Changeset 183729 in webkit


Ignore:
Timestamp:
May 3, 2015 2:54:35 AM (9 years ago)
Author:
Carlos Garcia Campos
Message:

[GTK] API tests crashing on debug builds due to extra unref
https://bugs.webkit.org/show_bug.cgi?id=144508

Reviewed by Mario Sanchez Prada.

The problem is that we were assuming that when a new DOMWindow is
created, the DOM object cache was notified about the previous
DOMWindow being destroyed before objects for the new DOMWindow are
added to the cache. However, that's not always the case and we
only create a DOMWindowObserver for the first DOMWindow. We need
to keep a pointer to the DOMWindow being observed to clear() the
cache and create a new DOMWindowObserver when it changes in the
Frame.

Fixes crashes in several unit tests in debug builds.

  • bindings/gobject/DOMObjectCache.cpp:
Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebCore/ChangeLog

    r183727 r183729  
     12015-05-03  Carlos Garcia Campos  <cgarcia@igalia.com>
     2
     3        [GTK] API tests crashing on debug builds due to extra unref
     4        https://bugs.webkit.org/show_bug.cgi?id=144508
     5
     6        Reviewed by Mario Sanchez Prada.
     7
     8        The problem is that we were assuming that when a new DOMWindow is
     9        created, the DOM object cache was notified about the previous
     10        DOMWindow being destroyed before objects for the new DOMWindow are
     11        added to the cache. However, that's not always the case and we
     12        only create a DOMWindowObserver for the first DOMWindow. We need
     13        to keep a pointer to the DOMWindow being observed to clear() the
     14        cache and create a new DOMWindowObserver when it changes in the
     15        Frame.
     16
     17        Fixes crashes in several unit tests in debug builds.
     18
     19        * bindings/gobject/DOMObjectCache.cpp:
     20
    1212015-05-03  Alexey Proskuryakov  <ap@apple.com>
    222
  • trunk/Source/WebCore/bindings/gobject/DOMObjectCache.cpp

    r182537 r183729  
    101101        ASSERT(!m_objects.contains(&data));
    102102
    103         if (!m_domWindowObserver && m_frame->document()->domWindow())
    104             m_domWindowObserver = std::make_unique<DOMWindowObserver>(*m_frame, *this);
     103        WebCore::DOMWindow* domWindow = m_frame->document()->domWindow();
     104        if (domWindow && (!m_domWindowObserver || m_domWindowObserver->domWindow() != domWindow)) {
     105            // New DOMWindow, clear the cache and create a new DOMWindowObserver.
     106            clear();
     107            m_domWindowObserver = std::make_unique<DOMWindowObserver>(*m_frame, *this, domWindow);
     108        }
    105109
    106110        m_objects.append(&data);
     
    112116        WTF_MAKE_FAST_ALLOCATED;
    113117    public:
    114         DOMWindowObserver(WebCore::Frame& frame, DOMObjectCacheFrameObserver& frameObserver)
     118        DOMWindowObserver(WebCore::Frame& frame, DOMObjectCacheFrameObserver& frameObserver, WebCore::DOMWindow* window)
    115119            : DOMWindowProperty(&frame)
    116120            , m_frameObserver(frameObserver)
     121            , m_domWindow(window)
    117122        {
     123            ASSERT(m_domWindow);
    118124        }
    119125
     
    121127        {
    122128        }
     129
     130        WebCore::DOMWindow* domWindow() const { return m_domWindow; }
    123131
    124132    private:
     
    131139
    132140        DOMObjectCacheFrameObserver& m_frameObserver;
     141        WebCore::DOMWindow* m_domWindow;
    133142    };
    134143
Note: See TracChangeset for help on using the changeset viewer.