Title: [167290] trunk/Source/WebCore
- Revision
- 167290
- Author
- simon.fra...@apple.com
- Date
- 2014-04-14 19:54:13 -0700 (Mon, 14 Apr 2014)
Log Message
Crash in TileController::tileRevalidationTimerFired
https://bugs.webkit.org/show_bug.cgi?id=131656
<rdar://problem/16583166>
Reviewed by Sam Weinig.
It's possible for the TileController revalidation timer to fire after
the GraphicsLayer has been destroyed, so the PlatformCALayer no longer
has an owningGraphicsLayer.
Bail from the timer callback if owningGraphicsLayer() is null.
Also some drive-by 0 -> nullptr changes.
* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::GraphicsLayerCA::willBeDestroyed):
* platform/graphics/ca/PlatformCALayer.cpp:
(WebCore::PlatformCALayer::~PlatformCALayer):
* platform/graphics/ca/mac/TileController.mm:
(WebCore::TileController::tileRevalidationTimerFired):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (167289 => 167290)
--- trunk/Source/WebCore/ChangeLog 2014-04-15 02:44:09 UTC (rev 167289)
+++ trunk/Source/WebCore/ChangeLog 2014-04-15 02:54:13 UTC (rev 167290)
@@ -1,3 +1,26 @@
+2014-04-14 Simon Fraser <simon.fra...@apple.com>
+
+ Crash in TileController::tileRevalidationTimerFired
+ https://bugs.webkit.org/show_bug.cgi?id=131656
+ <rdar://problem/16583166>
+
+ Reviewed by Sam Weinig.
+
+ It's possible for the TileController revalidation timer to fire after
+ the GraphicsLayer has been destroyed, so the PlatformCALayer no longer
+ has an owningGraphicsLayer.
+
+ Bail from the timer callback if owningGraphicsLayer() is null.
+
+ Also some drive-by 0 -> nullptr changes.
+
+ * platform/graphics/ca/GraphicsLayerCA.cpp:
+ (WebCore::GraphicsLayerCA::willBeDestroyed):
+ * platform/graphics/ca/PlatformCALayer.cpp:
+ (WebCore::PlatformCALayer::~PlatformCALayer):
+ * platform/graphics/ca/mac/TileController.mm:
+ (WebCore::TileController::tileRevalidationTimerFired):
+
2014-04-14 Bem Jones-Bey <bjone...@adobe.com>
[CSS Shapes] Remove some leftover shape-inside code
Modified: trunk/Source/WebCore/platform/graphics/ca/GraphicsLayerCA.cpp (167289 => 167290)
--- trunk/Source/WebCore/platform/graphics/ca/GraphicsLayerCA.cpp 2014-04-15 02:44:09 UTC (rev 167289)
+++ trunk/Source/WebCore/platform/graphics/ca/GraphicsLayerCA.cpp 2014-04-15 02:54:13 UTC (rev 167290)
@@ -387,19 +387,19 @@
// We release our references to the PlatformCALayers here, but do not actively unparent them,
// since that will cause a commit and break our batched commit model. The layers will
// get released when the rootmost modified GraphicsLayerCA rebuilds its child layers.
-
+
// Clean up the layer.
if (m_layer)
- m_layer->setOwner(0);
+ m_layer->setOwner(nullptr);
if (m_contentsLayer)
- m_contentsLayer->setOwner(0);
+ m_contentsLayer->setOwner(nullptr);
if (m_contentsClippingLayer)
- m_contentsClippingLayer->setOwner(0);
+ m_contentsClippingLayer->setOwner(nullptr);
if (m_structuralLayer)
- m_structuralLayer->setOwner(0);
+ m_structuralLayer->setOwner(nullptr);
removeCloneLayers();
Modified: trunk/Source/WebCore/platform/graphics/ca/PlatformCALayer.cpp (167289 => 167290)
--- trunk/Source/WebCore/platform/graphics/ca/PlatformCALayer.cpp 2014-04-15 02:44:09 UTC (rev 167289)
+++ trunk/Source/WebCore/platform/graphics/ca/PlatformCALayer.cpp 2014-04-15 02:54:13 UTC (rev 167290)
@@ -47,7 +47,7 @@
{
// Clear the owner, which also clears it in the delegate to prevent attempts
// to use the GraphicsLayerCA after it has been destroyed.
- setOwner(0);
+ setOwner(nullptr);
}
}
Modified: trunk/Source/WebCore/platform/graphics/ca/mac/TileController.mm (167289 => 167290)
--- trunk/Source/WebCore/platform/graphics/ca/mac/TileController.mm 2014-04-15 02:44:09 UTC (rev 167289)
+++ trunk/Source/WebCore/platform/graphics/ca/mac/TileController.mm 2014-04-15 02:54:13 UTC (rev 167290)
@@ -340,6 +340,9 @@
void TileController::tileRevalidationTimerFired(Timer<TileController>*)
{
+ if (!owningGraphicsLayer())
+ return;
+
if (m_isInWindow) {
setNeedsRevalidateTiles();
return;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
