Add check null of getRealObject(). When a WebView is

removed, there is a slight chance that getRealObject()
for WebView's JavaObject be null.

Fix http://b/issue?id=2159815

1 files changed, 91 insertions, 21 deletions

diff --git a/WebKit/android/nav/WebView.cpp b/WebKit/android/nav/WebView.cpp
index b4c0281..cc11746 100644
--- a/WebKit/android/nav/WebView.cpp
+++ b/WebKit/android/nav/WebView.cpp
@@ -215,7 +215,12 @@ void clearTextEntry()
 {
     DEBUG_NAV_UI_LOGD("%s", __FUNCTION__);
     JNIEnv* env = JSC::Bindings::getJNIEnv();
-    env->CallVoidMethod(m_javaGlue.object(env).get(), m_javaGlue.m_clearTextEntry);
+    AutoJObject obj = m_javaGlue.object(env);
+    // if it is called during or after DESTROY is handled, the real object of
+    // WebView can be gone. Check before using it.
+    if (!obj.get())
+        return;
+    env->CallVoidMethod(obj.get(), m_javaGlue.m_clearTextEntry);
     checkException(env);
 }
 
@@ -633,7 +638,12 @@ int getScaledMaxXScroll()
 {
     LOG_ASSERT(m_javaGlue.m_obj, "A java object was not associated with this native WebView!");
     JNIEnv* env = JSC::Bindings::getJNIEnv();
-    int result = env->CallIntMethod(m_javaGlue.object(env).get(), m_javaGlue.m_getScaledMaxXScroll);
+    AutoJObject obj = m_javaGlue.object(env);
+    // if it is called during or after DESTROY is handled, the real object of
+    // WebView can be gone. Check before using it.
+    if (!obj.get())
+        return 0;
+    int result = env->CallIntMethod(obj.get(), m_javaGlue.m_getScaledMaxXScroll);
     checkException(env);
     return result;
 }
@@ -642,7 +652,12 @@ int getScaledMaxYScroll()
 {
     LOG_ASSERT(m_javaGlue.m_obj, "A java object was not associated with this native WebView!");
     JNIEnv* env = JSC::Bindings::getJNIEnv();
-    int result = env->CallIntMethod(m_javaGlue.object(env).get(), m_javaGlue.m_getScaledMaxYScroll);
+    AutoJObject obj = m_javaGlue.object(env);
+    // if it is called during or after DESTROY is handled, the real object of
+    // WebView can be gone. Check before using it.
+    if (!obj.get())
+        return 0;
+    int result = env->CallIntMethod(obj.get(), m_javaGlue.m_getScaledMaxYScroll);
     checkException(env);
     return result;
 }
@@ -651,7 +666,12 @@ void getVisibleRect(WebCore::IntRect* rect)
 {
     LOG_ASSERT(m_javaGlue.m_obj, "A java object was not associated with this native WebView!");
     JNIEnv* env = JSC::Bindings::getJNIEnv();
-    jobject jRect = env->CallObjectMethod(m_javaGlue.object(env).get(), m_javaGlue.m_getVisibleRect);
+    AutoJObject obj = m_javaGlue.object(env);
+    // if it is called during or after DESTROY is handled, the real object of
+    // WebView can be gone. Check before using it.
+    if (!obj.get())
+        return;
+    jobject jRect = env->CallObjectMethod(obj.get(), m_javaGlue.m_getVisibleRect);
     checkException(env);
     int left = (int) env->GetIntField(jRect, m_javaGlue.m_rectLeft);
     checkException(env);
@@ -994,9 +1014,13 @@ int getBlockLeftEdge(int x, int y, float scale)
 void overrideUrlLoading(const WebCore::String& url)
 {
     JNIEnv* env = JSC::Bindings::getJNIEnv();
+    AutoJObject obj = m_javaGlue.object(env);
+    // if it is called during or after DESTROY is handled, the real object of
+    // WebView can be gone. Check before using it.
+    if (!obj.get())
+        return;
     jstring jName = env->NewString((jchar*) url.characters(), url.length());
-    env->CallVoidMethod(m_javaGlue.object(env).get(),
-            m_javaGlue.m_overrideLoading, jName);
+    env->CallVoidMethod(obj.get(), m_javaGlue.m_overrideLoading, jName);
     env->DeleteLocalRef(jName);
 }
 
