Skip to site navigation (Press enter)

[webkit-changes] [140020] tags/Safari-537.26.1/Source/WebKit2

lforschler Thu, 17 Jan 2013 11:51:37 -0800

Title: [140020] tags/Safari-537.26.1/Source/WebKit2

Revision: 140020
Author: lforsch...@apple.com
Date: 2013-01-17 11:53:21 -0800 (Thu, 17 Jan 2013)

Log Message

Merged r139943.  <rdar://problem/12513871>


Modified Paths

tags/Safari-537.26.1/Source/WebKit2/ChangeLog
tags/Safari-537.26.1/Source/WebKit2/WebProcess/Plugins/PluginView.cpp

Diff

Modified: tags/Safari-537.26.1/Source/WebKit2/ChangeLog (140019 => 140020)


--- tags/Safari-537.26.1/Source/WebKit2/ChangeLog	2013-01-17 19:52:07 UTC (rev 140019)
+++ tags/Safari-537.26.1/Source/WebKit2/ChangeLog	2013-01-17 19:53:21 UTC (rev 140020)
@@ -1,5 +1,27 @@
 2013-01-17  Lucas Forschler  <lforsch...@apple.com>
 
+        Merge r139943
+
+    2013-01-16  Anders Carlsson  <ander...@apple.com>
+
+            Fix crash when destroying a plug-in with pending URL requests
+            https://bugs.webkit.org/show_bug.cgi?id=107075
+            <rdar://problem/12513871>
+
+            Reviewed by Sam Weinig.
+
+            In PluginView::destroyPluginAndReset, make sure to cancel any outstanding URL requests since the PluginView
+            object will stay around and would otherwise start loading URLs from stopped plug-ins.
+
+            * WebProcess/Plugins/PluginView.cpp:
+            (WebKit::PluginView::Stream::start):
+            Assert that the plug-in is alive.
+
+            (WebKit::PluginView::destroyPluginAndReset):
+            Empty out the pending URL requests vector and stop the timer.
+
+2013-01-17  Lucas Forschler  <lforsch...@apple.com>
+
         Merge r139960
 
     2013-01-16  Sam Weinig  <s...@webkit.org>

Modified: tags/Safari-537.26.1/Source/WebKit2/WebProcess/Plugins/PluginView.cpp (140019 => 140020)


--- tags/Safari-537.26.1/Source/WebKit2/WebProcess/Plugins/PluginView.cpp	2013-01-17 19:52:07 UTC (rev 140019)
+++ tags/Safari-537.26.1/Source/WebKit2/WebProcess/Plugins/PluginView.cpp	2013-01-17 19:53:21 UTC (rev 140020)
@@ -144,6 +144,7 @@
     
 void PluginView::Stream::start()
 {
+    ASSERT(m_pluginView->m_plugin);
     ASSERT(!m_loader);
 
     Frame* frame = m_pluginView->m_pluginElement->document()->frame();
@@ -308,6 +309,10 @@
         m_isBeingDestroyed = true;
         m_plugin->destroyPlugin();
         m_isBeingDestroyed = false;
+
+        m_pendingURLRequests.clear();
+        m_pendingURLRequestsTimer.stop();
+
 #if PLATFORM(MAC)
         if (m_webPage)
             pluginFocusOrWindowFocusChanged(false);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes