From 21251e4e2304e2d8ed5040c4d42245eeea5f0143 Mon Sep 17 00:00:00 2001 From: Chris Craik Date: Tue, 23 Oct 2012 11:14:39 -0700 Subject: Ensure AndroidAnimation's copy of its name string is unique bug:7369890 This avoids cross-thread referencing of this WTF::String Change-Id: I975308d6eb7d9b3d9039f2188cb2697cb3191091 --- .../platform/graphics/android/layers/AndroidAnimation.h | 12 +++++++++--- .../platform/graphics/android/layers/LayerAndroid.cpp | 4 ++-- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/Source/WebCore/platform/graphics/android/layers/AndroidAnimation.h b/Source/WebCore/platform/graphics/android/layers/AndroidAnimation.h index dca769f..704f89a 100644 --- a/Source/WebCore/platform/graphics/android/layers/AndroidAnimation.h +++ b/Source/WebCore/platform/graphics/android/layers/AndroidAnimation.h @@ -50,8 +50,14 @@ public: bool evaluate(LayerAndroid* layer, double time); virtual void applyForProgress(LayerAndroid* layer, float progress) = 0; static long instancesCount(); - void setName(const String& name) { m_name = name; } - String name() { return m_name; } + + // Since this class is shared between WebKit/UI thread, deep copy the name in the setter and + // don't share the value of m_name - this way this AndroidAnimation can be safely destroyed on + //any thread, since it is deref'd on both + void setName(const String& name) { m_name = name.threadsafeCopy(); } + bool isNamed(const String& name) { return m_name == name; } + String nameCopy() { return m_name.threadsafeCopy(); } + AnimatedPropertyID type() { return m_type; } bool fillsBackwards() { return m_fillsBackwards; } bool fillsForwards() { return m_fillsForwards; } @@ -65,7 +71,7 @@ protected: int m_iterationCount; int m_direction; RefPtr m_timingFunction; - String m_name; + String m_name; // Unique to this object, see comments for 'name' functions above AnimatedPropertyID m_type; KeyframeValueList* m_operations; int m_uniqueId; diff --git a/Source/WebCore/platform/graphics/android/layers/LayerAndroid.cpp b/Source/WebCore/platform/graphics/android/layers/LayerAndroid.cpp index 4dbb9ba..1064388 100644 --- a/Source/WebCore/platform/graphics/android/layers/LayerAndroid.cpp +++ b/Source/WebCore/platform/graphics/android/layers/LayerAndroid.cpp @@ -299,7 +299,7 @@ void LayerAndroid::addDirtyArea() void LayerAndroid::addAnimation(PassRefPtr prpAnim) { RefPtr anim = prpAnim; - pair key(anim->name(), anim->type()); + pair key(anim->nameCopy(), anim->type()); removeAnimationsForProperty(anim->type()); m_animations.add(key, anim); } @@ -322,7 +322,7 @@ void LayerAndroid::removeAnimationsForKeyframes(const String& name) KeyframesMap::const_iterator end = m_animations.end(); Vector > toDelete; for (KeyframesMap::const_iterator it = m_animations.begin(); it != end; ++it) { - if ((it->second)->name() == name) + if ((it->second)->isNamed(name)) toDelete.append(it->first); } -- cgit v1.1