<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[180548] trunk/Source/WebCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/180548">180548</a></dd>
<dt>Author</dt> <dd>bfulgham@apple.com</dd>
<dt>Date</dt> <dd>2015-02-23 20:09:21 -0800 (Mon, 23 Feb 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>EventHandler references deleted Scrollbar
https://bugs.webkit.org/show_bug.cgi?id=141931
<rdar://problem/19915210>
Reviewed by Tim Horton.
Tested by scrollbars/overflow-custom-scrollbar-crash.html
Update the EventHandler class to use a WeakPtr to reference the
last used Scrollbar, rather than retaining the Scrollbar and
artificially extending its life. This keeps the EventHandler
state in proper sync with the state of the render tree, and
avoids cases where we have destroyed a ScrollableArea (and
Scrollbar) but are still sending messages to a fake zombie
version of the element.
* page/EventHandler.cpp:
(WebCore::EventHandler::clear):
(WebCore::EventHandler::handleMousePressEvent):
(WebCore::EventHandler::updateMouseEventTargetNode):
(WebCore::EventHandler::updateLastScrollbarUnderMouse):
* page/EventHandler.h:
* platform/Scrollbar.cpp:
(WebCore::Scrollbar::Scrollbar): Initialize WeakPtrFactory.
* platform/Scrollbar.h:
(WebCore::Scrollbar::createWeakPtr): Added,</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCorepageEventHandlercpp">trunk/Source/WebCore/page/EventHandler.cpp</a></li>
<li><a href="#trunkSourceWebCorepageEventHandlerh">trunk/Source/WebCore/page/EventHandler.h</a></li>
<li><a href="#trunkSourceWebCoreplatformScrollbarcpp">trunk/Source/WebCore/platform/Scrollbar.cpp</a></li>
<li><a href="#trunkSourceWebCoreplatformScrollbarh">trunk/Source/WebCore/platform/Scrollbar.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (180547 => 180548)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2015-02-24 03:47:29 UTC (rev 180547)
+++ trunk/Source/WebCore/ChangeLog 2015-02-24 04:09:21 UTC (rev 180548)
</span><span class="lines">@@ -1,3 +1,32 @@
</span><ins>+2015-02-23 Brent Fulgham <bfulgham@apple.com>
+
+ EventHandler references deleted Scrollbar
+ https://bugs.webkit.org/show_bug.cgi?id=141931
+ <rdar://problem/19915210>
+
+ Reviewed by Tim Horton.
+
+ Tested by scrollbars/overflow-custom-scrollbar-crash.html
+
+ Update the EventHandler class to use a WeakPtr to reference the
+ last used Scrollbar, rather than retaining the Scrollbar and
+ artificially extending its life. This keeps the EventHandler
+ state in proper sync with the state of the render tree, and
+ avoids cases where we have destroyed a ScrollableArea (and
+ Scrollbar) but are still sending messages to a fake zombie
+ version of the element.
+
+ * page/EventHandler.cpp:
+ (WebCore::EventHandler::clear):
+ (WebCore::EventHandler::handleMousePressEvent):
+ (WebCore::EventHandler::updateMouseEventTargetNode):
+ (WebCore::EventHandler::updateLastScrollbarUnderMouse):
+ * page/EventHandler.h:
+ * platform/Scrollbar.cpp:
+ (WebCore::Scrollbar::Scrollbar): Initialize WeakPtrFactory.
+ * platform/Scrollbar.h:
+ (WebCore::Scrollbar::createWeakPtr): Added,
+
</ins><span class="cx"> 2015-02-23 Yusuke Suzuki <utatane.tea@gmail.com>
</span><span class="cx">
</span><span class="cx"> REGRESSION(r179429): Can't type comments in Facebook
</span></span></pre></div>
<a id="trunkSourceWebCorepageEventHandlercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/EventHandler.cpp (180547 => 180548)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/EventHandler.cpp 2015-02-24 03:47:29 UTC (rev 180547)
+++ trunk/Source/WebCore/page/EventHandler.cpp 2015-02-24 04:09:21 UTC (rev 180548)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2006-2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2006-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org)
</span><span class="cx"> * Copyright (C) 2012 Digia Plc. and/or its subsidiary(-ies)
</span><span class="cx"> *
</span><span class="lines">@@ -98,6 +98,7 @@
</span><span class="cx"> #include <wtf/CurrentTime.h>
</span><span class="cx"> #include <wtf/StdLibExtras.h>
</span><span class="cx"> #include <wtf/TemporaryChange.h>
</span><ins>+#include <wtf/WeakPtr.h>
</ins><span class="cx">
</span><span class="cx"> #if ENABLE(CSS_IMAGE_SET)
</span><span class="cx"> #include "StyleCachedImageSet.h"
</span><span class="lines">@@ -3673,10 +3674,10 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // If scrollbar (under mouse) is different from last, send a mouse exited. Set
</span><del>-// last to scrollbar if setLast is true; else set last to 0.
</del><ins>+// last to scrollbar if setLast is true; else set last to nullptr.
