Title: [167989] releases/WebKitGTK/webkit-2.2/Source/WebKit2
Revision
167989
Author
carlo...@webkit.org
Date
2014-04-30 01:23:32 -0700 (Wed, 30 Apr 2014)

Log Message

Merge r167883 - [GTK] Crash in debug build with removing windowed plugin child widgets from the view
https://bugs.webkit.org/show_bug.cgi?id=132252

Reviewed by Philippe Normand.

It crashes due to an assert in HashTable that checks the iterators
validity. The problem is that we are iterating the children map
and the callback called on every iteration might modify the map,
making the iterators invalid. This happens when the WebView is
destroyed, GtkContainer calls gtk_container_foreach() with
gtk_widget_destroy as callback. When a widget inside a container
is destroyed, it's removed from the container, and in our case,
the child widget is removed from the map. This fixes several
crashes when running layout tests in debug bot.

* UIProcess/API/gtk/WebKitWebViewBase.cpp:
(webkitWebViewBaseContainerForall): Use copyKeysToVector() instead
of using a range iterator for the map keys and check in every
iteration that the child widget from the keys vector is still
present in the map before calling the callback.

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.2/Source/WebKit2/ChangeLog (167988 => 167989)


--- releases/WebKitGTK/webkit-2.2/Source/WebKit2/ChangeLog	2014-04-30 08:23:00 UTC (rev 167988)
+++ releases/WebKitGTK/webkit-2.2/Source/WebKit2/ChangeLog	2014-04-30 08:23:32 UTC (rev 167989)
@@ -1,3 +1,26 @@
+2014-04-28  Carlos Garcia Campos  <cgar...@igalia.com>
+
+        [GTK] Crash in debug build with removing windowed plugin child widgets from the view
+        https://bugs.webkit.org/show_bug.cgi?id=132252
+
+        Reviewed by Philippe Normand.
+
+        It crashes due to an assert in HashTable that checks the iterators
+        validity. The problem is that we are iterating the children map
+        and the callback called on every iteration might modify the map,
+        making the iterators invalid. This happens when the WebView is
+        destroyed, GtkContainer calls gtk_container_foreach() with
+        gtk_widget_destroy as callback. When a widget inside a container
+        is destroyed, it's removed from the container, and in our case,
+        the child widget is removed from the map. This fixes several
+        crashes when running layout tests in debug bot.
+
+        * UIProcess/API/gtk/WebKitWebViewBase.cpp:
+        (webkitWebViewBaseContainerForall): Use copyKeysToVector() instead
+        of using a range iterator for the map keys and check in every
+        iteration that the child widget from the keys vector is still
+        present in the map before calling the callback.
+
 2014-04-01  Zan Dobersek  <zdober...@igalia.com>
 
         [GTK] Don't copy the ResourceResponse object in webkitWebViewDecidePolicy

Modified: releases/WebKitGTK/webkit-2.2/Source/WebKit2/UIProcess/API/gtk/WebKitWebViewBase.cpp (167988 => 167989)


--- releases/WebKitGTK/webkit-2.2/Source/WebKit2/UIProcess/API/gtk/WebKitWebViewBase.cpp	2014-04-30 08:23:00 UTC (rev 167988)
+++ releases/WebKitGTK/webkit-2.2/Source/WebKit2/UIProcess/API/gtk/WebKitWebViewBase.cpp	2014-04-30 08:23:32 UTC (rev 167989)
@@ -326,10 +326,12 @@
     WebKitWebViewBase* webView = WEBKIT_WEB_VIEW_BASE(container);
     WebKitWebViewBasePrivate* priv = webView->priv;
 
-    WebKitWebViewChildrenMap children = priv->children;
-    WebKitWebViewChildrenMap::const_iterator end = children.end();
-    for (WebKitWebViewChildrenMap::const_iterator current = children.begin(); current != end; ++current)
-        (*callback)(current->key, callbackData);
+    Vector<GtkWidget*> children;
+    copyKeysToVector(priv->children, children);
+    for (const auto& child : children) {
+        if (priv->children.contains(child))
+            (*callback)(child, callbackData);
+    }
 
     if (includeInternals && priv->inspectorView)
         (*callback)(priv->inspectorView, callbackData);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to