Occasional crashes in commitTransientZoom's transaction completion block
authortimothy_horton@apple.com <timothy_horton@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 27 Aug 2014 23:00:55 +0000 (23:00 +0000)
committertimothy_horton@apple.com <timothy_horton@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 27 Aug 2014 23:00:55 +0000 (23:00 +0000)
https://bugs.webkit.org/show_bug.cgi?id=136309
<rdar://problem/17215064>

Reviewed by Dan Bernstein.

* WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:
(WebKit::TiledCoreAnimationDrawingArea::commitTransientZoom):
Hold a reference to zoomLayer and the WebPage. It's possible that either
of these things could have gone away by the time the transaction is committed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@173029 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm

index 0ba4c69b4867227d368883954b7086b2dc2cee1f..d80cfb59530ca4402818b2a196d29030b061b1ef 100644 (file)
@@ -1,3 +1,16 @@
+2014-08-27  Tim Horton  <timothy_horton@apple.com>
+
+        Occasional crashes in commitTransientZoom's transaction completion block
+        https://bugs.webkit.org/show_bug.cgi?id=136309
+        <rdar://problem/17215064>
+
+        Reviewed by Dan Bernstein.
+
+        * WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:
+        (WebKit::TiledCoreAnimationDrawingArea::commitTransientZoom):
+        Hold a reference to zoomLayer and the WebPage. It's possible that either
+        of these things could have gone away by the time the transaction is committed.
+
 2014-08-27  Benjamin Poulain  <bpoulain@apple.com>
 
         [iOS WK2] Provide a delegate callback to skip Geolocation authorization per page for WebApp
index 5ed3ea9cee2bf580c747d0521b87ab3a87098494..4f610363a9a454d66281049793ac354a7f76e1ae 100644 (file)
@@ -637,14 +637,17 @@ void TiledCoreAnimationDrawingArea::commitTransientZoom(double scale, FloatPoint
     if (PlatformCALayer* shadowLayer = shadowLayerForTransientZoom())
         shadowCALayer = shadowLayer->platformLayer();
 
-    PlatformCALayer* zoomLayer = layerForTransientZoom();
+    RefPtr<PlatformCALayer> zoomLayer = layerForTransientZoom();
+    RefPtr<WebPage> page = &m_webPage;
 
     [CATransaction begin];
-    [CATransaction setCompletionBlock:^(void) {
+    [CATransaction setCompletionBlock:[zoomLayer, shadowCALayer, page, scale, origin] () {
         zoomLayer->removeAnimationForKey("transientZoomCommit");
         if (shadowCALayer)
             [shadowCALayer removeAllAnimations];
-        applyTransientZoomToPage(scale, origin);
+
+        if (TiledCoreAnimationDrawingArea* drawingArea = static_cast<TiledCoreAnimationDrawingArea*>(page->drawingArea()))
+            drawingArea->applyTransientZoomToPage(scale, origin);
     }];
 
     zoomLayer->addAnimationForKey("transientZoomCommit", renderViewAnimation.get());