From d9c800fe184301a924e4b3a3d8acde519754cf74 Mon Sep 17 00:00:00 2001 From: Nika Layzell Date: Tue, 22 Oct 2019 13:57:01 +0000 Subject: [PATCH] Bug 1589054 - Part 3: Store mDocShell directly on nsFrameLoader, r=farre This is necessary as the nsFrameLoader may have been swapped, due to a process switch, before the teardown of the old nsDocShell is complete. In this case, the nsDocShell is still present on the BrowsingContext despite a nsFrameLoader for a remote frame having been set up. This will also be important for future changes such as cross-process bfcache. It may be possible to change the calls to `nsFrameLoader::GetDocShell()` back to `mDocShell` accesses in the future. Differential Revision: https://phabricator.services.mozilla.com/D49648 --HG-- extra : moz-landing-system : lando --- dom/base/nsFrameLoader.cpp | 2 ++ dom/base/nsFrameLoader.h | 10 +++------- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/dom/base/nsFrameLoader.cpp b/dom/base/nsFrameLoader.cpp index 8444e6013524..f9307fda4e3d 100644 --- a/dom/base/nsFrameLoader.cpp +++ b/dom/base/nsFrameLoader.cpp @@ -1905,6 +1905,7 @@ void nsFrameLoader::DestroyDocShell() { } mBrowsingContext = nullptr; + mDocShell = nullptr; if (mChildMessageManager) { // Stop handling events in the in-process frame script. @@ -2014,6 +2015,7 @@ nsresult nsFrameLoader::MaybeCreateDocShell() { // context inside of nsDocShell::Create RefPtr docShell = nsDocShell::Create(mBrowsingContext); NS_ENSURE_TRUE(docShell, NS_ERROR_FAILURE); + mDocShell = docShell; mBrowsingContext->SetEmbedderElement(mOwnerContent); diff --git a/dom/base/nsFrameLoader.h b/dom/base/nsFrameLoader.h index eecec300e0d2..ccfaf0da8418 100644 --- a/dom/base/nsFrameLoader.h +++ b/dom/base/nsFrameLoader.h @@ -124,9 +124,7 @@ class nsFrameLoader final : public nsStubMutationObserver, void StartDestroy(); void DestroyDocShell(); void DestroyComplete(); - nsIDocShell* GetExistingDocShell() const { - return mBrowsingContext ? mBrowsingContext->GetDocShell() : nullptr; - } + nsIDocShell* GetExistingDocShell() const { return mDocShell; } mozilla::dom::InProcessBrowserChildMessageManager* GetBrowserChildMessageManager() const { return mChildMessageManager; @@ -429,10 +427,7 @@ class nsFrameLoader final : public nsStubMutationObserver, nsresult MaybeCreateDocShell(); nsresult EnsureMessageManager(); nsresult ReallyLoadFrameScripts(); - nsDocShell* GetDocShell() const { - return mBrowsingContext ? nsDocShell::Cast(mBrowsingContext->GetDocShell()) - : nullptr; - } + nsDocShell* GetDocShell() const { return mDocShell; } // Updates the subdocument position and size. This gets called only // when we have our own in-process DocShell. @@ -508,6 +503,7 @@ class nsFrameLoader final : public nsStubMutationObserver, uint64_t mChildID; RefPtr mRemoteBrowser; + RefPtr mDocShell; // Holds the last known size of the frame. mozilla::ScreenIntSize mLazySize;