RESOLVED FIXED 113430
[wk2] REGRESSION (r125500): WebFrameLoaderClient's active m_pluginView can be zeroed by PluginDocuments leaving the page cache 
https://bugs.webkit.org/show_bug.cgi?id=113430
Summary [wk2] REGRESSION (r125500): WebFrameLoaderClient's active m_pluginView can be...
Tim Horton
Reported 2013-03-27 11:43:09 PDT
http://trac.webkit.org/changeset/125500 made a change that purported to be Chromium only (it even had a [chromium] tag!) but actually changed the behavior for WebKit2 as well: It now zeroes the FrameLoaderClient's redirecting-PluginView in PluginDocument::detach(), which can happen *way later* in the case that the PluginDocument went into the page cache, clearing a legitimate-and-different PluginView from (Web)FrameLoaderClient. This change also made sure not to change behavior for other ports, ignoring the new redirectDataToPlugin(0) case, but missed WebKit2 (possibly intentionally because m_pluginView is a RefPtr for WK2 and not for most other non-Chromium ports). We already clear the m_pluginView RefPtr when the load finishes or fails, so I think we can safely early-return in the redirectDataToPlugin(0) case just like all the other ports, returning to our behavior before r125500. <rdar://problem/12729564>
Attachments
patch (2.18 KB, patch)
2013-03-27 11:47 PDT, Tim Horton 		beidson: review+
DetailsFormatted DiffDiff
patch (1.57 KB, patch)
2013-03-28 14:13 PDT, Tim Horton 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Tim Horton
Comment 1 2013-03-27 11:47:53 PDT
Created attachment 195369 [details] patch
Brady Eidson
Comment 2 2013-03-28 12:02:19 PDT
Comment on attachment 195369 [details] patch Sloppy patch originally :( Fix seems reasonable.
Tim Horton
Comment 3 2013-03-28 13:22:54 PDT
http://trac.webkit.org/changeset/147152
Darin Adler
Comment 4 2013-03-28 14:02:24 PDT
Comment on attachment 195369 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=195369&action=review > Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:1350 > - m_pluginView = static_cast<PluginView*>(pluginWidget); > + if (m_pluginView) > + m_pluginView = static_cast<PluginView*>(pluginWidget); I think you mean: if (pluginWidget) not if (m_pluginView)
Tim Horton
Comment 5 2013-03-28 14:04:06 PDT
(In reply to comment #4) > (From update of attachment 195369 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=195369&action=review > > > Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:1350 > > - m_pluginView = static_cast<PluginView*>(pluginWidget); > > + if (m_pluginView) > > + m_pluginView = static_cast<PluginView*>(pluginWidget); > > I think you mean: > > if (pluginWidget) > > not > > if (m_pluginView) Woah, you're right. How I manage to screw up one line patches I'll never know.
Brady Eidson
Comment 6 2013-03-28 14:08:44 PDT
And me too :(
Tim Horton
Comment 7 2013-03-28 14:12:30 PDT
Reopening for correct fix.
Tim Horton
Comment 8 2013-03-28 14:13:24 PDT
Created attachment 195638 [details] patch
Tim Horton
Comment 9 2013-03-28 15:06:27 PDT
(In reply to comment #8) > Created an attachment (id=195638) [details] > patch http://trac.webkit.org/changeset/147168
Note You need to log in before you can comment on or make changes to this bug.