Changeset 108724 in webkit


Ignore:
Timestamp:
Feb 23, 2012 8:58:34 PM (12 years ago)
Author:
commit-queue@webkit.org
Message:

Don't clear IntentRequest callback pointers on stop()

This causes re-entry into ScriptExecutionContext when
the ActiveDOMCallback objects get deleted, which crashes.
Instead, just de-activate the object and wait for
context destruction to clean up.

Test crashes consistently without fix and passes with fix.
Added some test infrastructure to support this test.
https://bugs.webkit.org/show_bug.cgi?id=78638

Patch by Greg Billock <gbillock@google.com> on 2012-02-23
Reviewed by Adam Barth.

  • Modules/intents/IntentRequest.cpp:

(WebCore::IntentRequest::IntentRequest):
(WebCore::IntentRequest::stop):
(WebCore::IntentRequest::postResult):
(WebCore::IntentRequest::postFailure):

  • Modules/intents/IntentRequest.h:

(IntentRequest):

Location:
trunk
Files:
5 added
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r108722 r108724  
     12012-02-23  Greg Billock  <gbillock@google.com>
     2
     3        Don't clear IntentRequest callback pointers on stop()
     4
     5        This causes re-entry into ScriptExecutionContext when
     6        the ActiveDOMCallback objects get deleted, which crashes.
     7        Instead, just de-activate the object and wait for
     8        context destruction to clean up.
     9
     10        Test crashes consistently without fix and passes with fix.
     11        Added some test infrastructure to support this test.
     12        https://bugs.webkit.org/show_bug.cgi?id=78638
     13
     14        Reviewed by Adam Barth.
     15
     16        * Modules/intents/IntentRequest.cpp:
     17        (WebCore::IntentRequest::IntentRequest):
     18        (WebCore::IntentRequest::stop):
     19        (WebCore::IntentRequest::postResult):
     20        (WebCore::IntentRequest::postFailure):
     21        * Modules/intents/IntentRequest.h:
     22        (IntentRequest):
     23
    1242012-02-23  Konrad Piascik  <kpiascik@rim.com>
    225

  • trunk/Source/WebCore/Modules/intents/IntentRequest.cpp

    r107239 r108724  
    5555    , m_successCallback(successCallback)
    5656    , m_errorCallback(errorCallback)
     57    , m_stopped(false)
    5758{
    5859}
     
    6162{
    6263    ContextDestructionObserver::contextDestroyed();
    63     m_successCallback.clear();
    64     m_errorCallback.clear();
     64    m_stopped = true;
    6565}
    6666
    6767void IntentRequest::stop()
    6868{
    69     m_successCallback.clear();
    70     m_errorCallback.clear();
     69    m_stopped = true;
    7170}
    7271
    7372void IntentRequest::postResult(SerializedScriptValue* data)
    7473{
     74    if (m_stopped)
     75        return;
     76
    7577    // Callback could lead to deletion of this.
    7678    RefPtr<IntentRequest> protector(this);
     
    8789void IntentRequest::postFailure(SerializedScriptValue* data)
    8890{
     91    if (m_stopped)
     92        return;
     93
    8994    // Callback could lead to deletion of this.
    9095    RefPtr<IntentRequest> protector(this);

  • trunk/Source/WebCore/Modules/intents/IntentRequest.h

    r104531 r108724  
    6161    RefPtr<IntentResultCallback> m_successCallback;
    6262    RefPtr<IntentResultCallback> m_errorCallback;
     63    bool m_stopped;
    6364};
    6465

  • trunk/Tools/DumpRenderTree/chromium/WebViewHost.cpp

    r108487 r108724  
    4848#include "WebGeolocationClientMock.h"
    4949#include "WebHistoryItem.h"
     50#include "WebIntent.h"
    5051#include "WebKit.h"
    5152#include "WebNode.h"
     
    13121313
    13131314    return false;
     1315}
     1316
     1317void WebViewHost::dispatchIntent(WebFrame* source, const WebIntentRequest& request)
     1318{
     1319    printf("Received Web Intent: action=%s type=%s\n",
     1320           request.intent().action().utf8().data(),
     1321           request.intent().type().utf8().data());
     1322    m_currentRequest = request;
    13141323}
    13151324

  • trunk/Tools/DumpRenderTree/chromium/WebViewHost.h

    r108487 r108724  
    3838#include "WebCursorInfo.h"
    3939#include "WebFrameClient.h"
     40#include "WebIntentRequest.h"
    4041#include "WebSpellCheckClient.h"
    4142#include "WebViewClient.h"
     
    238239    virtual void openFileSystem(WebKit::WebFrame*, WebKit::WebFileSystem::Type, long long size, bool create, WebKit::WebFileSystemCallbacks*);
    239240    virtual bool willCheckAndDispatchMessageEvent(WebKit::WebFrame* source, WebKit::WebSecurityOrigin target, WebKit::WebDOMMessageEvent);
     241    virtual void dispatchIntent(WebKit::WebFrame* source, const WebKit::WebIntentRequest&);
    240242
    241243    WebKit::WebDeviceOrientationClientMock* deviceOrientationClientMock();
     
    411413    } m_pointerLockPlannedResult;
    412414#endif
     415
     416    // For web intents: holds the current request, if any.
     417    WebKit::WebIntentRequest m_currentRequest;
    413418};
    414419
Note: See TracChangeset for help on using the changeset viewer.