diff options
| author | David Deephanphongs <dpanpong@google.com> | 2011-05-01 16:18:52 -0700 |
|---|---|---|
| committer | David Deephanphongs <dpanpong@google.com> | 2011-05-04 14:27:51 -0700 |
| commit | f026bfbd0b2f3f45cbed023bd41f0f2665c1f62d (patch) | |
| tree | 0396a327c283172481aa5bef8bbfb08c9d8a2c23 /WebKit/android | |
| parent | cef717ff0869605896b43ea1c86b5c0fa96c2c81 (diff) | |
| download | external_webkit-f026bfbd0b2f3f45cbed023bd41f0f2665c1f62d.zip external_webkit-f026bfbd0b2f3f45cbed023bd41f0f2665c1f62d.tar.gz external_webkit-f026bfbd0b2f3f45cbed023bd41f0f2665c1f62d.tar.bz2 | |
Fix crash in font-handling code caused by repainting while a style recalculation was pending.
The Android FrameCache was being updated while a style recalculation
was pending. This would cause the cached fonts in the
FontFallbackList to be accessed, but that cache is not necessarily
consistant while a recalculation is pending.
A similar issue was occurring with recordPictureSet.
In updateFrameCache() and recordPictureSet(), early-abort if the document
is waiting for a style recalculation. In notifyProgressFinished(), remove
the call to updateFrameCache().
BUG=4292199
Change-Id: I2ae80ddc2d596e2f15455f54f4de7dde6e42ade8
Diffstat (limited to 'WebKit/android')
| -rw-r--r-- | WebKit/android/jni/WebViewCore.cpp | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/WebKit/android/jni/WebViewCore.cpp b/WebKit/android/jni/WebViewCore.cpp index 4bba71a..5bcfae3 100644 --- a/WebKit/android/jni/WebViewCore.cpp +++ b/WebKit/android/jni/WebViewCore.cpp @@ -569,6 +569,11 @@ void WebViewCore::recordPictureSet(PictureSet* content) DBG_SET_LOG("!m_mainFrame->document()"); return; } + // If there is a pending style recalculation, just return. + if (m_mainFrame->document()->isPendingStyleRecalc()) { + LOGW("recordPictureSet: pending style recalc, ignoring."); + return; + } if (m_addInval.isEmpty()) { DBG_SET_LOG("m_addInval.isEmpty()"); return; @@ -1116,9 +1121,7 @@ void WebViewCore::requestKeyboard(bool showKeyboard) void WebViewCore::notifyProgressFinished() { - DBG_NAV_LOG("call updateFrameCache"); m_check_domtree_version = true; - updateFrameCache(); sendNotifyProgressFinished(); } @@ -1515,6 +1518,18 @@ void WebViewCore::updateFrameCache() DBG_NAV_LOG("!m_frameCacheOutOfDate"); return; } + + // If there is a pending style recalculation, do not update the frame cache. + // Until the recalculation is complete, there may be internal objects that + // are in an inconsistent state (such as font pointers). + // In any event, there's not much point to updating the cache while a style + // recalculation is pending, since it will simply have to be updated again + // once the recalculation is complete. + // TODO: Do we need to reschedule an update for after the style is recalculated? + if (m_mainFrame && m_mainFrame->document() && m_mainFrame->document()->isPendingStyleRecalc()) { + LOGW("updateFrameCache: pending style recalc, ignoring."); + return; + } #ifdef ANDROID_INSTRUMENT TimeCounterAuto counter(TimeCounter::WebViewCoreBuildNavTimeCounter); #endif |