Move RenderEmbeddedObject::isReplacementObscured to HTMLPlugInElement
authorzalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 29 Jun 2017 03:54:05 +0000 (03:54 +0000)
committerzalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 29 Jun 2017 03:54:05 +0000 (03:54 +0000)
commitdfb4336d1acabe33651324d2302bb5caea64ba4b
tree4e1a9fcffa331b2c6762ad20faefd94cab5def3a
parent1f81ab26a997040ec41a8097c9ddbfe404589f8e
Move RenderEmbeddedObject::isReplacementObscured to HTMLPlugInElement
https://bugs.webkit.org/show_bug.cgi?id=173802
<rdar://problem/32884389>

Reviewed by Simon Fraser.

Source/WebCore:

Hittesting could potentially destroy "this" renderer so calling it inside RenderEmbeddedObject
could leave the caller with a stale pointer.
This patch protects the plugin element from getting destroyed and checks if the renderer got
deleted during the hittest to avoid nullptr dereference.

Speculative fix.

* html/HTMLPlugInElement.cpp:
(WebCore::HTMLPlugInElement::isReplacementObscured):
* html/HTMLPlugInElement.h:
* rendering/RenderEmbeddedObject.cpp:
(WebCore::RenderEmbeddedObject::isReplacementObscured): Deleted.
* rendering/RenderEmbeddedObject.h:
* testing/Internals.cpp:
(WebCore::Internals::isPluginUnavailabilityIndicatorObscured):

Source/WebKit2:

* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::createPlugin):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@218913 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/html/HTMLPlugInElement.cpp
Source/WebCore/html/HTMLPlugInElement.h
Source/WebCore/rendering/RenderEmbeddedObject.cpp
Source/WebCore/rendering/RenderEmbeddedObject.h
Source/WebCore/testing/Internals.cpp
Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/WebPage/WebPage.cpp