Changeset 167913 in webkit


Ignore:
Timestamp:
Apr 28, 2014 5:31:45 PM (10 years ago)
Author:
msaboff@apple.com
Message:

Crash in platform/mac/accessibility/table-visible-rows.html
https://bugs.webkit.org/show_bug.cgi?id=132146

Reviewed by Filip Pizlo.

Instead of creating a local JSValueRef array on the stack and passing that to
JSObjectMakeArray(), changed to create an empty JSArray and then populate the
values using the JSObjectSetPropertyAtIndex() API.

  • DumpRenderTree/AccessibilityUIElement.cpp:

(elementsForRangeCallback):
(convertElementsToObjectArray):

  • DumpRenderTree/mac/TestRunnerMac.mm:

(originsArrayToJS):

  • WebKitTestRunner/InjectedBundle/EventSendingController.cpp:

(WTR::EventSendingController::contextClick):

  • WebKitTestRunner/InjectedBundle/TestRunner.cpp:

(WTR::stringArrayToJS):

  • WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm:

(WTR::convertElementsToObjectArray):

Location:
trunk/Tools
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/Tools/ChangeLog

    r167906 r167913  
     12014-04-28  Michael Saboff  <msaboff@apple.com>
     2
     3        Crash in platform/mac/accessibility/table-visible-rows.html
     4        https://bugs.webkit.org/show_bug.cgi?id=132146
     5
     6        Reviewed by Filip Pizlo.
     7
     8        Instead of creating a local JSValueRef array on the stack and passing that to
     9        JSObjectMakeArray(), changed to create an empty JSArray and then populate the
     10        values using the JSObjectSetPropertyAtIndex() API.
     11
     12        * DumpRenderTree/AccessibilityUIElement.cpp:
     13        (elementsForRangeCallback):
     14        (convertElementsToObjectArray):
     15        * DumpRenderTree/mac/TestRunnerMac.mm:
     16        (originsArrayToJS):
     17        * WebKitTestRunner/InjectedBundle/EventSendingController.cpp:
     18        (WTR::EventSendingController::contextClick):
     19        * WebKitTestRunner/InjectedBundle/TestRunner.cpp:
     20        (WTR::stringArrayToJS):
     21        * WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm:
     22        (WTR::convertElementsToObjectArray):
     23
    1242014-04-28  Filip Pizlo  <fpizlo@apple.com>
    225
  • trunk/Tools/DumpRenderTree/AccessibilityUIElement.cpp

    r167819 r167913  
    313313    toAXElement(thisObject)->elementsForRange(location, length, elements);
    314314   
     315    JSValueRef arrayResult = JSObjectMakeArray(context, 0, 0, 0);
     316    JSObjectRef arrayObj = JSValueToObject(context, arrayResult, 0);
    315317    unsigned elementsSize = elements.size();
    316     JSValueRef valueElements[elementsSize];
    317318    for (unsigned k = 0; k < elementsSize; ++k)
    318         valueElements[k] = AccessibilityUIElement::makeJSAccessibilityUIElement(context, elements[k]);
    319    
    320     return JSObjectMakeArray(context, elementsSize, valueElements, 0);
     319        JSObjectSetPropertyAtIndex(context, arrayObj, k, AccessibilityUIElement::makeJSAccessibilityUIElement(context, elements[k]), 0);
     320   
     321    return arrayResult;
    321322}
    322323
     
    519520static JSValueRef convertElementsToObjectArray(JSContextRef context, Vector<AccessibilityUIElement>& elements, JSValueRef* exception)
    520521{
     522    JSValueRef arrayResult = JSObjectMakeArray(context, 0, 0, 0);
     523    JSObjectRef arrayObj = JSValueToObject(context, arrayResult, 0);
     524
    521525    size_t elementCount = elements.size();
    522     JSValueRef valueElements[elementCount];
    523526    for (size_t i = 0; i < elementCount; ++i)
    524         valueElements[i] = AccessibilityUIElement::makeJSAccessibilityUIElement(context, elements[i]);
    525    
    526     return JSObjectMakeArray(context, elementCount, valueElements, exception);
     527        JSObjectSetPropertyAtIndex(context, arrayObj, i, AccessibilityUIElement::makeJSAccessibilityUIElement(context, elements[i]), 0);
     528
     529    return arrayResult;
    527530}
    528531
  • trunk/Tools/DumpRenderTree/mac/TestRunnerMac.mm

