[webkit-changes] [WebKit/WebKit] 574c38: Cherry-pick 252432.841 at safari-7614-branch (a47510d...
Chris Dumez
noreply at github.com
Tue Jan 24 19:20:03 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 574c3859cc0c99c8947c785c44f8b76a45c1fd17
https://github.com/WebKit/WebKit/commit/574c3859cc0c99c8947c785c44f8b76a45c1fd17
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-01-24 (Tue, 24 Jan 2023)
Changed paths:
A LayoutTests/fast/dom/lazy-loading-iframe-destruction-crash-expected.txt
A LayoutTests/fast/dom/lazy-loading-iframe-destruction-crash.html
M Source/WebCore/dom/Document.cpp
Log Message:
-----------
Cherry-pick 252432.841 at safari-7614-branch (a47510d4bcf4). rdar://104609847
Fix potential crash under IntersectionObserver::disconnect()
https://bugs.webkit.org/show_bug.cgi?id=248111
rdar://100355921
Reviewed by Jonathan Bedard and Ryosuke Niwa.
Make sure we protect the intersection observers and resize observers before
calling disconnect() on them in Document::commonTeardown().
This is a speculative fix to address the crash in the radar, which I was
unable to reproduce.
* LayoutTests/fast/dom/lazy-loading-iframe-destruction-crash-expected.txt: Added.
* LayoutTests/fast/dom/lazy-loading-iframe-destruction-crash.html: Added.
Include test from the radar, even though it didn't reproduce the issue for me.
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::commonTeardown):
Canonical link: https://commits.webkit.org/252432.841@safari-7614-branch
Canonical link: https://commits.webkit.org/259332@main
More information about the webkit-changes
mailing list