Skip to site navigation (Press enter)

[webkit-changes] [188991] trunk/Source/WebKit2

wenson_hsieh Wed, 26 Aug 2015 14:55:54 -0700

Title: [188991] trunk/Source/WebKit2

Revision: 188991
Author: wenson_hs...@apple.com
Date: 2015-08-26 14:54:41 -0700 (Wed, 26 Aug 2015)

Log Message

Fix crash due to animationDidEnd called on deallocated RemoteLayerTreeHost
https://bugs.webkit.org/show_bug.cgi?id=148442
<rdar://problem/21609257>


Reviewed by Tim Horton.

A PlatformCAAnimationRemote's backpointer to a deallocated RemoteLayerTreeHost is not
invalidated when its host removes its reference to it.

* UIProcess/mac/RemoteLayerTreeHost.mm:
(WebKit::RemoteLayerTreeHost::layerWillBeRemoved): Invalidate a backpointer from the
    PlatformCAAnimationRemotes to the RemoteLayerTreeHost.

Modified Paths

trunk/Source/WebKit2/ChangeLog
trunk/Source/WebKit2/UIProcess/mac/RemoteLayerTreeHost.mm

Diff

Modified: trunk/Source/WebKit2/ChangeLog (188990 => 188991)


--- trunk/Source/WebKit2/ChangeLog	2015-08-26 21:51:12 UTC (rev 188990)
+++ trunk/Source/WebKit2/ChangeLog	2015-08-26 21:54:41 UTC (rev 188991)
@@ -1,3 +1,18 @@
+2015-08-26  Wenson Hsieh  <wenson_hs...@apple.com>
+
+        Fix crash due to animationDidEnd called on deallocated RemoteLayerTreeHost
+        https://bugs.webkit.org/show_bug.cgi?id=148442
+        <rdar://problem/21609257>
+
+        Reviewed by Tim Horton.
+
+        A PlatformCAAnimationRemote's backpointer to a deallocated RemoteLayerTreeHost is not
+        invalidated when its host removes its reference to it.
+
+        * UIProcess/mac/RemoteLayerTreeHost.mm:
+        (WebKit::RemoteLayerTreeHost::layerWillBeRemoved): Invalidate a backpointer from the
+            PlatformCAAnimationRemotes to the RemoteLayerTreeHost.
+
 2015-08-26  Beth Dakin  <bda...@apple.com>
 
         REGRESSION: Safari navigates after a cancelled force click

Modified: trunk/Source/WebKit2/UIProcess/mac/RemoteLayerTreeHost.mm (188990 => 188991)


--- trunk/Source/WebKit2/UIProcess/mac/RemoteLayerTreeHost.mm	2015-08-26 21:51:12 UTC (rev 188990)
+++ trunk/Source/WebKit2/UIProcess/mac/RemoteLayerTreeHost.mm	2015-08-26 21:54:41 UTC (rev 188991)
@@ -138,7 +138,11 @@
 
 void RemoteLayerTreeHost::layerWillBeRemoved(WebCore::GraphicsLayer::PlatformLayerID layerID)
 {
-    m_animationDelegates.remove(layerID);
+    auto iter = m_animationDelegates.find(layerID);
+    if (iter != m_animationDelegates.end()) {
+        [iter->value invalidate];
+        m_animationDelegates.remove(iter);
+    }
     m_layers.remove(layerID);
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes