Use after free in WebCore::DisplayRefreshMonitorClient::fireDisplayRefreshIfNeeded
authordino@apple.com <dino@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 11 Oct 2013 09:43:56 +0000 (09:43 +0000)
committerdino@apple.com <dino@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 11 Oct 2013 09:43:56 +0000 (09:43 +0000)
commitde9834398886daa1f6badaf0933683f51260150b
tree94b55da41e8071ccda0887d859e1452a40083164
parentc29334fd78bedb0132e9fcfc8220d0c39dee040c
Use after free in WebCore::DisplayRefreshMonitorClient::fireDisplayRefreshIfNeeded
http://webkit.org/b/121033

Reviewed by Darin Adler.

Source/WebCore:

Add an ASSERT to detect if an animation client will be removed
during the callback dispatch.

Test: fast/animation/request-animation-frame-remove-client.html

* platform/graphics/DisplayRefreshMonitor.cpp:
(WebCore::DisplayRefreshMonitor::displayDidRefresh):

LayoutTests:

Test that assertion fires if you try to remove potential client while in a
animation dispatch.

* TestExpectations: Mark test as crashing.
* fast/animation/request-animation-frame-remove-client-expected.txt: Added.
* fast/animation/request-animation-frame-remove-client.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@157298 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/TestExpectations
LayoutTests/fast/animation/request-animation-frame-remove-client-expected.txt [new file with mode: 0644]
LayoutTests/fast/animation/request-animation-frame-remove-client.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/platform/graphics/DisplayRefreshMonitor.cpp