[webkit-changes] [WebKit/WebKit] 2caba6: Cherry-pick 252432.945 at safari-7614-branch (f8d24d4...
Chris Dumez
noreply at github.com
Thu Jan 26 11:47:42 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 2caba6db920732740468c72d2decc5c3e3adba7b
https://github.com/WebKit/WebKit/commit/2caba6db920732740468c72d2decc5c3e3adba7b
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-01-26 (Thu, 26 Jan 2023)
Changed paths:
M Source/WebKit/UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm
Log Message:
-----------
Cherry-pick 252432.945 at safari-7614-branch (f8d24d4f0141). rdar://104657147
Protect against RemoteLayerTreeDrawingAreaProxy getting destroyed during waitForAndDispatchImmediately() call
https://bugs.webkit.org/show_bug.cgi?id=248660
rdar://101806758
Reviewed by Wenson Hsieh and Ryan Haddad.
In RemoteLayerTreeDrawingAreaProxy::waitForDidUpdateActivityState(), during the execution of
IPC::Connection::waitForAndDispatchImmediately(), `this` might get destroyed as a result of
processing an incoming IPC from the WebProcess. For this reason, we need to check that `this`
is still alive after the call returns.
Note that we cannot easily protect `this` since this is not a RefCounted object.
* Source/WebKit/UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm:
(WebKit::RemoteLayerTreeDrawingAreaProxy::waitForDidUpdateActivityState):
Canonical link: https://commits.webkit.org/252432.945@safari-7614-branch
Canonical link: https://commits.webkit.org/259445@main
More information about the webkit-changes
mailing list