[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-10851-g50815da

andersca at apple.com andersca at apple.com
Wed Dec 22 18:41:10 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit 6de9ed8b3b083ede41e07835ae2366f05c8343df
Author: andersca at apple.com <andersca at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Wed Dec 15 20:15:38 2010 +0000

    2010-12-15  Anders Carlsson  <andersca at apple.com>
    
            Reviewed by Maciej Stachowiak.
    
            Semi-reproducible crash in ChunkedUpdateDrawingArea::paintIntoUpdateChunk closing a particular yahoo page
            https://bugs.webkit.org/show_bug.cgi?id=51126
            <rdar://problem/8771219>
    
            Laying out the web page can cause the drawing area to change so we need to protect against this.
    
            * WebProcess/WebPage/ChunkedUpdateDrawingArea.cpp:
            (WebKit::ChunkedUpdateDrawingArea::display):
            * WebProcess/WebPage/LayerBackedDrawingArea.cpp:
            (WebKit::LayerBackedDrawingArea::display):
            * WebProcess/WebPage/mac/LayerBackedDrawingAreaMac.mm:
            (WebKit::LayerBackedDrawingArea::updateLayoutRunLoopObserverFired):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@74134 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebKit2/ChangeLog b/WebKit2/ChangeLog
index 9c5d9f8..aa8c33e 100644
--- a/WebKit2/ChangeLog
+++ b/WebKit2/ChangeLog
@@ -1,3 +1,20 @@
+2010-12-15  Anders Carlsson  <andersca at apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Semi-reproducible crash in ChunkedUpdateDrawingArea::paintIntoUpdateChunk closing a particular yahoo page
+        https://bugs.webkit.org/show_bug.cgi?id=51126
+        <rdar://problem/8771219>
+
+        Laying out the web page can cause the drawing area to change so we need to protect against this.
+
+        * WebProcess/WebPage/ChunkedUpdateDrawingArea.cpp:
+        (WebKit::ChunkedUpdateDrawingArea::display):
+        * WebProcess/WebPage/LayerBackedDrawingArea.cpp:
+        (WebKit::LayerBackedDrawingArea::display):
+        * WebProcess/WebPage/mac/LayerBackedDrawingAreaMac.mm:
+        (WebKit::LayerBackedDrawingArea::updateLayoutRunLoopObserverFired):
+
 2010-12-15  Brian Weinstein  <bweinstein at apple.com>
 
         Reviewed by Adam Roben.
diff --git a/WebKit2/WebProcess/WebPage/ChunkedUpdateDrawingArea.cpp b/WebKit2/WebProcess/WebPage/ChunkedUpdateDrawingArea.cpp
index f46ef2e..1f8eac6 100644
--- a/WebKit2/WebProcess/WebPage/ChunkedUpdateDrawingArea.cpp
+++ b/WebKit2/WebProcess/WebPage/ChunkedUpdateDrawingArea.cpp
@@ -87,9 +87,15 @@ void ChunkedUpdateDrawingArea::display()
     if (m_dirtyRect.isEmpty())
         return;
 
+    // Laying out the page can cause the drawing area to change so we keep an extra reference.
+    RefPtr<ChunkedUpdateDrawingArea> protect(this);
+
     // Layout if necessary.
     m_webPage->layoutIfNeeded();
  
+    if (m_webPage->drawingArea() != this)
+        return;
+    
     IntRect dirtyRect = m_dirtyRect;
     m_dirtyRect = IntRect();
 
@@ -133,10 +139,8 @@ void ChunkedUpdateDrawingArea::setSize(const IntSize& viewSize)
     m_webPage->setSize(viewSize);
     m_webPage->layoutIfNeeded();
 
-    if (m_webPage->drawingArea() != this) {
-        // The drawing area changed, return early.
+    if (m_webPage->drawingArea() != this)
         return;
-    }
 
     if (m_paintingIsSuspended) {
         ASSERT(!m_displayTimer.isActive());
diff --git a/WebKit2/WebProcess/WebPage/LayerBackedDrawingArea.cpp b/WebKit2/WebProcess/WebPage/LayerBackedDrawingArea.cpp
index 3745ef7..2a4a2bb 100644
--- a/WebKit2/WebProcess/WebPage/LayerBackedDrawingArea.cpp
+++ b/WebKit2/WebProcess/WebPage/LayerBackedDrawingArea.cpp
@@ -88,8 +88,14 @@ void LayerBackedDrawingArea::setNeedsDisplay(const IntRect& rect)
 
 void LayerBackedDrawingArea::display()
 {
+    // Laying out the page can cause the drawing area to change so we keep an extra reference.
+    RefPtr<LayerBackedDrawingArea> protect(this);
+
     // Layout if necessary.
     m_webPage->layoutIfNeeded();
+
+    if (m_webPage->drawingArea() != this)
+        return;
 }
 
 void LayerBackedDrawingArea::scheduleDisplay()
@@ -110,10 +116,8 @@ void LayerBackedDrawingArea::setSize(const IntSize& viewSize)
     m_webPage->setSize(viewSize);
     m_webPage->layoutIfNeeded();
 
-    if (m_webPage->drawingArea() != this) {
-        // The drawing area changed, return early.
+    if (m_webPage->drawingArea() != this)
         return;
-    }
     
     WebProcess::shared().connection()->send(DrawingAreaProxyMessage::DidSetSize, m_webPage->pageID(), CoreIPC::In(viewSize));
 }
diff --git a/WebKit2/WebProcess/WebPage/mac/LayerBackedDrawingAreaMac.mm b/WebKit2/WebProcess/WebPage/mac/LayerBackedDrawingAreaMac.mm
index 26b2bd9..1a6b0f1 100644
--- a/WebKit2/WebProcess/WebPage/mac/LayerBackedDrawingAreaMac.mm
+++ b/WebKit2/WebProcess/WebPage/mac/LayerBackedDrawingAreaMac.mm
@@ -163,7 +163,13 @@ void LayerBackedDrawingArea::updateLayoutRunLoopObserverCallback(CFRunLoopObserv
 
 void LayerBackedDrawingArea::updateLayoutRunLoopObserverFired()
 {
+    // Laying out the page can cause the drawing area to change so we keep an extra reference.
+    RefPtr<LayerBackedDrawingArea> protect(this);
+
     m_webPage->layoutIfNeeded();
+
+    if (m_webPage->drawingArea() != this)
+        return;
     
     if (m_attached)
         syncCompositingLayers();

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list