RESOLVED FIXED 147124
Fix crash due to RemoteLayerTreeDisplayRefreshMonitor outliving RemoteLayerTreeDrawingArea 
https://bugs.webkit.org/show_bug.cgi?id=147124
Summary Fix crash due to RemoteLayerTreeDisplayRefreshMonitor outliving RemoteLayerTr...
Wenson Hsieh
Reported 2015-07-20 14:56:18 PDT
On occasion, a RemoteLayerTreeDrawingArea may be outlived by one or more of its RemoteLayerTreeDisplayRefreshMonitors. Upon destruction of the RemoteLayerTreeDisplayRefreshMonitor, this may cause the monitor to access a method of its drawing area, which has been deallocated. This results in a crash.
Attachments
Patch (6.46 KB, patch)
2015-07-20 15:35 PDT, Wenson Hsieh 		no flags
DetailsFormatted DiffDiff
Patch (5.67 KB, patch)
2015-07-20 16:02 PDT, Wenson Hsieh 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Wenson Hsieh
Comment 1 2015-07-20 15:26:45 PDT
<rdar://problem/21582858>
Wenson Hsieh
Comment 2 2015-07-20 15:35:04 PDT
Created attachment 257135 [details] Patch
Simon Fraser (smfr)
Comment 3 2015-07-20 15:44:38 PDT
Comment on attachment 257135 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=257135&action=review > Source/WebKit2/WebProcess/WebPage/Cocoa/RemoteLayerTreeDisplayRefreshMonitor.mm:78 > +void RemoteLayerTreeDisplayRefreshMonitor::clearDrawingArea() > +{ > + m_drawingArea = nullptr; > +} You don't need this. The WeakPtr does this for you. > Source/WebKit2/WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:95 > + for (RemoteLayerTreeDisplayRefreshMonitor* monitor : m_displayRefreshMonitors) > + monitor->clearDrawingArea(); This is not needed.
Wenson Hsieh
Comment 4 2015-07-20 16:00:59 PDT
Comment on attachment 257135 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=257135&action=review >> Source/WebKit2/WebProcess/WebPage/Cocoa/RemoteLayerTreeDisplayRefreshMonitor.mm:78 >> +} > > You don't need this. The WeakPtr does this for you. Fixed! >> Source/WebKit2/WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:95 >> + monitor->clearDrawingArea(); > > This is not needed. Got it -- fixed!
Wenson Hsieh
Comment 5 2015-07-20 16:02:14 PDT
Created attachment 257139 [details] Patch
Wenson Hsieh
Comment 6 2015-07-20 16:35:07 PDT
From the ChangeLog: logically, a RemoteLayerTreeDrawingArea should always outlive its refresh monitors. Refer to https://bugs.webkit.org/show_bug.cgi?id=147128 for more details.
WebKit Commit Bot
Comment 7 2015-07-20 17:24:23 PDT
Comment on attachment 257139 [details] Patch Clearing flags on attachment: 257139 Committed r187050: <http://trac.webkit.org/changeset/187050>
WebKit Commit Bot
Comment 8 2015-07-20 17:24:26 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.