On occasion, a RemoteLayerTreeDrawingArea may be outlived by one or more of its RemoteLayerTreeDisplayRefreshMonitors. Upon destruction of the RemoteLayerTreeDisplayRefreshMonitor, this may cause the monitor to access a method of its drawing area, which has been deallocated. This results in a crash.
<rdar://problem/21582858>
Created attachment 257135 [details] Patch
Comment on attachment 257135 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=257135&action=review > Source/WebKit2/WebProcess/WebPage/Cocoa/RemoteLayerTreeDisplayRefreshMonitor.mm:78 > +void RemoteLayerTreeDisplayRefreshMonitor::clearDrawingArea() > +{ > + m_drawingArea = nullptr; > +} You don't need this. The WeakPtr does this for you. > Source/WebKit2/WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:95 > + for (RemoteLayerTreeDisplayRefreshMonitor* monitor : m_displayRefreshMonitors) > + monitor->clearDrawingArea(); This is not needed.
Comment on attachment 257135 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=257135&action=review >> Source/WebKit2/WebProcess/WebPage/Cocoa/RemoteLayerTreeDisplayRefreshMonitor.mm:78 >> +} > > You don't need this. The WeakPtr does this for you. Fixed! >> Source/WebKit2/WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:95 >> + monitor->clearDrawingArea(); > > This is not needed. Got it -- fixed!
Created attachment 257139 [details] Patch
From the ChangeLog: logically, a RemoteLayerTreeDrawingArea should always outlive its refresh monitors. Refer to https://bugs.webkit.org/show_bug.cgi?id=147128 for more details.
Comment on attachment 257139 [details] Patch Clearing flags on attachment: 257139 Committed r187050: <http://trac.webkit.org/changeset/187050>
All reviewed patches have been landed. Closing bug.