Title: [189694] releases/WebKitGTK/webkit-2.10/Source/WebCore
- Revision
- 189694
- Author
- carlo...@webkit.org
- Date
- 2015-09-14 01:37:43 -0700 (Mon, 14 Sep 2015)
Log Message
Merge r188765 - HistoryItems will null CachedPages should never be left in the list of items;
causes crash
https://bugs.webkit.org/show_bug.cgi?id=148237
-and corresponding-
rdar://problem/22356782
Reviewed by Brady Eidson.
Setting the CachedPage to nullptr will destroy the CachedPage, destroy the
FrameView, re-enter layout, and potentially try to modify items in the PageCache
based on that layout. So, we should not modify CachedPage in this way while the
item is still in the list of HistoryItems.
* history/PageCache.cpp:
(WebCore::PageCache::take):
(WebCore::PageCache::remove):
(WebCore::PageCache::prune):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog (189693 => 189694)
--- releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog 2015-09-14 08:35:52 UTC (rev 189693)
+++ releases/WebKitGTK/webkit-2.10/Source/WebCore/ChangeLog 2015-09-14 08:37:43 UTC (rev 189694)
@@ -1,3 +1,22 @@
+2015-08-21 Beth Dakin <bda...@apple.com>
+
+ HistoryItems will null CachedPages should never be left in the list of items;
+ causes crash
+ https://bugs.webkit.org/show_bug.cgi?id=148237
+ -and corresponding-
+ rdar://problem/22356782
+
+ Reviewed by Brady Eidson.
+
+ Setting the CachedPage to nullptr will destroy the CachedPage, destroy the
+ FrameView, re-enter layout, and potentially try to modify items in the PageCache
+ based on that layout. So, we should not modify CachedPage in this way while the
+ item is still in the list of HistoryItems.
+ * history/PageCache.cpp:
+ (WebCore::PageCache::take):
+ (WebCore::PageCache::remove):
+ (WebCore::PageCache::prune):
+
2015-08-19 Wenson Hsieh <wenson_hs...@apple.com>
Select validation does not correctly work when handling change event
Modified: releases/WebKitGTK/webkit-2.10/Source/WebCore/history/PageCache.cpp (189693 => 189694)
--- releases/WebKitGTK/webkit-2.10/Source/WebCore/history/PageCache.cpp 2015-09-14 08:35:52 UTC (rev 189693)
+++ releases/WebKitGTK/webkit-2.10/Source/WebCore/history/PageCache.cpp 2015-09-14 08:37:43 UTC (rev 189694)
@@ -396,8 +396,8 @@
return nullptr;
}
- std::unique_ptr<CachedPage> cachedPage = WTF::move(item.m_cachedPage);
m_items.remove(&item);
+ std::unique_ptr<CachedPage> cachedPage = WTF::move(item.m_cachedPage);
if (cachedPage->hasExpired()) {
LOG(PageCache, "Not restoring page for %s from back/forward cache because cache entry has expired", item.url().string().ascii().data());
@@ -432,17 +432,16 @@
if (!item.m_cachedPage)
return;
- item.m_cachedPage = nullptr;
m_items.remove(&item);
+ item.m_cachedPage = nullptr;
}
void PageCache::prune(PruningReason pruningReason)
{
while (pageCount() > maxSize()) {
- auto& oldestItem = m_items.first();
+ auto oldestItem = m_items.takeFirst();
oldestItem->m_cachedPage = nullptr;
oldestItem->m_pruningReason = pruningReason;
- m_items.removeFirst();
}
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
