Changeset 25395 in webkit


Ignore:
Timestamp:
Sep 6, 2007 12:39:32 PM (17 years ago)
Author:
darin
Message:

Reviewed by Hyatt.

  • <rdar://problem/5457865> REGRESSION (9A527): Safari crashes when opening a page that immediately redirects to a PDF

I don't know how to make an automated test that trips over this.

The immediate cause of this regression was making a back/forward list entry in
this case. Earlier, the quick redirect would not results in a separate entry.
That's possibly a bug too, but it's better to fix the crash first.

The page cache was putting the document into a strange state: Still attached but
with the renderer set to 0. There was no good reason to do this, so got rid of it.
Moved the responsibility to the caller of not calling detach() when moving into
the page cache. This is more of a frame loader thing than a document thing.

  • dom/Document.cpp: (WebCore::Document::detach): Added assertions that this is only called on a document that's attached and not in the page cache. Also moved the call to willRemove in here, so that callers can't make the mistake of not calling that function. Removed the incorrectly-positioned code that made this function do less if it was called on a document in the page cache.
  • history/CachedPage.cpp: (WebCore::CachedPage::clear): Removed the code to handle a document with a renderer of 0. There was no need to put the document into this state. Any document in the page cache will always be "attached".
  • loader/FrameLoader.cpp: (WebCore::FrameLoader::clear): Added a check to prevent from calling an unnecessary cancelParsing() on a document that's in the page cache and guard the call to detach() with a check of attached(), like all other calls to detach() on DOM objects.
  • page/Frame.cpp: (WebCore::Frame::setView): Added a missing check of attached(), like all other calls to detach() on DOM objects. Also added code to not call detach() on the document when it's in the page cache. (WebCore::Frame::setDocument): This call site already had the attached() check, but was missing the page cache check.
Location:
trunk/WebCore
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/WebCore/ChangeLog

    r25387 r25395  
     12007-09-06  Darin Adler  <darin@apple.com>
     2
     3        Reviewed by Hyatt.
     4
     5        - <rdar://problem/5457865> REGRESSION (9A527): Safari crashes when opening a page
     6          that immediately redirects to a PDF
     7
     8        I don't know how to make an automated test that trips over this.
     9
     10        The immediate cause of this regression was making a back/forward list entry in
     11        this case. Earlier, the quick redirect would not results in a separate entry.
     12        That's possibly a bug too, but it's better to fix the crash first.
     13
     14        The page cache was putting the document into a strange state: Still attached but
     15        with the renderer set to 0. There was no good reason to do this, so got rid of it.
     16        Moved the responsibility to the caller of not calling detach() when moving into
     17        the page cache. This is more of a frame loader thing than a document thing.
     18
     19        * dom/Document.cpp: (WebCore::Document::detach): Added assertions that this is
     20        only called on a document that's attached and not in the page cache. Also moved
     21        the call to willRemove in here, so that callers can't make the mistake of not
     22        calling that function. Removed the incorrectly-positioned code that made this
     23        function do less if it was called on a document in the page cache.
     24
     25        * history/CachedPage.cpp: (WebCore::CachedPage::clear): Removed the code to handle
     26        a document with a renderer of 0. There was no need to put the document into this
     27        state. Any document in the page cache will always be "attached".
     28
     29        * loader/FrameLoader.cpp: (WebCore::FrameLoader::clear): Added a check to prevent
     30        from calling an unnecessary cancelParsing() on a document that's in the page cache
     31        and guard the call to detach() with a check of attached(), like all other calls to
     32        detach() on DOM objects.
     33
     34        * page/Frame.cpp:
     35        (WebCore::Frame::setView): Added a missing check of attached(), like all other
     36        calls to detach() on DOM objects. Also added code to not call detach() on the
     37        document when it's in the page cache.
     38        (WebCore::Frame::setDocument): This call site already had the attached() check,
     39        but was missing the page cache check.
     40
    1412007-09-05  David Harrison  <harrison@apple.com>
    242

  • trunk/WebCore/dom/Document.cpp

    r25346 r25395  
    11381138void Document::detach()
    11391139{
     1140    ASSERT(attached());
     1141    ASSERT(!m_inPageCache);
     1142
     1143    willRemove();
     1144
    11401145    RenderObject* render = renderer();
    11411146
     
    11431148    setRenderer(0);
    11441149   
    1145     if (m_inPageCache) {
    1146         if (render)
    1147             axObjectCache()->remove(render);
    1148         return;
    1149     }
    1150 
    11511150    // Empty out these lists as a performance optimization, since detaching
    11521151    // all the individual render objects will cause all the RenderImage

  • trunk/WebCore/history/CachedPage.cpp

    r24495 r25395  
    163163        Frame::clearTimers(m_view.get());
    164164
    165         bool detached = !m_document->renderer();
    166165        m_document->setInPageCache(false);
    167         if (detached) {
    168             m_document->detach();
    169             m_document->removeAllEventListenersFromAllNodes();
    170         }
     166        m_document->detach();
     167        m_document->removeAllEventListenersFromAllNodes();
    171168
    172169        m_view->clearFrame();

  • trunk/WebCore/loader/FrameLoader.cpp

    r25283 r25395  
    780780    m_needsClear = false;
    781781   
    782     if (m_frame->document()) {
     782    if (m_frame->document() && !m_frame->document()->inPageCache()) {
    783783        m_frame->document()->cancelParsing();
    784         m_frame->document()->willRemove();
    785         m_frame->document()->detach();
     784        if (m_frame->document()->attached())
     785            m_frame->document()->detach();
    786786    }
    787787

  • trunk/WebCore/page/Frame.cpp

    r25361 r25395  
    232232    // we wait until the view is destroyed, then things won't be
    233233    // hooked up enough for some JavaScript calls to work.
    234     if (d->m_doc && view == 0) {
     234    if (!view && d->m_doc && d->m_doc->attached() && !d->m_doc->inPageCache()) {
    235235        d->m_doc->detach();
    236236        if (d->m_view)
     
    268268void Frame::setDocument(PassRefPtr<Document> newDoc)
    269269{
    270     if (d->m_doc && d->m_doc->attached())
     270    if (d->m_doc && d->m_doc->attached() && !d->m_doc->inPageCache())
    271271        d->m_doc->detach();
    272272
Note: See TracChangeset for help on using the changeset viewer.