From d3d39b98aa0b0161be4e573c440ce642617d6d15 Mon Sep 17 00:00:00 2001 From: Mike Antipov Date: Tue, 20 Jul 2010 15:17:46 +0300 Subject: EXT-8458 FIXED ensure that static pointer to instance of LLPanelStandStopFlying is always valid to prevent crash. Consequences of root cause: Static pointer to LLPanelStandStopFlying in LLPanelStandStopFlying::getInstance() becomes invalid when the instance of the LLPanelStandStopFlying is a child of floater while it is destroying. Next usage of that pointed cause a crash. Root Cause: 1. LLFloater::closeFloater sets floater invisible and marks floater as "dead" but does not destroy it. 2. But that instance was still in LLFloaterReg map. It is removed in LLFloater's destructor. 3. So it was possible on low fps to get "dead" floater with LLFloaterReg, LLFloaterMove in this case. 4. Then LLMortician deleted floater instance shown on previous step. Call of setVisible(false) from the LLFloater's destructor does not call overridden LLFloaterMove's method (which is expected behavior.) So, child panel LLPanelStandStopFlying was not re-parented to Main View and was destroyed with LLFloaterMove. That leaded to the "Top Reason" described above. FIX: 1. Ensure that LLPanelStandStopFlying is not a child of LLFloaterMove on its destroying. 2. Synchronized removing of a floater instance from the LLFloaterReg when it is marked as "dead". Note: both changes fixes this bug independently, but I included both of them into result patch to avoid similar but in the future. Reviewed by Vadim Savchuk at https://codereview.productengine.com/secondlife/r/781/ --HG-- branch : product-engine --- indra/llui/llfloater.cpp | 8 ++++++++ indra/llui/llfloater.h | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'indra/llui') diff --git a/indra/llui/llfloater.cpp b/indra/llui/llfloater.cpp index 39a6855273..22d6f6ca52 100644 --- a/indra/llui/llfloater.cpp +++ b/indra/llui/llfloater.cpp @@ -451,6 +451,14 @@ void LLFloater::enableResizeCtrls(bool enable) } } +void LLFloater::destroy() +{ + // LLFloaterReg should be synchronized with "dead" floater to avoid returning dead instance before + // it was deleted via LLMortician::updateClass(). See EXT-8458. + LLFloaterReg::removeInstance(mInstanceName, mKey); + die(); +} + // virtual LLFloater::~LLFloater() { diff --git a/indra/llui/llfloater.h b/indra/llui/llfloater.h index 3ea035777c..42f422f91c 100644 --- a/indra/llui/llfloater.h +++ b/indra/llui/llfloater.h @@ -308,7 +308,7 @@ protected: BOOL getAutoFocus() const { return mAutoFocus; } LLDragHandle* getDragHandle() const { return mDragHandle; } - void destroy() { die(); } // Don't call this directly. You probably want to call closeFloater() + void destroy(); // Don't call this directly. You probably want to call closeFloater() virtual void onClickCloseBtn(); -- cgit v1.2.3