Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 28bd6e3983d38c89aab9ce30480c59c817136d42
https://github.com/WebKit/WebKit/commit/28bd6e3983d38c89aab9ce30480c59c817136d42
Author: Jean Haberer <[email protected]>
Date: 2026-04-21 (Tue, 21 Apr 2026)
Changed paths:
M Source/WebCore/Modules/model-element/HTMLModelElement.cpp
M Source/WebCore/Modules/model-element/HTMLModelElement.h
M Source/WebCore/dom/DocumentImmersive.cpp
M Source/WebCore/dom/DocumentImmersive.h
Log Message:
-----------
Fix immersive state consistency during rapid request/exit cycles
https://bugs.webkit.org/show_bug.cgi?id=312882
rdar://175242589
Reviewed by Mike Wyrzykowski.
Some race conditions caused m_detachedForImmersive, m_immersiveElement,
and the :immersive pseudo-class to desynchronize from the client's immersive
presentation state during rapid requestImmersive/exitImmersive cycles.
Reject duplicate requestImmersive calls for the same element directly instead
of going through handleImmersiveError, which would clear
m_pendingImmersiveElement
and m_activeRequest for the in-flight request. Reject duplicate exitImmersive
calls
when an exit is already in flight to prevent parallel exit flows from racing.
Defer ensureImmersivePresentation behind a pending exit to avoid conflicting
model player IPCs that invalidate the immersive context. Guard
exitImmersivePresentation's async callback with a generation counter to prevent
stale exit callbacks from resetting m_detachedForImmersive after a new request
re-armed it. Skip old element cleanup in presentImmersiveElement when old and
new elements are the same.
Also fix a pre-existing crash in decrementModelElementCount when
willDetachRenderers is called on a model element whose parent was display:none,
meaning didAttachRenderers was never called and the count was never incremented.
* Source/WebCore/Modules/model-element/HTMLModelElement.cpp:
(WebCore::HTMLModelElement::didAttachRenderers):
Track whether the model element count was incremented so willDetachRenderers
can skip the decrement.
(WebCore::HTMLModelElement::willDetachRenderers):
Only decrement if didAttachRenderers actually incremented, preventing a
negative count crash when
the element's parent was display:none.
(WebCore::HTMLModelElement::supportsStageModeInteraction const):
Return false when detached for immersive to prevent stage mode interaction
during immersive transitions.
(WebCore::HTMLModelElement::exitImmersivePresentation):
Capture m_immersiveDetachGeneration before the async IPC and only reset
m_detachedForImmersive if the generation still matches.
(WebCore::HTMLModelElement::setDetachedForImmersive):
Increment the generation counter when entering the detached state.
* Source/WebCore/Modules/model-element/HTMLModelElement.h:
* Source/WebCore/dom/DocumentImmersive.cpp:
(WebCore::DocumentImmersive::requestImmersive):
Resolve immediately if already immersive with no exit pending. Reject duplicate
same-element requests directly without going through handleImmersiveError to
avoid clearing in-flight request state.
(WebCore::DocumentImmersive::exitImmersive):
Reject if an exit is already in flight, cancelling any active request and
releasing any deferred request handler. Reset m_pendingExitImmersive before
firing
the deferred request handler so it sees correct state.
(WebCore::DocumentImmersive::releaseDeferredRequest):
Extracted helper to fire and clear m_deferredRequestHandler.
(WebCore::DocumentImmersive::createModelPlayerForImmersive):
Defer the entire model player setup behind a pending exit to avoid sending
conflicting
ensureImmersivePresentation/exitImmersivePresentation IPCs on the same model
player.
(WebCore::DocumentImmersive::presentImmersiveElement):
Skip old element cleanup when old and new elements are the same to avoid tearing
down state that was just set up.
(WebCore::DocumentImmersive::clear):
* Source/WebCore/dom/DocumentImmersive.h:
Canonical link: https://commits.webkit.org/311684@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
