RESOLVED FIXED 104832
[BlackBerry] Ensure InRegionScrollableArea is valid before using. 
https://bugs.webkit.org/show_bug.cgi?id=104832
Summary [BlackBerry] Ensure InRegionScrollableArea is valid before using.
Mike Lattanzio
Reported 2012-12-12 12:10:37 PST
Make sure we still have a RefPtr to pointer before using it. Otherwise it might have been deleted.
Attachments
Patch (7.00 KB, patch)
2012-12-12 12:13 PST, Mike Lattanzio 		no flags
DetailsFormatted DiffDiff
Patch (7.02 KB, patch)
2012-12-12 14:14 PST, Mike Lattanzio 		no flags
DetailsFormatted DiffDiff
Patch (7.02 KB, patch)
2012-12-12 14:53 PST, Mike Lattanzio 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Mike Lattanzio
Comment 1 2012-12-12 12:13:59 PST
Created attachment 179099 [details] Patch
Antonio Gomes
Comment 2 2012-12-12 13:31:01 PST
Comment on attachment 179099 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=179099&action=review > Source/WebKit/blackberry/Api/InRegionScroller.cpp:420 > +bool InRegionScrollerPrivate::isValidScrollableLayerWebKitThread(WebCore::LayerWebKitThread* layerWebKitThread) const > Source/WebKit/blackberry/Api/InRegionScroller.cpp:432 > +bool InRegionScrollerPrivate::isValidScrollableNode(WebCore::Node* node) const > Source/WebKit/blackberry/Api/InRegionScroller.cpp:437 > + for (unsigned i = 0; i < m_activeInRegionScrollableAreas.size(); i++) IIRC calculateActiveAndShrinkCachedScrollableAreas shrink this vector. Does it need to be a for loop?
Mike Lattanzio
Comment 3 2012-12-12 13:48:01 PST
(In reply to comment #2) > (From update of attachment 179099 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=179099&action=review > > > Source/WebKit/blackberry/Api/InRegionScroller.cpp:420 > > +bool InRegionScrollerPrivate::isValidScrollableLayerWebKitThread(WebCore::LayerWebKitThread* layerWebKitThread) > > const > > > Source/WebKit/blackberry/Api/InRegionScroller.cpp:432 > > +bool InRegionScrollerPrivate::isValidScrollableNode(WebCore::Node* node) > > const > Fixing those. Good eye. > > Source/WebKit/blackberry/Api/InRegionScroller.cpp:437 > > + for (unsigned i = 0; i < m_activeInRegionScrollableAreas.size(); i++) > > IIRC calculateActiveAndShrinkCachedScrollableAreas shrink this vector. Does it need to be a for loop? I think so. That shrinking is performed after we cast and use the layer, but we need to know if the layer still exists first.
Mike Lattanzio
Comment 4 2012-12-12 14:14:51 PST
Created attachment 179123 [details] Patch
Antonio Gomes
Comment 5 2012-12-12 14:29:47 PST
Comment on attachment 179123 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=179123&action=review Please reupload with "Reviewed by antonio Gomes" and just request cq to land it. r+, some nits though. > Source/WebKit/blackberry/Api/InRegionScroller.cpp:420 > +bool InRegionScrollerPrivate::isValidScrollableLayerWebKitThread(WebCore::LayerWebKitThread* layerWebKitThread) const WebCore:: is needed? > Source/WebKit/blackberry/Api/InRegionScroller.cpp:428 > + for (unsigned i = 0; i < m_activeInRegionScrollableAreas.size(); i++) > + if (static_cast<InRegionScrollableArea*>(m_activeInRegionScrollableAreas[i])->cachedScrollableLayer() == layerWebKitThread) > + return true; > + for need {} ++i is preferred. > Source/WebKit/blackberry/Api/InRegionScroller.cpp:432 > +bool InRegionScrollerPrivate::isValidScrollableNode(WebCore::Node* node) const WebCore is needed? > Source/WebKit/blackberry/Api/InRegionScroller.cpp:439 > + for (unsigned i = 0; i < m_activeInRegionScrollableAreas.size(); i++) > + if (static_cast<InRegionScrollableArea*>(m_activeInRegionScrollableAreas[i])->cachedScrollableNode() == node) > + return true; ditto ++i is preferred.
Mike Lattanzio
Comment 6 2012-12-12 14:53:45 PST
Created attachment 179130 [details] Patch
Rob Buis
Comment 7 2012-12-12 15:48:57 PST
Comment on attachment 179130 [details] Patch LGTM.
WebKit Review Bot
Comment 8 2012-12-12 16:14:55 PST
Comment on attachment 179130 [details] Patch Clearing flags on attachment: 179130 Committed r137532: <http://trac.webkit.org/changeset/137532>
WebKit Review Bot
Comment 9 2012-12-12 16:14:59 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.