Title: [204801] releases/WebKitGTK/webkit-2.12/Source/WebCore
- Revision
- 204801
- Author
- [email protected]
- Date
- 2016-08-23 03:58:06 -0700 (Tue, 23 Aug 2016)
Log Message
Merge r204631 - DumpRenderTree crashed in com.apple.WebCore: WebCore::DOMWindow::resetDOMWindowProperties + 607
https://bugs.webkit.org/show_bug.cgi?id=160983
<rdar://problem/26768524>
Reviewed by Brent Fulgham.
Update DOMWindow::frameDestroyed() to ref the window object as the crash
traces seem to indicate it can get destroyed during the execution of this
method. Also update the code in the ~Frame destructor to not iterate over
the list of FrameDestructionObservers because observers remove themselves
from the list when they get destroyed.
No new tests, do not know how to reproduce.
* page/DOMWindow.cpp:
(WebCore::DOMWindow::frameDestroyed):
* page/Frame.cpp:
(WebCore::Frame::~Frame):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog (204800 => 204801)
--- releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-08-23 10:56:04 UTC (rev 204800)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-08-23 10:58:06 UTC (rev 204801)
@@ -1,3 +1,24 @@
+2016-08-19 Chris Dumez <[email protected]>
+
+ DumpRenderTree crashed in com.apple.WebCore: WebCore::DOMWindow::resetDOMWindowProperties + 607
+ https://bugs.webkit.org/show_bug.cgi?id=160983
+ <rdar://problem/26768524>
+
+ Reviewed by Brent Fulgham.
+
+ Update DOMWindow::frameDestroyed() to ref the window object as the crash
+ traces seem to indicate it can get destroyed during the execution of this
+ method. Also update the code in the ~Frame destructor to not iterate over
+ the list of FrameDestructionObservers because observers remove themselves
+ from the list when they get destroyed.
+
+ No new tests, do not know how to reproduce.
+
+ * page/DOMWindow.cpp:
+ (WebCore::DOMWindow::frameDestroyed):
+ * page/Frame.cpp:
+ (WebCore::Frame::~Frame):
+
2016-08-05 Simon Fraser <[email protected]>
marquee with "truespeed" animates at > 60fps, hogging CPU
Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/page/DOMWindow.cpp (204800 => 204801)
--- releases/WebKitGTK/webkit-2.12/Source/WebCore/page/DOMWindow.cpp 2016-08-23 10:56:04 UTC (rev 204800)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/page/DOMWindow.cpp 2016-08-23 10:58:06 UTC (rev 204801)
@@ -477,6 +477,8 @@
void DOMWindow::frameDestroyed()
{
+ Ref<DOMWindow> protectedThis(*this);
+
willDestroyDocumentInFrame();
FrameDestructionObserver::frameDestroyed();
resetDOMWindowProperties();
Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/page/Frame.cpp (204800 => 204801)
--- releases/WebKitGTK/webkit-2.12/Source/WebCore/page/Frame.cpp 2016-08-23 10:56:04 UTC (rev 204800)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/page/Frame.cpp 2016-08-23 10:58:06 UTC (rev 204801)
@@ -217,8 +217,8 @@
disconnectOwnerElement();
- for (auto& observer : m_destructionObservers)
- observer->frameDestroyed();
+ while (auto* destructionObserver = m_destructionObservers.takeAny())
+ destructionObserver->frameDestroyed();
if (!isMainFrame())
m_mainFrame.selfOnlyDeref();
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
