Avoid race condition when iterating over pending resources
[WebKit-https.git] / Source / WebCore / ChangeLog
index e50c6237ea49406fa4586738ab75bb05c7a22b46..bf2bef2d941da65933f86205d38dae06e37edece 100644 (file)
@@ -1,3 +1,39 @@
+2012-03-25  Philip Rogers  <pdr@google.com>
+
+        Avoid race condition when iterating over pending resources
+        https://bugs.webkit.org/show_bug.cgi?id=82115
+
+        Reviewed by Nikolas Zimmermann.
+
+        We can hit a race condition in SVGStyledElement::buildPendingResourcesIfNeeded
+        where pending elements can become non-pending while we iterate over them.
+
+        This patch cleans up buildPendingResourcesIfNeeded and re-works how pending
+        resources are removed. Because pending resources can be modified while
+        iterating over them, we introduce m_pendingResourcesForRemoval that
+        holds pending resources that are marked for removal. Instead of iterating
+        over this list we simply remove each pending resource from
+        m_pendingResourcesForRemoval; if a pending resource is modified or removed
+        during the processing of another pending resource this list is updated before
+        the next element can be accessed.
+
+        This change also removes removePendingResourceForElement which is no longer
+        referenced.
+
+        Test: http/tests/svg/change-id-with-pending-resources.html
+
+        * svg/SVGDocumentExtensions.cpp:
+        (WebCore::SVGDocumentExtensions::~SVGDocumentExtensions):
+        (WebCore::SVGDocumentExtensions::removeElementFromPendingResources):
+        (WebCore::SVGDocumentExtensions::removePendingResourceForRemoval):
+        (WebCore):
+        (WebCore::SVGDocumentExtensions::markPendingResourcesForRemoval):
+        (WebCore::SVGDocumentExtensions::removeElementFromPendingResourcesForRemoval):
+        * svg/SVGDocumentExtensions.h:
+        (SVGDocumentExtensions):
+        * svg/SVGStyledElement.cpp:
+        (WebCore::SVGStyledElement::buildPendingResourcesIfNeeded):
+
 2012-03-25  Arvid Nilsson  <anilsson@rim.com>
 
         [BlackBerry] Accelerated compositing layers fail to render when using WebPageCompositor