Context Navigation

Changeset 139876 in webkit

Timestamp:

Jan 16, 2013 5:55:49 AM (11 years ago)

Author:

jocelyn.turcotte@digia.com

Message:

Reviewed by Adam Barth.

Source/WebCore:

Add an assert to increase the chances of catching this crash
early on in the future.

(WebCore::Document::takeDOMWindowFrom):

Source/WebKit/qt:

Remove the call to HistoryController::setCurrentItem which is ultimately
causing the initial empty document of a page to be added to the page cache.

This re-introduce the bug that was fixed by this line, which will be
properly fixed in a follow-up patch.

(operator>>):

(tst_QWebHistory::saveAndRestore_crash_4): Cover the crash.

Location:

trunk/Source

Files:

-                      r139873
+                      r139876
+-01-16  Jocelyn Turcotte  <jocelyn.turcotte@digia.com>
+        [Qt] Crash in WebCore::CachedFrame::destroy
+        https://bugs.webkit.org/show_bug.cgi?id=104525
+        Reviewed by Adam Barth.
+        Add an assert to increase the chances of catching this crash
+        early on in the future.
+        * dom/Document.cpp:
+        (WebCore::Document::takeDOMWindowFrom):
 -01-16  Andrey Lushnikov  <lushnikov@chromium.org>

r139780	r139876
3604	3604	ASSERT(!m_domWindow);
3605	3605	ASSERT(document->domWindow());
	3606	// A valid DOMWindow is needed by CachedFrame for its documents.
	3607	ASSERT(!document->inPageCache());
3606	3608
3607	3609	m_domWindow = document->m_domWindow.release();

r135515	r139876
543	543	}
544	544	d->lst->removeItem(nullItem);
545		~~// Update the HistoryController.~~
546		~~static_cast<WebCore::BackForwardListImpl*>(history.d->lst)->page()->mainFrame()->loader()->history()->setCurrentItem(history.d->lst->entries()[currentIndex].get());~~
547	545	history.goToItem(history.itemAt(currentIndex));
548	546	}

-                      r139526
+                      r139876
+-01-16  Jocelyn Turcotte  <jocelyn.turcotte@digia.com>
+        [Qt] Crash in WebCore::CachedFrame::destroy
+        https://bugs.webkit.org/show_bug.cgi?id=104525
+        Reviewed by Adam Barth.
+        Remove the call to HistoryController::setCurrentItem which is ultimately
+        causing the initial empty document of a page to be added to the page cache.
+        This re-introduce the bug that was fixed by this line, which will be
+        properly fixed in a follow-up patch.
+        * Api/qwebhistory.cpp:
+        (operator>>):
+        * tests/qwebhistory/tst_qwebhistory.cpp:
+        (tst_QWebHistory::saveAndRestore_crash_4): Cover the crash.
 -01-11  Huang Dongsung  <luxtella@company100.net>

-                      r125603
+                      r139876
     void serialize_2(); //QWebHistory index
     void serialize_3(); //QWebHistoryItem
+    // Those tests shouldn't crash
     void saveAndRestore_crash_1();
     void saveAndRestore_crash_2();
     void saveAndRestore_crash_3();
+    void saveAndRestore_crash_4();
     void popPushState_data();
     void popPushState();
 …
+}
-/** The test shouldn't crash */
 void tst_QWebHistory::saveAndRestore_crash_1()
+{
 …
+}
-/** The test shouldn't crash */
 void tst_QWebHistory::saveAndRestore_crash_2()
+{
 …
+}
-/** The test shouldn't crash */
 void tst_QWebHistory::saveAndRestore_crash_3()
+{
 …
+}
+void tst_QWebHistory::saveAndRestore_crash_4()
+{
+    QByteArray buffer;
+    saveHistory(hist, &buffer);
+    QWebPage* page2 = new QWebPage(this);
+    // The initial crash was in PageCache.
+    page2->settings()->setMaximumPagesInCache(3);
+    // Load the history in a new page, waiting for the load to finish.
+    QEventLoop waitForLoadFinished;
+    QObject::connect(page2, SIGNAL(loadFinished(bool)), &waitForLoadFinished, SLOT(quit()), Qt::QueuedConnection);
+    QDataStream load(&buffer, QIODevice::ReadOnly);
+    load >> *page2->history();
+    waitForLoadFinished.exec();
+    delete page2;
+    // Give some time for the PageCache cleanup 0-timer to fire.
+    QTest::qWait(50);
+}
 void tst_QWebHistory::popPushState_data()
+{

Note: See TracChangeset for help on using the changeset viewer.