synchronize access to pictureReady, copyContentPicture
Two methods in WebViewCore are called from WebView. The C
underpinnings were synchronized with a mutex, but the Java
shell was not, so under rare cirumstances, the Java side might
delete the native class. Add Java synchronization to
protect against this.
Fixes http://b/issue?id=2121684
diff --git a/core/java/android/webkit/WebViewCore.java b/core/java/android/webkit/WebViewCore.java
index 799312d..5f2d65e 100644
--- a/core/java/android/webkit/WebViewCore.java
+++ b/core/java/android/webkit/WebViewCore.java
@@ -837,9 +837,11 @@
case DESTROY:
// Time to take down the world. Cancel all pending
// loads and destroy the native view and frame.
- mBrowserFrame.destroy();
- mBrowserFrame = null;
- mNativeClass = 0;
+ synchronized (WebViewCore.this) {
+ mBrowserFrame.destroy();
+ mBrowserFrame = null;
+ mNativeClass = 0;
+ }
break;
case UPDATE_FRAME_CACHE_IF_LOADING:
@@ -1623,11 +1625,11 @@
}
}
- /* package */ boolean pictureReady() {
+ /* package */ synchronized boolean pictureReady() {
return nativePictureReady();
}
- /*package*/ Picture copyContentPicture() {
+ /*package*/ synchronized Picture copyContentPicture() {
Picture result = new Picture();
nativeCopyContentToPicture(result);
return result;