Changeset 95619 in webkit
- Timestamp:
- Sep 21, 2011 6:08:19 AM (13 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 3 edited
-
ChangeLog (modified) (1 diff)
-
dom/EventListenerMap.cpp (modified) (9 diffs)
-
dom/EventListenerMap.h (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r95614 r95619 1 2011-09-21 Andreas Kling <kling@webkit.org> 2 3 Protect against misuse of EventListenerIterator. 4 https://bugs.webkit.org/show_bug.cgi?id=68364 5 6 Reviewed by Darin Adler. 7 8 In debug mode, keep track of the number of active EventListenerIterators 9 on an EventListenerMap, and assert that there are no iterators when the 10 map is being modified. 11 12 * dom/EventListenerMap.cpp: 13 (WebCore::EventListenerMap::EventListenerMap): 14 (WebCore::EventListenerMap::clear): 15 (WebCore::EventListenerMap::add): 16 (WebCore::EventListenerMap::remove): 17 (WebCore::EventListenerMap::find): 18 (WebCore::EventListenerMap::removeFirstEventListenerCreatedFromMarkup): 19 (WebCore::EventListenerMap::copyEventListenersNotCreatedFromMarkupToTarget): 20 (WebCore::EventListenerIterator::EventListenerIterator): 21 (WebCore::EventListenerIterator::~EventListenerIterator): 22 * dom/EventListenerMap.h: 23 1 24 2011-09-21 Pavel Feldman <pfeldman@google.com> 2 25 -
trunk/Source/WebCore/dom/EventListenerMap.cpp
r95372 r95619 45 45 46 46 EventListenerMap::EventListenerMap() 47 #ifndef NDEBUG 48 : m_activeIteratorCount(0) 49 #endif 47 50 { 48 51 } … … 69 72 void EventListenerMap::clear() 70 73 { 74 ASSERT(!m_activeIteratorCount); 75 71 76 if (m_hashMap) { 72 77 deleteAllValues(*m_hashMap); … … 106 111 bool EventListenerMap::add(const AtomicString& eventType, PassRefPtr<EventListener> listener, bool useCapture) 107 112 { 113 ASSERT(!m_activeIteratorCount); 114 108 115 if (m_singleEventListenerVector && m_singleEventListenerType != eventType) { 109 116 // We already have a single (first) listener vector, and this event is not … … 144 151 bool EventListenerMap::remove(const AtomicString& eventType, EventListener* listener, bool useCapture, size_t& indexOfRemovedListener) 145 152 { 153 ASSERT(!m_activeIteratorCount); 154 146 155 if (!m_hashMap) { 147 156 if (m_singleEventListenerType != eventType) … … 169 178 EventListenerVector* EventListenerMap::find(const AtomicString& eventType) 170 179 { 180 ASSERT(!m_activeIteratorCount); 181 171 182 if (m_hashMap) { 172 183 EventListenerHashMap::iterator it = m_hashMap->find(eventType); … … 201 212 void EventListenerMap::removeFirstEventListenerCreatedFromMarkup(const AtomicString& eventType) 202 213 { 214 ASSERT(!m_activeIteratorCount); 215 203 216 if (m_hashMap) { 204 217 EventListenerHashMap::iterator result = m_hashMap->find(eventType); … … 240 253 void EventListenerMap::copyEventListenersNotCreatedFromMarkupToTarget(EventTarget* target) 241 254 { 255 ASSERT(!m_activeIteratorCount); 256 242 257 if (m_hashMap) { 243 258 EventListenerHashMap::iterator end = m_hashMap->end(); … … 273 288 m_map = &data->eventListenerMap; 274 289 290 #ifndef NDEBUG 291 m_map->m_activeIteratorCount++; 292 #endif 293 275 294 if (m_map->m_hashMap) { 276 295 m_mapIterator = m_map->m_hashMap->begin(); … … 278 297 } 279 298 } 299 300 #ifndef NDEBUG 301 EventListenerIterator::~EventListenerIterator() 302 { 303 if (m_map) 304 m_map->m_activeIteratorCount--; 305 } 306 #endif 280 307 281 308 EventListener* EventListenerIterator::nextListener() -
trunk/Source/WebCore/dom/EventListenerMap.h
r95372 r95619 76 76 AtomicString m_singleEventListenerType; 77 77 OwnPtr<EventListenerVector> m_singleEventListenerVector; 78 79 #ifndef NDEBUG 80 int m_activeIteratorCount; 81 #endif 78 82 }; 79 83 … … 82 86 public: 83 87 EventListenerIterator(); 84 85 // EventTarget must not be modified while an iterator is active.86 88 EventListenerIterator(EventTarget*); 89 #ifndef NDEBUG 90 ~EventListenerIterator(); 91 #endif 87 92 88 93 EventListener* nextListener();
Note: See TracChangeset
for help on using the changeset viewer.
