Title: [203450] trunk/Source/WebCore
- Revision
- 203450
- Author
- cdu...@apple.com
- Date
- 2016-07-20 06:02:30 -0700 (Wed, 20 Jul 2016)
Log Message
PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
https://bugs.webkit.org/show_bug.cgi?id=159962
<rdar://problem/21439264>
Reviewed by David Kilzer.
PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
other. It is therefore possible for a PostResolutionCallbackDisabler object to get
destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
ResourceLoadSuspender object is alive.
This leads to hard to investigate crashes where we end up re-entering WebKit and killing
the style resolver.
This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
is better because it manages a resolutionNestingDepth counter internally to make sure
it only calls LoaderStrategy::resumePendingRequests() once all
PostResolutionCallbackDisabler instances are destroyed.
No new tests, there is no easy way to reproduce the crashes.
* dom/Document.cpp:
(WebCore::Document::styleForElementIgnoringPendingStylesheets):
* loader/LoaderStrategy.cpp:
(WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
(WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
* loader/LoaderStrategy.h:
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (203449 => 203450)
--- trunk/Source/WebCore/ChangeLog 2016-07-20 12:17:37 UTC (rev 203449)
+++ trunk/Source/WebCore/ChangeLog 2016-07-20 13:02:30 UTC (rev 203450)
@@ -1,3 +1,37 @@
+2016-07-20 Chris Dumez <cdu...@apple.com>
+
+ PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
+ https://bugs.webkit.org/show_bug.cgi?id=159962
+ <rdar://problem/21439264>
+
+ Reviewed by David Kilzer.
+
+ PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
+ is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
+ call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
+ However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
+ other. It is therefore possible for a PostResolutionCallbackDisabler object to get
+ destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
+ ResourceLoadSuspender object is alive.
+
+ This leads to hard to investigate crashes where we end up re-entering WebKit and killing
+ the style resolver.
+
+ This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
+ There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
+ is better because it manages a resolutionNestingDepth counter internally to make sure
+ it only calls LoaderStrategy::resumePendingRequests() once all
+ PostResolutionCallbackDisabler instances are destroyed.
+
+ No new tests, there is no easy way to reproduce the crashes.
+
+ * dom/Document.cpp:
+ (WebCore::Document::styleForElementIgnoringPendingStylesheets):
+ * loader/LoaderStrategy.cpp:
+ (WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
+ (WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
+ * loader/LoaderStrategy.h:
+
2016-07-19 Youenn Fablet <you...@apple.com>
[Fetch API] Add a JS builtin to implement https://fetch.spec.whatwg.org/#concept-headers-fill
Modified: trunk/Source/WebCore/dom/Document.cpp (203449 => 203450)
--- trunk/Source/WebCore/dom/Document.cpp 2016-07-20 12:17:37 UTC (rev 203449)
+++ trunk/Source/WebCore/dom/Document.cpp 2016-07-20 13:02:30 UTC (rev 203450)
@@ -2043,7 +2043,7 @@
ASSERT(&element.document() == this);
// On iOS request delegates called during styleForElement may result in re-entering WebKit and killing the style resolver.
- ResourceLoadSuspender suspender;
+ Style::PostResolutionCallbackDisabler disabler(*this);
TemporaryChange<bool> change(m_ignorePendingStylesheets, true);
auto elementStyle = element.resolveStyle(parentStyle);
Modified: trunk/Source/WebCore/loader/LoaderStrategy.cpp (203449 => 203450)
--- trunk/Source/WebCore/loader/LoaderStrategy.cpp 2016-07-20 12:17:37 UTC (rev 203449)
+++ trunk/Source/WebCore/loader/LoaderStrategy.cpp 2016-07-20 13:02:30 UTC (rev 203450)
@@ -34,16 +34,6 @@
{
}
-ResourceLoadSuspender::ResourceLoadSuspender()
-{
- platformStrategies()->loaderStrategy()->suspendPendingRequests();
-}
-
-ResourceLoadSuspender::~ResourceLoadSuspender()
-{
- platformStrategies()->loaderStrategy()->resumePendingRequests();
-}
-
} // namespace WebCore
Modified: trunk/Source/WebCore/loader/LoaderStrategy.h (203449 => 203450)
--- trunk/Source/WebCore/loader/LoaderStrategy.h 2016-07-20 12:17:37 UTC (rev 203449)
+++ trunk/Source/WebCore/loader/LoaderStrategy.h 2016-07-20 13:02:30 UTC (rev 203450)
@@ -65,12 +65,6 @@
virtual ~LoaderStrategy();
};
-class ResourceLoadSuspender {
-public:
- ResourceLoadSuspender();
- ~ResourceLoadSuspender();
-};
-
} // namespace WebCore
#endif // LoaderStrategy_h
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
