Skip to content

GitLab

T
tangled
Commit 282119e0 authored by sigbjornf's avatar sigbjornf Committed by Commit bot
Browse files
Options

Let notifyScriptLoadError() handle already detached ScriptLoaders. 

If a ScriptRunner has been disposed of already, allow ScriptLoaders
to notify of their failure without asserting.

R=haraken
BUG=570012

Review URL: https://codereview.chromium.org/1642863002

Cr-Commit-Position: refs/heads/master@{#372075}
parent 2181d88d
Hide whitespace changes
Inline Side-by-side
Showing with 14 additions and 2 deletions
third_party/WebKit/Source/core/dom/ScriptRunner.cpp
View file @ 282119e0
...@@ -42,6 +42,7 @@ ScriptRunner::ScriptRunner(Document* document) ...@@ -42,6 +42,7 @@ ScriptRunner::ScriptRunner(Document* document)
, m_numberOfInOrderScriptsWithPendingNotification(0) , m_numberOfInOrderScriptsWithPendingNotification(0)
, m_isSuspended(false) , m_isSuspended(false)
#if !ENABLE(OILPAN) #if !ENABLE(OILPAN)
, m_isDisposed(false)
, m_weakPointerFactoryForTasks(this) , m_weakPointerFactoryForTasks(this)
#endif #endif
{ {
...@@ -97,6 +98,7 @@ void ScriptRunner::dispose() ...@@ -97,6 +98,7 @@ void ScriptRunner::dispose()
m_pendingAsyncScripts.clear(); m_pendingAsyncScripts.clear();
m_inOrderScriptsToExecuteSoon.clear(); m_inOrderScriptsToExecuteSoon.clear();
m_asyncScriptsToExecuteSoon.clear(); m_asyncScriptsToExecuteSoon.clear();
m_isDisposed = true;
m_numberOfInOrderScriptsWithPendingNotification = 0; m_numberOfInOrderScriptsWithPendingNotification = 0;
} }
#endif #endif
...@@ -204,12 +206,21 @@ void ScriptRunner::notifyScriptLoadError(ScriptLoader* scriptLoader, ExecutionTy ...@@ -204,12 +206,21 @@ void ScriptRunner::notifyScriptLoadError(ScriptLoader* scriptLoader, ExecutionTy
// where the ScriptLoader is associated with the wrong ScriptRunner // where the ScriptLoader is associated with the wrong ScriptRunner
// (otherwise we'd cause a use-after-free in ~ScriptRunner when it tries // (otherwise we'd cause a use-after-free in ~ScriptRunner when it tries
// to detach). // to detach).
RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(m_pendingAsyncScripts.contains(scriptLoader)); bool foundLoader = m_pendingAsyncScripts.contains(scriptLoader);
#if !ENABLE(OILPAN)
// If the ScriptRunner has been disposed of, no pending scripts remain.
foundLoader = foundLoader || m_isDisposed;
#endif
RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(foundLoader);
m_pendingAsyncScripts.remove(scriptLoader); m_pendingAsyncScripts.remove(scriptLoader);
break; break;
} }
case IN_ORDER_EXECUTION: case IN_ORDER_EXECUTION:
RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(removePendingInOrderScript(scriptLoader)); bool foundLoader = removePendingInOrderScript(scriptLoader);
#if !ENABLE(OILPAN)
foundLoader = foundLoader || m_isDisposed;
#endif
RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(foundLoader);
break; break;
} }
scriptLoader->detach(); scriptLoader->detach();
......
third_party/WebKit/Source/core/dom/ScriptRunner.h
View file @ 282119e0
...@@ -98,6 +98,7 @@ private: ...@@ -98,6 +98,7 @@ private:
#endif #endif
#if !ENABLE(OILPAN) #if !ENABLE(OILPAN)
bool m_isDisposed;
WeakPtrFactory<ScriptRunner> m_weakPointerFactoryForTasks; WeakPtrFactory<ScriptRunner> m_weakPointerFactoryForTasks;
#endif #endif
}; };
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment