObjects(userData.object()).get());
- // Notify the PageClient that the main frame finished loading. The WebView / GestureController need to know the load has
- // finished (e.g. to clear the back swipe snapshot).
- if (frame->isMainFrame())
- m_pageClient.didFinishLoadForMainFrame();
+ if (isMainFrame)
+ m_pageClient.didFailLoadForMainFrame();
}
void WebPageProxy::didSameDocumentNavigationForFrame(uint64_t frameID, uint64_t navigationID, uint32_t opaqueSameDocumentNavigationType, const String& url, const UserData& userData)
Modified: trunk/Source/WebKit2/UIProcess/ios/ViewGestureControllerIOS.mm (186087 => 186088)
--- trunk/Source/WebKit2/UIProcess/ios/ViewGestureControllerIOS.mm 2015-06-29 21:56:29 UTC (rev 186087)
+++ trunk/Source/WebKit2/UIProcess/ios/ViewGestureControllerIOS.mm 2015-06-29 22:07:11 UTC (rev 186088)
@@ -318,7 +318,7 @@
m_swipeWaitingForRenderTreeSizeThreshold = true;
m_swipeWaitingForRepaint = true;
- m_swipeWaitingForDidFinishLoad = true;
+ m_swipeWaitingForTerminalLoadingState = true;
m_swipeWaitingForSubresourceLoads = true;
m_swipeWaitingForScrollPositionRestoration = true;
@@ -373,15 +373,15 @@
removeSwipeSnapshotIfReady();
}
-void ViewGestureController::didFinishLoadForMainFrame()
+void ViewGestureController::mainFrameLoadDidReachTerminalState()
{
if (m_activeGestureType != ViewGestureType::Swipe)
return;
- if (!m_swipeWaitingForDidFinishLoad)
+ if (!m_swipeWaitingForTerminalLoadingState)
return;
- m_swipeWaitingForDidFinishLoad = false;
+ m_swipeWaitingForTerminalLoadingState = false;
if (m_webPageProxy.pageLoadState().isLoading()) {
m_swipeActiveLoadMonitoringTimer.startRepeating(swipeSnapshotRemovalActiveLoadMonitoringInterval);
@@ -398,10 +398,10 @@
return;
// This is nearly equivalent to didFinishLoad in the same document navigation case.
- if (!m_swipeWaitingForDidFinishLoad)
+ if (!m_swipeWaitingForTerminalLoadingState)
return;
- m_swipeWaitingForDidFinishLoad = false;
+ m_swipeWaitingForTerminalLoadingState = false;
if (type != SameDocumentNavigationSessionStateReplace && type != SameDocumentNavigationSessionStatePop)
return;
@@ -428,7 +428,7 @@
void ViewGestureController::removeSwipeSnapshotIfReady()
{
- if (m_swipeWaitingForRenderTreeSizeThreshold || m_swipeWaitingForRepaint || m_swipeWaitingForDidFinishLoad || m_swipeWaitingForSubresourceLoads || m_swipeWaitingForScrollPositionRestoration)
+ if (m_swipeWaitingForRenderTreeSizeThreshold || m_swipeWaitingForRepaint || m_swipeWaitingForTerminalLoadingState || m_swipeWaitingForSubresourceLoads || m_swipeWaitingForScrollPositionRestoration)
return;
removeSwipeSnapshot();
@@ -438,7 +438,7 @@
{
m_swipeWaitingForRenderTreeSizeThreshold = false;
m_swipeWaitingForRepaint = false;
- m_swipeWaitingForDidFinishLoad = false;
+ m_swipeWaitingForTerminalLoadingState = false;
m_swipeWaitingForSubresourceLoads = false;
m_swipeWaitingForScrollPositionRestoration = false;
Modified: trunk/Source/WebKit2/UIProcess/mac/PageClientImpl.h (186087 => 186088)
--- trunk/Source/WebKit2/UIProcess/mac/PageClientImpl.h 2015-06-29 21:56:29 UTC (rev 186087)
+++ trunk/Source/WebKit2/UIProcess/mac/PageClientImpl.h 2015-06-29 22:07:11 UTC (rev 186088)
@@ -194,6 +194,7 @@
virtual void didFirstVisuallyNonEmptyLayoutForMainFrame() override;
virtual void didFinishLoadForMainFrame() override;
+ virtual void didFailLoadForMainFrame() override;
virtual void didSameDocumentNavigationForMainFrame(SameDocumentNavigationType) override;
virtual void removeNavigationGestureSnapshot() override;
Modified: trunk/Source/WebKit2/UIProcess/mac/PageClientImpl.mm (186087 => 186088)
--- trunk/Source/WebKit2/UIProcess/mac/PageClientImpl.mm 2015-06-29 21:56:29 UTC (rev 186087)
+++ trunk/Source/WebKit2/UIProcess/mac/PageClientImpl.mm 2015-06-29 22:07:11 UTC (rev 186088)
@@ -789,6 +789,11 @@
[m_wkView _didFinishLoadForMainFrame];
}
+void PageClientImpl::didFailLoadForMainFrame()
+{
+ [m_wkView _didFailLoadForMainFrame];
+}
+
void PageClientImpl::didSameDocumentNavigationForMainFrame(SameDocumentNavigationType type)
{
[m_wkView _didSameDocumentNavigationForMainFrame:type];
Modified: trunk/Source/WebKit2/UIProcess/mac/ViewGestureController.h (186087 => 186088)
--- trunk/Source/WebKit2/UIProcess/mac/ViewGestureController.h 2015-06-29 21:56:29 UTC (rev 186087)
+++ trunk/Source/WebKit2/UIProcess/mac/ViewGestureController.h 2015-06-29 22:07:11 UTC (rev 186088)
@@ -122,7 +122,9 @@
void didRestoreScrollPosition();
#endif
- void didFinishLoadForMainFrame();
+ void didFinishLoadForMainFrame() { mainFrameLoadDidReachTerminalState(); }
+ void didFailLoadForMainFrame() { mainFrameLoadDidReachTerminalState(); }
+ void mainFrameLoadDidReachTerminalState();
void removeSwipeSnapshot();
void didSameDocumentNavigationForMainFrame(SameDocumentNavigationType);
@@ -223,7 +225,7 @@
bool m_swipeWaitingForVisuallyNonEmptyLayout { false };
bool m_swipeWaitingForRenderTreeSizeThreshold { false };
bool m_swipeWaitingForRepaint { false };
- bool m_swipeWaitingForDidFinishLoad { false };
+ bool m_swipeWaitingForTerminalLoadingState { false };
bool m_swipeWaitingForSubresourceLoads { false };
bool m_swipeWaitingForScrollPositionRestoration { false };
};
Modified: trunk/Source/WebKit2/UIProcess/mac/ViewGestureControllerMac.mm (186087 => 186088)
--- trunk/Source/WebKit2/UIProcess/mac/ViewGestureControllerMac.mm 2015-06-29 21:56:29 UTC (rev 186087)
+++ trunk/Source/WebKit2/UIProcess/mac/ViewGestureControllerMac.mm 2015-06-29 22:07:11 UTC (rev 186088)
@@ -815,7 +815,7 @@
}
}
-void ViewGestureController::didFinishLoadForMainFrame()
+void ViewGestureController::mainFrameLoadDidReachTerminalState()
{
if (m_activeGestureType != ViewGestureType::Swipe || m_swipeInProgress)
return;
