[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

benjamin.poulain at nokia.com benjamin.poulain at nokia.com
Wed Dec 22 13:56:58 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit d6296f1adfc3424a9d280f13bf20a108950c154f
Author: benjamin.poulain at nokia.com <benjamin.poulain at nokia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Sep 30 07:22:51 2010 +0000

    2010-09-30  Benjamin Poulain  <benjamin.poulain at nokia.com>
    
            Reviewed by Andreas Kling.
    
            [Qt] Crash if an scene with accelerated compositing layout during the paint event
            https://bugs.webkit.org/show_bug.cgi?id=46812
    
            Delay the deletion of the overlay after the current event is processed.
    
            Removing the overlay can sometimes be done inside the rendering code of
            the overlay itself. When the rendering code is using the reference after
            the deletion of the overlay, WebKit crashes.
    
            * Api/qgraphicswebview.cpp:
            (QGraphicsWebViewPrivate::overlay):
            * WebCoreSupport/PageClientQt.cpp:
            (WebCore::PageClientQGraphicsWidget::~PageClientQGraphicsWidget):
            (WebCore::PageClientQGraphicsWidget::createOrDeleteOverlay):
            * WebCoreSupport/PageClientQt.h:
            (WebCore::PageClientQGraphicsWidget::PageClientQGraphicsWidget):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@68761 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebKit/qt/Api/qgraphicswebview.cpp b/WebKit/qt/Api/qgraphicswebview.cpp
index 936d36d..bce0b61 100644
--- a/WebKit/qt/Api/qgraphicswebview.cpp
+++ b/WebKit/qt/Api/qgraphicswebview.cpp
@@ -80,7 +80,7 @@ public:
     {
         if (!page || !page->d->client)
             return 0;
-        return static_cast<PageClientQGraphicsWidget*>(page->d->client)->overlay.data();
+        return static_cast<PageClientQGraphicsWidget*>(page->d->client)->overlay;
     }
 };
 
diff --git a/WebKit/qt/ChangeLog b/WebKit/qt/ChangeLog
index 3e0caa2..7ba0944 100644
--- a/WebKit/qt/ChangeLog
+++ b/WebKit/qt/ChangeLog
@@ -2,6 +2,27 @@
 
         Reviewed by Andreas Kling.
 
+        [Qt] Crash if an scene with accelerated compositing layout during the paint event
+        https://bugs.webkit.org/show_bug.cgi?id=46812
+
+        Delay the deletion of the overlay after the current event is processed.
+
+        Removing the overlay can sometimes be done inside the rendering code of
+        the overlay itself. When the rendering code is using the reference after
+        the deletion of the overlay, WebKit crashes.
+
+        * Api/qgraphicswebview.cpp:
+        (QGraphicsWebViewPrivate::overlay):
+        * WebCoreSupport/PageClientQt.cpp:
+        (WebCore::PageClientQGraphicsWidget::~PageClientQGraphicsWidget):
+        (WebCore::PageClientQGraphicsWidget::createOrDeleteOverlay):
+        * WebCoreSupport/PageClientQt.h:
+        (WebCore::PageClientQGraphicsWidget::PageClientQGraphicsWidget):
+
+2010-09-30  Benjamin Poulain  <benjamin.poulain at nokia.com>
+
+        Reviewed by Andreas Kling.
+
         [Qt] Fix tst_QWebPage::geolocationRequestJS()
         https://bugs.webkit.org/show_bug.cgi?id=46814
 
diff --git a/WebKit/qt/WebCoreSupport/PageClientQt.cpp b/WebKit/qt/WebCoreSupport/PageClientQt.cpp
index ea209d9..9f11496 100644
--- a/WebKit/qt/WebCoreSupport/PageClientQt.cpp
+++ b/WebKit/qt/WebCoreSupport/PageClientQt.cpp
@@ -105,6 +105,7 @@ QRectF PageClientQWidget::windowRect() const
 
 PageClientQGraphicsWidget::~PageClientQGraphicsWidget()
 {
+    delete overlay;
 #if USE(ACCELERATED_COMPOSITING)
     if (!rootGraphicsLayer)
         return;
@@ -150,11 +151,15 @@ void PageClientQGraphicsWidget::createOrDeleteOverlay()
     }
     if (useOverlay == !!overlay)
         return;
+
     if (useOverlay) {
-        overlay = QSharedPointer<QGraphicsItemOverlay>(new QGraphicsItemOverlay(view, page));
+        overlay = new QGraphicsItemOverlay(view, page);
         overlay->setZValue(OverlayZValue);
-    } else
-        overlay.clear();
+    } else {
+        // Changing the overlay might be done inside paint events.
+        overlay->deleteLater();
+        overlay = 0;
+    }
 }
 
 #if USE(ACCELERATED_COMPOSITING)
diff --git a/WebKit/qt/WebCoreSupport/PageClientQt.h b/WebKit/qt/WebCoreSupport/PageClientQt.h
index eea7f40..3c32ec1 100644
--- a/WebKit/qt/WebCoreSupport/PageClientQt.h
+++ b/WebKit/qt/WebCoreSupport/PageClientQt.h
@@ -32,7 +32,6 @@
 #include "qwebpage.h"
 #include "qwebpage_p.h"
 #include <QtCore/qmetaobject.h>
-#include <QtCore/qsharedpointer.h>
 #include <QtGui/qgraphicsscene.h>
 #include <QtGui/qgraphicsview.h>
 #include <QtGui/qgraphicswidget.h>
@@ -83,10 +82,10 @@ public:
 
 // the overlay is here for one reason only: to have the scroll-bars and other
 // extra UI elements appear on top of any QGraphicsItems created by CSS compositing layers
-class QGraphicsItemOverlay : public QGraphicsItem {
+class QGraphicsItemOverlay : public QGraphicsObject {
     public:
     QGraphicsItemOverlay(QGraphicsWidget* view, QWebPage* p)
-            :QGraphicsItem(view)
+            :QGraphicsObject(view)
             , q(view)
             , page(p)
     {
@@ -124,6 +123,7 @@ public:
 #if USE(ACCELERATED_COMPOSITING)
         , shouldSync(false)
 #endif
+        , overlay(0)
     {
        Q_ASSERT(view);
 #if USE(ACCELERATED_COMPOSITING)
@@ -194,7 +194,7 @@ public:
     bool shouldSync;
 #endif
     // the overlay gets instantiated when the root layer is attached, and get deleted when it's detached
-    QSharedPointer<QGraphicsItemOverlay> overlay;
+    QGraphicsItemOverlay* overlay;
 
     // we need to put the root graphics layer behind the overlay (which contains the scrollbar)
     enum { RootGraphicsLayerZValue, OverlayZValue };

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list