Title: [152754] trunk/Source/WebCore
- Revision
- 152754
- Author
- [email protected]
- Date
- 2013-07-16 19:04:00 -0700 (Tue, 16 Jul 2013)
Log Message
Many crashes loading Java applets after r152701
https://bugs.webkit.org/show_bug.cgi?id=118760
<rdar://problem/14462836>
Reviewed by Dean Jackson.
* html/HTMLAppletElement.cpp:
(WebCore::HTMLAppletElement::updateWidget):
Re-acquire the renderer after calling createJavaAppletWidget,
because it can cause reattach, leaving our renderer pointer stale.
* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::createJavaAppletWidget):
Null-check renderer, as element->renderEmbeddedObject() can very clearly
return null in some cases.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (152753 => 152754)
--- trunk/Source/WebCore/ChangeLog 2013-07-17 01:09:18 UTC (rev 152753)
+++ trunk/Source/WebCore/ChangeLog 2013-07-17 02:04:00 UTC (rev 152754)
@@ -1,3 +1,21 @@
+2013-07-16 Tim Horton <[email protected]>
+
+ Many crashes loading Java applets after r152701
+ https://bugs.webkit.org/show_bug.cgi?id=118760
+ <rdar://problem/14462836>
+
+ Reviewed by Dean Jackson.
+
+ * html/HTMLAppletElement.cpp:
+ (WebCore::HTMLAppletElement::updateWidget):
+ Re-acquire the renderer after calling createJavaAppletWidget,
+ because it can cause reattach, leaving our renderer pointer stale.
+
+ * loader/SubframeLoader.cpp:
+ (WebCore::SubframeLoader::createJavaAppletWidget):
+ Null-check renderer, as element->renderEmbeddedObject() can very clearly
+ return null in some cases.
+
2013-07-16 Pratik Solanki <[email protected]>
Missing break in WebGLRenderingContext::validateCompressedTexFuncData()
Modified: trunk/Source/WebCore/html/HTMLAppletElement.cpp (152753 => 152754)
--- trunk/Source/WebCore/html/HTMLAppletElement.cpp 2013-07-17 01:09:18 UTC (rev 152753)
+++ trunk/Source/WebCore/html/HTMLAppletElement.cpp 2013-07-17 02:04:00 UTC (rev 152754)
@@ -153,7 +153,13 @@
Frame* frame = document()->frame();
ASSERT(frame);
- renderer->setWidget(frame->loader()->subframeLoader()->createJavaAppletWidget(roundedIntSize(LayoutSize(contentWidth, contentHeight)), this, paramNames, paramValues));
+ RefPtr<Widget> widget = frame->loader()->subframeLoader()->createJavaAppletWidget(roundedIntSize(LayoutSize(contentWidth, contentHeight)), this, paramNames, paramValues);
+
+ // createJavaAppletWidget can call setPluginUnavailabilityReason, which can cause reattach and destroy our renderer.
+
+ renderer = renderEmbeddedObject();
+ if (renderer)
+ renderer->setWidget(widget.release());
}
bool HTMLAppletElement::canEmbedJava() const
Modified: trunk/Source/WebCore/loader/SubframeLoader.cpp (152753 => 152754)
--- trunk/Source/WebCore/loader/SubframeLoader.cpp 2013-07-17 01:09:18 UTC (rev 152753)
+++ trunk/Source/WebCore/loader/SubframeLoader.cpp 2013-07-17 02:04:00 UTC (rev 152754)
@@ -324,7 +324,7 @@
if (!widget) {
RenderEmbeddedObject* renderer = element->renderEmbeddedObject();
- if (!renderer->showsUnavailablePluginIndicator())
+ if (renderer && !renderer->showsUnavailablePluginIndicator())
renderer->setPluginUnavailabilityReason(RenderEmbeddedObject::PluginMissing);
return 0;
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
