[webkit-changes] [WebKit/WebKit] 7badad: Fix crash: deleting RemoteLayerTreeEventDispatcher...
Vitor Roriz
noreply at github.com
Tue Jun 20 09:16:42 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 7badad9c6f475813cd253f101cc37c8637d7f6d3
https://github.com/WebKit/WebKit/commit/7badad9c6f475813cd253f101cc37c8637d7f6d3
Author: Vitor Roriz <vitor.roriz at apple.com>
Date: 2023-06-20 (Tue, 20 Jun 2023)
Changed paths:
M Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp
Log Message:
-----------
Fix crash: deleting RemoteLayerTreeEventDispatcherDisplayLinkClient
https://bugs.webkit.org/show_bug.cgi?id=258133
rdar://109463023
Reviewed by Simon Fraser.
* Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:
(WebKit::RemoteLayerTreeEventDispatcher::invalidate):
RemoteLayerTreeEventDispatcherDisplayLinkClient inherits indirectly from
CanMakeCheckedPtrBase. This means that for deleting a object of this type
we should first delete any CheckRef objects pointing to it.
At RemoteLayerTreeEventDispatcher::invalidate we currently call
stopDisplayLinkObserver() to remove the associated observer of
DisplayLink::Client. If that Client has no more observers, we remove
the CheckRef for this client from DisplayLink's m_client's map (See removeInfoForClientIfUnused()).
The problem is, since we want to delete m_displayClient at the end of
invalidate() we have to make sure that the associated CheckRef gets removed
from the map, independently of how many observers it still has.
Therefore, instead of removing just the single associated observer,
we can remove the reference for the client from DisplayLink.
Canonical link: https://commits.webkit.org/265322@main
More information about the webkit-changes
mailing list