[Webkit-unassigned] [Bug 206099] Deploy Ref and RefPtr in DOMWindow::scroll* functions
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 13 09:33:35 PST 2020
https://bugs.webkit.org/show_bug.cgi?id=206099
--- Comment #11 from Jack <shihchieh_lee at apple.com> ---
Geoffrey commented about the lifespan of frame pointer. There was concern about using freed frame pointer so we follow the pattern of other functions.
Will discuss further with Geoffrey and others to decide if we should protect old frame pointer.
(In reply to Chris Dumez from comment #9)
> (In reply to Jack from comment #8)
> > Thanks! Will either keep this line or add reference count to prevent frame
> > being deleted.
> >
> > (In reply to Chris Dumez from comment #5)
> > > Comment on attachment 387396 [details]
> > > Patch
> > >
> > > View in context:
> > > https://bugs.webkit.org/attachment.cgi?id=387396&action=review
> > >
> > > > Source/WebCore/page/DOMWindow.cpp:1604
> > > > + if (!frame)
> > >
> > > This is a bogus check. if (!isCurrentlyDisplayedInFrame()) would have
> > > returned early above if the frame was null.
>
> I think Simon already mentioned this but I don't think we want to keep the
> frame alive past the updateLayoutIgnorePendingStylesheets() call. Instead,
> you should get the frame *after* the updateLayoutIgnorePendingStylesheets()
> call and null check it then.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200113/851f8155/attachment.htm>
More information about the webkit-unassigned
mailing list