CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::HTMLPlugInIma...
authordino@apple.com <dino@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Feb 2018 19:34:35 +0000 (19:34 +0000)
committerdino@apple.com <dino@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Feb 2018 19:34:35 +0000 (19:34 +0000)
commitddc7cdbcc6b24fd50ecc0a49e4f4558c74c20909
tree2db8d5264f604f8575f763a629cc08938ff45d95
parentc60d17bbc4846d1af1e55760b9598310705aa164
CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot + 618
https://bugs.webkit.org/show_bug.cgi?id=182798
<rdar://problem/23337253>

Reviewed by Eric Carlson.

Speculative fix for a crash in HTMLPlugInImageElement::didAddUserAgentShadowRoot.
The guess is that the m_swapRendererTimer is set, and the display state changes to
something that does not require a shadow root, but before the timer fires.
Fix this by ensuring that the timer is reset on every display state change.

* html/HTMLPlugInElement.cpp:
(WebCore::HTMLPlugInElement::setDisplayState): Guard for sets that wouldn't
actually change value, and make sure we always reset the timer.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@228476 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/html/HTMLPlugInElement.cpp