diff options
7 files changed, 55 insertions, 37 deletions
diff --git a/Source/WebCore/bindings/v8/V8AbstractEventListener.cpp b/Source/WebCore/bindings/v8/V8AbstractEventListener.cpp index 90dc097..0de99f8 100644 --- a/Source/WebCore/bindings/v8/V8AbstractEventListener.cpp +++ b/Source/WebCore/bindings/v8/V8AbstractEventListener.cpp @@ -72,6 +72,14 @@ V8AbstractEventListener::~V8AbstractEventListener() void V8AbstractEventListener::handleEvent(ScriptExecutionContext* context, Event* event) { +#ifdef ANDROID + // Monkey data shows that we can crash here, due to script executing while the + // page's frame has been detached (in the middle of a navigation). + // See b/5201341 + if (!context) + return; +#endif + // Don't reenter V8 if execution was terminated in this instance of V8. if (context->isJSExecutionForbidden()) return; diff --git a/Source/WebCore/platform/graphics/android/TransferQueue.cpp b/Source/WebCore/platform/graphics/android/TransferQueue.cpp index df9aede..918d484 100644 --- a/Source/WebCore/platform/graphics/android/TransferQueue.cpp +++ b/Source/WebCore/platform/graphics/android/TransferQueue.cpp @@ -60,6 +60,7 @@ TransferQueue::TransferQueue() , m_fboID(0) , m_sharedSurfaceTextureId(0) , m_hasGLContext(true) + , m_currentDisplay(EGL_NO_DISPLAY) { memset(&m_GLStateBeforeBlit, 0, sizeof(m_GLStateBeforeBlit)); @@ -164,14 +165,16 @@ void TransferQueue::blitTileFromQueue(GLuint fboID, BaseTileTexture* destTex, // thread will then have to wait for this buffer to finish before writing // into the same memory. EGLDisplay dpy = eglGetCurrentDisplay(); - if (m_transferQueue[index].m_syncKHR != EGL_NO_SYNC_KHR) - eglDestroySyncKHR(dpy, m_transferQueue[index].m_syncKHR); - m_transferQueue[index].m_syncKHR = eglCreateSyncKHR(eglGetCurrentDisplay(), - EGL_SYNC_FENCE_KHR, - 0); - if (m_transferQueue[index].m_syncKHR == EGL_NO_SYNC_KHR) - XLOGC("ERROR: eglClientWaitSyncKHR return error"); - + if (m_currentDisplay != dpy) + m_currentDisplay = dpy; + if (m_currentDisplay != EGL_NO_DISPLAY) { + if (m_transferQueue[index].m_syncKHR != EGL_NO_SYNC_KHR) + eglDestroySyncKHR(m_currentDisplay, m_transferQueue[index].m_syncKHR); + m_transferQueue[index].m_syncKHR = eglCreateSyncKHR(m_currentDisplay, + EGL_SYNC_FENCE_KHR, + 0); + } + GLUtils::checkEglError("CreateSyncKHR"); // Clean up FBO setup. glBindFramebuffer(GL_FRAMEBUFFER, 0); // rebind the standard FBO @@ -207,11 +210,20 @@ bool TransferQueue::readyForUpdate() if (!getHasGLContext()) return false; - // Check the GPU fence - eglClientWaitSyncKHR(eglGetCurrentDisplay(), - m_transferQueue[getNextTransferQueueIndex()].m_syncKHR, - EGL_SYNC_FLUSH_COMMANDS_BIT_KHR, - EGL_FOREVER_KHR); + // Disable this wait until we figure out why this didn't work on some + // drivers b/5332112. +#if 0 + if (m_currentDisplay != EGL_NO_DISPLAY) { + // Check the GPU fence + EGLSyncKHR syncKHR = m_transferQueue[getNextTransferQueueIndex()].m_syncKHR; + if (syncKHR != EGL_NO_SYNC_KHR) + eglClientWaitSyncKHR(m_currentDisplay, + syncKHR, + EGL_SYNC_FLUSH_COMMANDS_BIT_KHR, + EGL_FOREVER_KHR); + } + GLUtils::checkEglError("WaitSyncKHR"); +#endif return true; } diff --git a/Source/WebCore/platform/graphics/android/TransferQueue.h b/Source/WebCore/platform/graphics/android/TransferQueue.h index dbe29f8..f773e41 100644 --- a/Source/WebCore/platform/graphics/android/TransferQueue.h +++ b/Source/WebCore/platform/graphics/android/TransferQueue.h @@ -127,6 +127,8 @@ private: // is destroyed. android::Mutex m_transferQueueItemLocks; android::Condition m_transferQueueItemCond; + + EGLDisplay m_currentDisplay; }; } // namespace WebCore diff --git a/Source/WebKit/android/WebCoreSupport/ChromiumInit.cpp b/Source/WebKit/android/WebCoreSupport/ChromiumInit.cpp index f5029d5..500975c 100644 --- a/Source/WebKit/android/WebCoreSupport/ChromiumInit.cpp +++ b/Source/WebKit/android/WebCoreSupport/ChromiumInit.cpp @@ -68,8 +68,7 @@ void initChromium() if (!initCalled) { logging::SetLogMessageHandler(logMessageHandler); networkChangeNotifier.reset(net::NetworkChangeNotifier::Create()); - // Disable SPDY for