diff options
| author | Nicolas Roard <nicolasroard@google.com> | 2011-12-16 20:05:07 -0800 |
|---|---|---|
| committer | Nicolas Roard <nicolasroard@google.com> | 2012-01-03 10:48:53 -0800 |
| commit | 61e0d189f2b74650bf72a6a2820f66a8b17c3d06 (patch) | |
| tree | e131cc1d57c9fc94c461bb36ffb132cb0235f2c4 /Source/WebKit/android/WebCoreSupport/ChromeClientAndroid.cpp | |
| parent | 599c05f3080acd1c99f4d925c333d8a2711c9bdf (diff) | |
| download | external_webkit-61e0d189f2b74650bf72a6a2820f66a8b17c3d06.zip external_webkit-61e0d189f2b74650bf72a6a2820f66a8b17c3d06.tar.gz external_webkit-61e0d189f2b74650bf72a6a2820f66a8b17c3d06.tar.bz2 | |
Fix crash with composited layers - DO NOT MERGE
Cherry-pick from master
When we have composited layers inside iframes/frames, the layers
hierarchy is not always up to date at the time of the layerSync()
call. If some of those layers are scheduled to be repainted, the
repaint operation will triggers the update of the composited layers
tree -- possibly resulting in the deallocation of the very same
GraphicsLayer we were painting from, and thus leading to a crash.
The fix consist in gathering all the root RenderLayer (for each
frame containing composited layers) and explicitely asking
RenderLayerCompositor to check if the composited tree needs to be
updated, before we traverse the tree to paint the elements.
bug:5695185
Change-Id: I33a00b847eb19c9aa4b68f0ac3adbe36709ed00b
Diffstat (limited to 'Source/WebKit/android/WebCoreSupport/ChromeClientAndroid.cpp')
| -rw-r--r-- | Source/WebKit/android/WebCoreSupport/ChromeClientAndroid.cpp | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/Source/WebKit/android/WebCoreSupport/ChromeClientAndroid.cpp b/Source/WebKit/android/WebCoreSupport/ChromeClientAndroid.cpp index 7ff5b19..ab5fcb0 100644 --- a/Source/WebKit/android/WebCoreSupport/ChromeClientAndroid.cpp +++ b/Source/WebKit/android/WebCoreSupport/ChromeClientAndroid.cpp @@ -37,12 +37,15 @@ #include "FrameLoader.h" #include "FrameView.h" #include "Geolocation.h" +#include "GraphicsLayerAndroid.h" #include "HTMLMediaElement.h" #include "HTMLNames.h" #include "Icon.h" #include "LayerAndroid.h" #include "Page.h" #include "PopupMenuAndroid.h" +#include "RenderLayer.h" +#include "RenderLayerCompositor.h" #include "ScriptController.h" #include "SearchPopupMenuAndroid.h" #include "WebCoreFrameBridge.h" @@ -64,7 +67,21 @@ static unsigned long long tryToReclaimDatabaseQuota(SecurityOrigin* originNeedin WebCore::GraphicsLayer* ChromeClientAndroid::layersSync() { if (m_rootGraphicsLayer && m_needsLayerSync && m_webFrame) { - if (FrameView* frameView = m_webFrame->page()->mainFrame()->view()) + // We may have more than one frame, so let's first update all of them + // (webkit may want to update the GraphicsLayer tree, and we do *not* want + // to find this out when we are painting, as it means we could be summarily + // deallocated while painting...) + GraphicsLayerAndroid* rootLayer = static_cast<GraphicsLayerAndroid*>(m_rootGraphicsLayer); + Vector<const RenderLayer*> listRootLayers; + rootLayer->gatherRootLayers(listRootLayers); + + for (unsigned int i = 0; i < listRootLayers.size(); i++) { + RenderLayer* layer = const_cast<RenderLayer*>(listRootLayers[i]); + layer->compositor()->updateCompositingLayers(); + } + + Frame* frame = m_webFrame->page()->mainFrame(); + if (FrameView* frameView = frame->view()) frameView->syncCompositingStateIncludingSubframes(); } m_needsLayerSync = false; |