Title: [256017] trunk/Source/WebCore
- Revision
- 256017
- Author
- grao...@webkit.org
- Date
- 2020-02-07 04:53:59 -0800 (Fri, 07 Feb 2020)
Log Message
REGRESSION (r255953): [ iOS Mac ] imported/w3c/web-platform-tests/web-animations/timing-model/timelines/update-and-send-events.html is crashing
https://bugs.webkit.org/show_bug.cgi?id=207342
<rdar://problem/59227960>
Reviewed by Youenn Fablet.
DocumentTimeline::detachFromDocument() may remove the last reference to WebAnimation objects that may, in return, remove the last reference of this
DocumentTimeline. As such, this method should make a strong reference to itself for the span of this method. However, we should not be calling it
from the destructor where the only thing matters is removing the weak reference from the Document to the DocumentTimeline.
* animation/DocumentTimeline.cpp:
(WebCore::DocumentTimeline::~DocumentTimeline):
(WebCore::DocumentTimeline::detachFromDocument):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (256016 => 256017)
--- trunk/Source/WebCore/ChangeLog 2020-02-07 10:42:37 UTC (rev 256016)
+++ trunk/Source/WebCore/ChangeLog 2020-02-07 12:53:59 UTC (rev 256017)
@@ -1,3 +1,19 @@
+2020-02-07 Antoine Quint <grao...@webkit.org>
+
+ REGRESSION (r255953): [ iOS Mac ] imported/w3c/web-platform-tests/web-animations/timing-model/timelines/update-and-send-events.html is crashing
+ https://bugs.webkit.org/show_bug.cgi?id=207342
+ <rdar://problem/59227960>
+
+ Reviewed by Youenn Fablet.
+
+ DocumentTimeline::detachFromDocument() may remove the last reference to WebAnimation objects that may, in return, remove the last reference of this
+ DocumentTimeline. As such, this method should make a strong reference to itself for the span of this method. However, we should not be calling it
+ from the destructor where the only thing matters is removing the weak reference from the Document to the DocumentTimeline.
+
+ * animation/DocumentTimeline.cpp:
+ (WebCore::DocumentTimeline::~DocumentTimeline):
+ (WebCore::DocumentTimeline::detachFromDocument):
+
2020-02-07 youenn fablet <you...@apple.com>
Mandate UUID version 4 for mDNS ICE candidates
Modified: trunk/Source/WebCore/animation/DocumentTimeline.cpp (256016 => 256017)
--- trunk/Source/WebCore/animation/DocumentTimeline.cpp 2020-02-07 10:42:37 UTC (rev 256016)
+++ trunk/Source/WebCore/animation/DocumentTimeline.cpp 2020-02-07 12:53:59 UTC (rev 256017)
@@ -75,11 +75,13 @@
DocumentTimeline::~DocumentTimeline()
{
- detachFromDocument();
+ if (m_document)
+ m_document->removeTimeline(*this);
}
void DocumentTimeline::detachFromDocument()
{
+ Ref<DocumentTimeline> protectedThis(*this);
if (m_document)
m_document->removeTimeline(*this);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
