projects / platform / framework / web / chromium-efl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2a71ea1)
Fix for crash on webview resize for a new page opened in the same tab.
authorChandan Padhi <c.padhi@samsung.com>
Mon, 7 Dec 2015 13:01:32 +0000 (18:31 +0530)
committerYoungsoo Choi <kenshin.choi@samsung.com>
Tue, 10 Jul 2018 07:55:23 +0000 (07:55 +0000)
Currently, segmentation fault occurs on webview resize when we load a
new page on an already existing tab. In this scenario, a new RWHVEfl
is created first and then the previous RWHVEfl is destroyed. However,
the same WebContentsViewEfl(therefore the same native view) is used
for the new RWHVEfl as well.

Two resize callbacks(one for each RWHVEfl) are added to the same
native view in order of their creation.
In destructor of the previous RWHVEfl, evas_object_event_callback_del()
deletes the most recently added callback(the one for the new RWHVEfl).
When resize occurs for the new RWHVEfl, the callback for the previous
RWHVEfl(already deleted) is invoked that results in crash.

To fix this issue, we now use evas_object_event_callback_del_full()
instead of evas_object_event_callback_del().
evas_object_event_callback_del_full() deletes the callback for the
corresponding RWHVEfl only.

Bug: http://suprem.sec.samsung.net/jira/browse/CBEFL-806

Reviewed by: sm.venugopal, sns.park

Change-Id: I36e4538c12b1847bedd8263fe1d18e3815ee0e3d
Signed-off-by: Chandan Padhi <c.padhi@samsung.com>
tizen_src/chromium_impl/content/browser/renderer_host/render_widget_host_view_efl.cc patch | blob | history

diff --git a/tizen_src/chromium_impl/content/browser/renderer_host/render_widget_host_view_efl.cc b/tizen_src/chromium_impl/content/browser/renderer_host/render_widget_host_view_efl.cc
index 7dfd2c4..09dbea1 100755 (executable)
--- a/tizen_src/chromium_impl/content/browser/renderer_host/render_widget_host_view_efl.cc
+++ b/tizen_src/chromium_impl/content/browser/renderer_host/render_widget_host_view_efl.cc
@@ -307,8 +307,8 @@ RenderWidgetHostViewEfl::~RenderWidgetHostViewEfl() {
   if (im_context_)
     delete im_context_;
 
-  evas_object_event_callback_del(parent_view_, EVAS_CALLBACK_RESIZE,
-      OnParentViewResize);
+  evas_object_event_callback_del_full(parent_view_, EVAS_CALLBACK_RESIZE,
+      OnParentViewResize, this);
   evas_object_event_callback_del(content_image_, EVAS_CALLBACK_FOCUS_IN,
       OnFocusIn);
   evas_object_event_callback_del(content_image_, EVAS_CALLBACK_FOCUS_OUT,
Domain: Web Framework / Web Engine;