@@ -1014,11 +1038,14 @@ void setPluginReceivesEvents(bool value)
 
     //send message to plugin in webkit
     JNIEnv* env = JSC::Bindings::getJNIEnv();
-    env->CallVoidMethod(m_javaGlue.object(env).get(),
-                        m_javaGlue.m_sendPluginState,
+    AutoJObject obj = m_javaGlue.object(env);
+    // if it is called during or after DESTROY is handled, the real object of
+    // WebView can be gone. Check before using it.
+    if (!obj.get())
+        return;
+    env->CallVoidMethod(obj.get(), m_javaGlue.m_sendPluginState,
                         value ? kGainFocus_PluginState : kLoseFocus_PluginState);
     checkException(env);
-
     m_pluginReceivesEvents = value;
 }
 
@@ -1181,7 +1208,12 @@ void sendMoveMouse(WebCore::Frame* framePtr, WebCore::Node* nodePtr, int x, int
 {
     DBG_NAV_LOGD("framePtr=%p nodePtr=%p x=%d y=%d", framePtr, nodePtr, x, y);
     JNIEnv* env = JSC::Bindings::getJNIEnv();
-    env->CallVoidMethod(m_javaGlue.object(env).get(), m_javaGlue.m_sendMoveMouse,
+    AutoJObject obj = m_javaGlue.object(env);
+    // if it is called during or after DESTROY is handled, the real object of
+    // WebView can be gone. Check before using it.
+    if (!obj.get())
+        return;
+    env->CallVoidMethod(obj.get(), m_javaGlue.m_sendMoveMouse,
         (jint) framePtr, (jint) nodePtr, x, y);
     checkException(env);
 }
@@ -1190,8 +1222,12 @@ void sendMoveMouseIfLatest(bool disableFocusController)
 {
     LOG_ASSERT(m_javaGlue.m_obj, "A java object was not associated with this native WebView!");
     JNIEnv* env = JSC::Bindings::getJNIEnv();
-    env->CallVoidMethod(m_javaGlue.object(env).get(),
-            m_javaGlue.m_sendMoveMouseIfLatest, disableFocusController);
+    AutoJObject obj = m_javaGlue.object(env);
+    // if it is called during or after DESTROY is handled, the real object of
+    // WebView can be gone. Check before using it.
+    if (!obj.get())
+        return;
+    env->CallVoidMethod(obj.get(), m_javaGlue.m_sendMoveMouseIfLatest, disableFocusController);
     checkException(env);
 }
 
@@ -1203,7 +1239,12 @@ void sendMotionUp(
         m_generation, framePtr, nodePtr, x, y);
     LOG_ASSERT(m_javaGlue.m_obj, "A WebView was not associated with this WebViewNative!");
     JNIEnv* env = JSC::Bindings::getJNIEnv();
-    env->CallVoidMethod(m_javaGlue.object(env).get(), m_javaGlue.m_sendMotionUp,
+    AutoJObject obj = m_javaGlue.object(env);
+    // if it is called during or after DESTROY is handled, the real object of
+    // WebView can be gone. Check before using it.
+    if (!obj.get())
+        return;
+    env->CallVoidMethod(obj.get(), m_javaGlue.m_sendMotionUp,
         m_generation, (jint) framePtr, (jint) nodePtr, x, y);
     checkException(env);
 }
@@ -1272,7 +1313,12 @@ bool scrollBy(int dx, int dy)
     LOG_ASSERT(m_javaGlue.m_obj, "A java object was not associated with this native WebView!");
 
     JNIEnv* env = JSC::Bindings::getJNIEnv();
-    bool result = env->CallBooleanMethod(m_javaGlue.object(env).get(),
+    AutoJObject obj = m_javaGlue.object(env);
+    // if it is called during or after DESTROY is handled, the real object of
+    // WebView can be gone. Check before using it.
+    if (!obj.get())
+        return false;
+    bool result = env->CallBooleanMethod(obj.get(),
         m_javaGlue.m_scrollBy, dx, dy, true);
     checkException(env);
     return result;
@@ -1309,15 +1355,24 @@ bool hasFocusNode()
 void rebuildWebTextView()
 {
     JNIEnv* env = JSC::Bindings::getJNIEnv();
-    env->CallVoidMethod(m_javaGlue.object(env).get(),
-            m_javaGlue.m_rebuildWebTextView);
+    AutoJObject obj = m_javaGlue.object(env);
+    // if it is called during or after DESTROY is handled, the real object of
+    // WebView can be gone. Check before using it.
+    if (!obj.get())
+        return;
+    env->CallVoidMethod(obj.get(), m_javaGlue.m_rebuildWebTextView);
     checkException(env);
 }
 
 void displaySoftKeyboard(bool isTextView)
 {
     JNIEnv* env = JSC::Bindings::getJNIEnv();
-    env->CallVoidMethod(m_javaGlue.object(env).get(),
+    AutoJObject obj = m_javaGlue.object(env);
+    // if it is called during or after DESTROY is handled, the real object of
+    // WebView can be gone. Check before using it.
+    if (!obj.get())
+        return;
+    env->CallVoidMethod(obj.get(),
             m_javaGlue.m_displaySoftKeyboard, isTextView);
     checkException(env);
 }
@@ -1325,22 +1380,37 @@ void displaySoftKeyboard(bool isTextView)
 void viewInvalidate()
 {
     JNIEnv* env = JSC::Bindings::getJNIEnv();
-    env->CallVoidMethod(m_javaGlue.object(env).get(), m_javaGlue.m_viewInvalidate);
+    AutoJObject obj = m_javaGlue.object(env);
+    // if it is called during or after DESTROY is handled, the real object of
+    // WebView can be gone. Check before using it.
+    if (!obj.get())
+        return;
+    env->CallVoidMethod(obj.get(), m_javaGlue.m_viewInvalidate);
     checkException(env);
 }
 
 void viewInvalidateRect(int l, int t, int r, int b)
 {
     JNIEnv* env = JSC::Bindings::getJNIEnv();
-    env->CallVoidMethod(m_javaGlue.object(env).get(), m_javaGlue.m_viewInvalidateRect, l, r, t, b);
+    AutoJObject obj = m_javaGlue.object(env);
+    // if it is called during or after DESTROY is handled, the real object of
+    // WebView can be gone. Check before using it.
+    if (!obj.get())
+        return;
+    env->CallVoidMethod(obj.get(), m_javaGlue.m_viewInvalidateRect, l, r, t, b);
     checkException(env);
 }
 
 void postInvalidateDelayed(int64_t delay, const WebCore::IntRect& bounds)
 {
     JNIEnv* env = JSC::Bindings::getJNIEnv();
-    env->CallVoidMethod(m_javaGlue.object(env).get(), m_javaGlue.m_postInvalidateDelayed,
-        delay, bounds.x(), bounds.y(), bounds.right(), bounds.bottom());
+    AutoJObject obj = m_javaGlue.object(env);
+    // if it is called during or after DESTROY is handled, the real object of
+    // WebView can be gone. Check before using it.
+    if (!obj.get())
+        return;
+    env->CallVoidMethod(obj.get(), m_javaGlue.m_postInvalidateDelayed,
+            delay, bounds.x(), bounds.y(), bounds.right(), bounds.bottom());
     checkException(env);
 }