    r165676 r167913  
    195195    NSUInteger count = [origins count];
    196196
    197     JSValueRef jsOriginsArray[count];
     197    JSValueRef arrayResult = JSObjectMakeArray(context, 0, 0, 0);
     198    JSObjectRef arrayObj = JSValueToObject(context, arrayResult, 0);
    198199    for (NSUInteger i = 0; i < count; i++) {
    199200        NSString *origin = [[origins objectAtIndex:i] databaseIdentifier];
    200201        JSRetainPtr<JSStringRef> originJS(Adopt, JSStringCreateWithCFString((CFStringRef)origin));
    201         jsOriginsArray[i] = JSValueMakeString(context, originJS.get());
    202     }
    203 
    204     return JSObjectMakeArray(context, count, jsOriginsArray, NULL);
     202        JSObjectSetPropertyAtIndex(context, arrayObj, i, JSValueMakeString(context, originJS.get()), 0);
     203    }
     204
     205    return arrayResult;
    205206}
    206207
  • trunk/Tools/WebKitTestRunner/InjectedBundle/EventSendingController.cpp

    r167819 r167913  
    438438
    439439    WKRetainPtr<WKArrayRef> menuEntries = adoptWK(WKBundlePageCopyContextMenuItems(page));
     440    JSValueRef arrayResult = JSObjectMakeArray(context, 0, 0, 0);
     441    JSObjectRef arrayObj = JSValueToObject(context, arrayResult, 0);
    440442    size_t entriesSize = WKArrayGetSize(menuEntries.get());
    441     JSValueRef jsValuesArray[entriesSize];
    442443    for (size_t i = 0; i < entriesSize; ++i) {
    443444        ASSERT(WKGetTypeID(WKArrayGetItemAtIndex(menuEntries.get(), i)) == WKContextMenuItemGetTypeID());
     
    445446        WKContextMenuItemRef item = static_cast<WKContextMenuItemRef>(WKArrayGetItemAtIndex(menuEntries.get(), i));
    446447        MenuItemPrivateData* privateData = new MenuItemPrivateData(page, item);
    447         jsValuesArray[i] = JSObjectMake(context, getMenuItemClass(), privateData);
     448        JSObjectSetPropertyAtIndex(context, arrayObj, i, JSObjectMake(context, getMenuItemClass(), privateData), 0);
    448449    }
    449450
    450     return JSObjectMakeArray(context, entriesSize, jsValuesArray, 0);
     451    return arrayResult;
    451452#else
    452453    return JSValueMakeUndefined(context);
  • trunk/Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp

    r165545 r167913  
    276276    const size_t count = WKArrayGetSize(strings);
    277277
    278     auto jsStringsArray = std::make_unique<JSValueRef[]>(count);
     278    JSValueRef arrayResult = JSObjectMakeArray(context, 0, 0, 0);
     279    JSObjectRef arrayObj = JSValueToObject(context, arrayResult, 0);
    279280    for (size_t i = 0; i < count; ++i) {
    280281        WKStringRef stringRef = static_cast<WKStringRef>(WKArrayGetItemAtIndex(strings, i));
    281282        JSRetainPtr<JSStringRef> stringJS = toJS(stringRef);
    282         jsStringsArray[i] = JSValueMakeString(context, stringJS.get());
     283        JSObjectSetPropertyAtIndex(context, arrayObj, i, JSValueMakeString(context, stringJS.get()), 0);
    283284    }
    284285
    285     return JSObjectMakeArray(context, count, jsStringsArray.get(), 0);
     286    return arrayResult;
    286287}
    287288
  • trunk/Tools/WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm

    r167819 r167913  
    179179static JSValueRef convertElementsToObjectArray(JSContextRef context, Vector<RefPtr<AccessibilityUIElement>>& elements)
    180180{
     181    JSValueRef arrayResult = JSObjectMakeArray(context, 0, 0, 0);
     182    JSObjectRef arrayObj = JSValueToObject(context, arrayResult, 0);
    181183    size_t elementCount = elements.size();
    182     JSValueRef valueElements[elementCount];
    183184    for (size_t i = 0; i < elementCount; ++i)
    184         valueElements[i] = JSObjectMake(context, elements[i]->wrapperClass(), elements[i].get());
    185    
    186     return JSObjectMakeArray(context, elementCount, valueElements, nullptr);
     185        JSObjectSetPropertyAtIndex(context, arrayObj, i, JSObjectMake(context, elements[i]->wrapperClass(), elements[i].get()), 0);
     186   
     187    return arrayResult;
    187188}
    188189
Note: See TracChangeset for help on using the changeset viewer.