| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google Inc. All rights reserved. | 2 * Copyright (C) 2011 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 100 node->unregisterTransientMutationObserver(this); | 100 node->unregisterTransientMutationObserver(this); |
| 101 | 101 |
| 102 m_transientRegistrationNodes.clear(); | 102 m_transientRegistrationNodes.clear(); |
| 103 | 103 |
| 104 DCHECK(m_registrationNodeKeepAlive); | 104 DCHECK(m_registrationNodeKeepAlive); |
| 105 m_registrationNodeKeepAlive = | 105 m_registrationNodeKeepAlive = |
| 106 nullptr; // Balanced in observeSubtreeNodeWillDetach. | 106 nullptr; // Balanced in observeSubtreeNodeWillDetach. |
| 107 } | 107 } |
| 108 | 108 |
| 109 void MutationObserverRegistration::unregister() { | 109 void MutationObserverRegistration::unregister() { |
| 110 DCHECK(m_registrationNode); | 110 // |this| can outlives m_registrationNode. |
| 111 m_registrationNode->unregisterMutationObserver(this); | 111 if (m_registrationNode) |
| 112 // The above line will cause this object to be deleted, so don't do any more | 112 m_registrationNode->unregisterMutationObserver(this); |
| 113 // in this function. | 113 else |
| 114 dispose(); |
| 114 } | 115 } |
| 115 | 116 |
| 116 bool MutationObserverRegistration::shouldReceiveMutationFrom( | 117 bool MutationObserverRegistration::shouldReceiveMutationFrom( |
| 117 Node& node, | 118 Node& node, |
| 118 MutationObserver::MutationType type, | 119 MutationObserver::MutationType type, |
| 119 const QualifiedName* attributeName) const { | 120 const QualifiedName* attributeName) const { |
| 120 DCHECK((type == MutationObserver::Attributes && attributeName) || | 121 DCHECK((type == MutationObserver::Attributes && attributeName) || |
| 121 !attributeName); | 122 !attributeName); |
| 122 if (!(m_options & type)) | 123 if (!(m_options & type)) |
| 123 return false; | 124 return false; |
| (...skipping 27 matching lines...) Expand all Loading... |
| 151 visitor->trace(m_registrationNode); | 152 visitor->trace(m_registrationNode); |
| 152 visitor->trace(m_registrationNodeKeepAlive); | 153 visitor->trace(m_registrationNodeKeepAlive); |
| 153 visitor->trace(m_transientRegistrationNodes); | 154 visitor->trace(m_transientRegistrationNodes); |
| 154 } | 155 } |
| 155 | 156 |
| 156 DEFINE_TRACE_WRAPPERS(MutationObserverRegistration) { | 157 DEFINE_TRACE_WRAPPERS(MutationObserverRegistration) { |
| 157 visitor->traceWrappers(m_observer); | 158 visitor->traceWrappers(m_observer); |
| 158 } | 159 } |
| 159 | 160 |
| 160 } // namespace blink | 161 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2532003002:
MutationObserver: Fix a null-pointer dereference in MutationObserverRegistration::unregister. (Closed)