bug 5226268 [Browser] http keep-alive packets are sent too frequently to network - // net::HttpNetworkLayer::EnableSpdy("npn"); + net::HttpNetworkLayer::EnableSpdy("npn"); initCalled = true; jni::SetJavaVM(JSC::Bindings::getJavaVM()); } diff --git a/Source/WebKit/android/WebCoreSupport/FrameLoaderClientAndroid.cpp b/Source/WebKit/android/WebCoreSupport/FrameLoaderClientAndroid.cpp index 9de6c09..31eed62 100644 --- a/Source/WebKit/android/WebCoreSupport/FrameLoaderClientAndroid.cpp +++ b/Source/WebKit/android/WebCoreSupport/FrameLoaderClientAndroid.cpp @@ -373,10 +373,16 @@ void FrameLoaderClientAndroid::dispatchDidFailProvisionalLoad(const ResourceErro url.append(buf, res); } } + // Vector sets up its data buffer lazilly, so if failingUrl is the empty + // string, the data buffer will be null. This will result in sanitizedUrl + // being null, and the string substitution below will be a no-op. + // FIXME: Ideally we'd always have a non-empty URL, or at least improve the + // wording of the error page in this case. See http://b/5293782. + String sanitizedUrl = url.data() ? String(url.data(), url.size()) : ""; // Replace all occurances of %s with the failing url. String s = UTF8Encoding().decode((const char*)a->getBuffer(false), a->getLength()); - s = s.replace("%s", String(url.data(), url.size())); + s = s.replace("%s", sanitizedUrl); // Replace all occurances of %e with the error text s = s.replace("%e", error.localizedDescription()); diff --git a/Source/WebKit/android/jni/PictureSet.cpp b/Source/WebKit/android/jni/PictureSet.cpp index e6a9ed5..f61e0f1 100644 --- a/Source/WebKit/android/jni/PictureSet.cpp +++ b/Source/WebKit/android/jni/PictureSet.cpp @@ -356,23 +356,10 @@ void PictureSet::splitAdd(const SkIRect& rect) SkIRect newRect; int deltaX = i * maxSize; int deltaY = j * maxSize; - int left, top, right, bottom; - if (i == firstTileX) - left = rect.fLeft; - else - left = 0; - if (j == firstTileY) - top = rect.fTop; - else - top = 0; - if (i == lastTileX) - right = rect.fRight % maxSize; - else - right = maxSize; - if (j == lastTileY) - bottom = rect.fBottom % maxSize; - else - bottom = maxSize; + int left = (i == firstTileX) ? rect.fLeft - deltaX : 0; + int top = (j == firstTileY) ? rect.fTop - deltaY : 0; + int right = (i == lastTileX) ? rect.fRight % maxSize : maxSize; + int bottom = (j == lastTileY) ? rect.fBottom % maxSize : maxSize; newRect.set(left, top, right, bottom); addToBucket(bucket, deltaX, deltaY, newRect); diff --git a/Source/WebKit/android/jni/WebViewCore.cpp b/Source/WebKit/android/jni/WebViewCore.cpp index 9b5a6fa..8b2029f 100644 --- a/Source/WebKit/android/jni/WebViewCore.cpp +++ b/Source/WebKit/android/jni/WebViewCore.cpp @@ -1729,7 +1729,7 @@ Vector<IntRect> WebViewCore::getTouchHighlightRects(int x, int y, int slop) Node* eventNode = it->get(); while (eventNode) { RenderObject* render = eventNode->renderer(); - if (render->isBody() || render->isRenderView()) + if (render && (render->isBody() || render->isRenderView())) break; if (eventNode->supportsFocus() || eventNode->hasEventListeners(eventNames().clickEvent) @@ -1755,7 +1755,7 @@ Vector<IntRect> WebViewCore::getTouchHighlightRects(int x, int y, int slop) // If the fat point touches everyone, the order in the list should be "b", "d", "c" // and "a". When we search for the event node for "b", we really don't want "a" as // in the z-order it is behind everything else. - if (!render->style()->hasAutoZIndex()) + if (render && !render->style()->hasAutoZIndex()) break; eventNode = eventNode->parentNode(); } @@ -2219,12 +2219,16 @@ void WebViewCore::scrollNodeIntoView(Frame* frame, Node* node) if (!node->isElementNode()) { HTMLElement* body = frame->document()->body(); do { - if (!node || node == body) + if (node == body) return; node = node->parentNode(); - } while (!node->isElementNode() && !isVisible(node)); + } while (node && !node->isElementNode() && !isVisible(node)); } + // Couldn't find a visible predecessor. + if (!node) + return; + elementNode = static_cast<Element*>(node); elementNode->scrollIntoViewIfNeeded(true); } |