Image should clear its ImageObserver* when CachedImage releases the last reference...
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 10 Jun 2017 02:51:05 +0000 (02:51 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 10 Jun 2017 02:51:05 +0000 (02:51 +0000)
commit3d3cb676221be29b8952d5272b72949cbbc99004
tree1551495eeea01517b8405b6d0229bd727dc7488f
parent342996d939f4e15b58ec02ff58cafb0b6ac8bb06
Image should clear its ImageObserver* when CachedImage releases the last reference to its RefCounted<ImageObserver>
https://bugs.webkit.org/show_bug.cgi?id=173077

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2017-06-09
Reviewed by Simon Fraser.

Before dereferencing ImageObserver, CachedImage::clearImage() should check
whether it is the only object that holds a reference to this ImageObserver.
And if this is true, m_image have to clear its raw pointer to the deleted
ImageObserver by calling m_image->setImageObserver(nullptr).

* loader/cache/CachedImage.cpp:
(WebCore::CachedImage::setBodyDataFrom):
(WebCore::CachedImage::CachedImageObserver::CachedImageObserver):
(WebCore::CachedImage::clearImage):
* loader/cache/CachedImage.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@218038 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/loader/cache/CachedImage.cpp
Source/WebCore/loader/cache/CachedImage.h