Crash under RemoteLayerTreeDrawingArea::flushLayers() when closing a tab
authortimothy_horton@apple.com <timothy_horton@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 13 Feb 2015 00:49:59 +0000 (00:49 +0000)
committertimothy_horton@apple.com <timothy_horton@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 13 Feb 2015 00:49:59 +0000 (00:49 +0000)
https://bugs.webkit.org/show_bug.cgi?id=141541

Reviewed by Benjamin Poulain.

* WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:
(WebKit::RemoteLayerTreeDrawingArea::flushLayers):
The WebPage pointer can become stale between when it is retrieved
and dereferenced. Retrieve it by ID inside the dispatch_async block
instead of outside of it.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@180022 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm

index 6a2799968e7a974c92189f4cdf1029efc07d40f2..512502539433f8076b904c1280a7978b2215594f 100644 (file)
@@ -1,3 +1,16 @@
+2015-02-12  Tim Horton  <timothy_horton@apple.com>
+
+        Crash under RemoteLayerTreeDrawingArea::flushLayers() when closing a tab
+        https://bugs.webkit.org/show_bug.cgi?id=141541
+
+        Reviewed by Benjamin Poulain.
+
+        * WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:
+        (WebKit::RemoteLayerTreeDrawingArea::flushLayers):
+        The WebPage pointer can become stale between when it is retrieved
+        and dereferenced. Retrieve it by ID inside the dispatch_async block
+        instead of outside of it.
+
 2015-02-12  Antti Koivisto  <antti@apple.com>
 
         WebKit persistent cache uses a lot of threads
index a754907fa9407fe2a4e2a2fab0d14e18c49e5d11..5e972ac7d945f356959d6ecdf11963adf49ca1db 100644 (file)
@@ -400,12 +400,11 @@ void RemoteLayerTreeDrawingArea::flushLayers()
     dispatch_async(m_commitQueue, [backingStoreFlusher, pageID] {
         backingStoreFlusher->flush();
 
-        if (WebPage *webPage = WebProcess::singleton().webPage(pageID)) {
-            std::chrono::milliseconds timestamp = std::chrono::milliseconds(static_cast<std::chrono::milliseconds::rep>(monotonicallyIncreasingTime() * 1000));
-            dispatch_async(dispatch_get_main_queue(), ^{
+        std::chrono::milliseconds timestamp = std::chrono::milliseconds(static_cast<std::chrono::milliseconds::rep>(monotonicallyIncreasingTime() * 1000));
+        dispatch_async(dispatch_get_main_queue(), [pageID, timestamp] {
+            if (WebPage* webPage = WebProcess::singleton().webPage(pageID))
                 webPage->didFlushLayerTreeAtTime(timestamp);
-            });
-        }
+        });
     });
 }