Changeset 167818 in webkit
- Timestamp:
- Apr 25, 2014 1:30:07 PM (10 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 3 edited
-
LayoutTests/ChangeLog (modified) (1 diff)
-
LayoutTests/editing/apply-style-iframe-crash-expected.txt (added)
-
LayoutTests/editing/apply-style-iframe-crash.html (added)
-
Source/WebCore/ChangeLog (modified) (1 diff)
-
Source/WebCore/editing/CompositeEditCommand.cpp (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r167817 r167818 1 2014-04-23 Jon Honeycutt <jhoneycutt@apple.com> 2 3 Crash applying editing commands from iframe onload event 4 5 <https://bugs.webkit.org/show_bug.cgi?id=132103> 6 <rdar://problem/15696351> 7 8 Reviewed by Darin Adler. 9 10 * editing/apply-style-iframe-crash-expected.txt: Added. 11 * editing/apply-style-iframe-crash.html: Added. 12 1 13 2014-04-25 David Hyatt <hyatt@apple.com> 2 14 -
trunk/Source/WebCore/ChangeLog
r167817 r167818 1 2014-04-23 Jon Honeycutt <jhoneycutt@apple.com> 2 3 Crash applying editing commands from iframe onload event 4 5 <https://bugs.webkit.org/show_bug.cgi?id=132103> 6 <rdar://problem/15696351> 7 8 This patch merges the Chromium bug workaround from 9 <http://src.chromium.org/viewvc/blink?revision=162080&view=revision>, 10 which prevents reentrancy in CompositeEditCommand::apply(). 11 12 Reviewed by Darin Adler. 13 14 Test: editing/apply-style-iframe-crash.html 15 16 * editing/CompositeEditCommand.cpp: 17 (WebCore::HTMLNames::ReentrancyGuard::isRecursiveCall): 18 (WebCore::HTMLNames::ReentrancyGuard::Scope::Scope): 19 (WebCore::HTMLNames::ReentrancyGuard::Scope::~Scope): 20 (WebCore::CompositeEditCommand::apply): 21 If this is a recursive call, return early. 22 1 23 2014-04-25 David Hyatt <hyatt@apple.com> 2 24 -
trunk/Source/WebCore/editing/CompositeEditCommand.cpp
r165848 r167818 81 81 using namespace HTMLNames; 82 82 83 namespace ApplyEditCommand { 84 85 class ReentrancyGuard { 86 public: 87 static bool isRecursiveCall() { return s_nestingCounter; } 88 89 class Scope { 90 public: 91 Scope() { ++s_nestingCounter; } 92 ~Scope() { --s_nestingCounter; } 93 }; 94 friend class Scope; 95 96 private: 97 static unsigned s_nestingCounter; 98 }; 99 unsigned ApplyEditCommand::ReentrancyGuard::s_nestingCounter; 100 101 } // namespace ApplyEditCommand 102 83 103 PassRefPtr<EditCommandComposition> EditCommandComposition::create(Document& document, 84 104 const VisibleSelection& startingSelection, const VisibleSelection& endingSelection, EditAction editAction) … … 195 215 void CompositeEditCommand::apply() 196 216 { 217 // It's possible to enter this recursively, but legitimate cases of that are rare, and it can cause crashes. As a 218 // temporary fix, guard against recursive calls. 219 // FIXME: <rdar://16701803> Remove this workaround when <rdar://15797536> is fixed. 220 if (ApplyEditCommand::ReentrancyGuard::isRecursiveCall()) 221 return; 222 197 223 if (!endingSelection().isContentRichlyEditable()) { 198 224 switch (editingAction()) { … … 221 247 222 248 { 223 EventQueueScope scope; 249 EventQueueScope eventQueueScope; 250 ApplyEditCommand::ReentrancyGuard::Scope reentrancyGuardScope; 224 251 #if ENABLE(DELETION_UI) 225 252 DeleteButtonControllerDisableScope deleteButtonControllerDisableScope(&frame());
Note: See TracChangeset
for help on using the changeset viewer.