</ins><span class="cx"> void EventHandler::updateLastScrollbarUnderMouse(Scrollbar* scrollbar, bool setLast)
</span><span class="cx"> {
</span><del>- if (m_lastScrollbarUnderMouse != scrollbar) {
</del><ins>+ if (m_lastScrollbarUnderMouse.get() != scrollbar) {
</ins><span class="cx"> // Send mouse exited to the old scrollbar.
</span><span class="cx"> if (m_lastScrollbarUnderMouse)
</span><span class="cx"> m_lastScrollbarUnderMouse->mouseExited();
</span><span class="lines">@@ -3685,7 +3686,10 @@
</span><span class="cx"> if (scrollbar && setLast)
</span><span class="cx"> scrollbar->mouseEntered();
</span><span class="cx">
</span><del>- m_lastScrollbarUnderMouse = setLast ? scrollbar : 0;
</del><ins>+ if (setLast && scrollbar)
+ m_lastScrollbarUnderMouse = scrollbar->createWeakPtr();
+ else
+ m_lastScrollbarUnderMouse = nullptr;
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCorepageEventHandlerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/EventHandler.h (180547 => 180548)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/EventHandler.h 2015-02-24 03:47:29 UTC (rev 180547)
+++ trunk/Source/WebCore/page/EventHandler.h 2015-02-24 04:09:21 UTC (rev 180548)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2006-2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2006-2015 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -41,6 +41,7 @@
</span><span class="cx"> #include <memory>
</span><span class="cx"> #include <wtf/Forward.h>
</span><span class="cx"> #include <wtf/RefPtr.h>
</span><ins>+#include <wtf/WeakPtr.h>
</ins><span class="cx">
</span><span class="cx"> #if PLATFORM(IOS)
</span><span class="cx"> #ifdef __OBJC__
</span><span class="lines">@@ -500,7 +501,7 @@
</span><span class="cx"> RefPtr<Element> m_elementUnderMouse;
</span><span class="cx"> RefPtr<Element> m_lastElementUnderMouse;
</span><span class="cx"> RefPtr<Frame> m_lastMouseMoveEventSubframe;
</span><del>- RefPtr<Scrollbar> m_lastScrollbarUnderMouse;
</del><ins>+ WeakPtr<Scrollbar> m_lastScrollbarUnderMouse;
</ins><span class="cx"> Cursor m_currentMouseCursor;
</span><span class="cx">
</span><span class="cx"> int m_clickCount;
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformScrollbarcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/Scrollbar.cpp (180547 => 180548)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/Scrollbar.cpp 2015-02-24 03:47:29 UTC (rev 180547)
+++ trunk/Source/WebCore/platform/Scrollbar.cpp 2015-02-24 04:09:21 UTC (rev 180548)
</span><span class="lines">@@ -57,7 +57,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> Scrollbar::Scrollbar(ScrollableArea& scrollableArea, ScrollbarOrientation orientation, ScrollbarControlSize controlSize,
</span><del>- ScrollbarTheme* theme, bool isCustomScrollbar)
</del><ins>+ ScrollbarTheme* theme, bool isCustomScrollbar)
</ins><span class="cx"> : m_scrollableArea(scrollableArea)
</span><span class="cx"> , m_orientation(orientation)
</span><span class="cx"> , m_controlSize(controlSize)
</span><span class="lines">@@ -81,6 +81,7 @@
</span><span class="cx"> , m_suppressInvalidation(false)
</span><span class="cx"> , m_isAlphaLocked(false)
</span><span class="cx"> , m_isCustomScrollbar(isCustomScrollbar)
</span><ins>+ , m_weakPtrFactory(this)
</ins><span class="cx"> {
</span><span class="cx"> if (!m_theme)
</span><span class="cx"> m_theme = ScrollbarTheme::theme();
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformScrollbarh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/Scrollbar.h (180547 => 180548)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/Scrollbar.h 2015-02-24 03:47:29 UTC (rev 180547)
+++ trunk/Source/WebCore/platform/Scrollbar.h 2015-02-24 04:09:21 UTC (rev 180548)
</span><span class="lines">@@ -31,6 +31,7 @@
</span><span class="cx"> #include "Timer.h"
</span><span class="cx"> #include "Widget.h"
</span><span class="cx"> #include <wtf/PassRefPtr.h>
</span><ins>+#include <wtf/WeakPtr.h>
</ins><span class="cx">
</span><span class="cx"> namespace WebCore {
</span><span class="cx">
</span><span class="lines">@@ -157,6 +158,8 @@
</span><span class="cx">
</span><span class="cx"> virtual bool supportsUpdateOnSecondaryThread() const override;
</span><span class="cx">
</span><ins>+ WeakPtr<Scrollbar> createWeakPtr() { return m_weakPtrFactory.createWeakPtr(); }
+
</ins><span class="cx"> protected:
</span><span class="cx"> Scrollbar(ScrollableArea&, ScrollbarOrientation, ScrollbarControlSize, ScrollbarTheme* = 0, bool isCustomScrollbar = false);
</span><span class="cx">
</span><span class="lines">@@ -204,6 +207,8 @@
</span><span class="cx">
</span><span class="cx"> private:
</span><span class="cx"> virtual bool isScrollbar() const override { return true; }
</span><ins>+
+ WeakPtrFactory<Scrollbar> m_weakPtrFactory;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace WebCore
</span></span></pre>
</div>
</div>
</body>
</html>