Changeset 51306 in webkit


Ignore:
Timestamp:
Nov 23, 2009 4:58:30 AM (14 years ago)
Author:
eric@webkit.org
Message:

2009-11-23 Simon Hausmann <simon.hausmann@nokia.com>

Reviewed by Kenneth Rohde Christiansen.

[Qt] Wrong runtime instance objects of wrapped QObjects may be used if
the wrapped object died before the gc removed the instance.

https://bugs.webkit.org/show_bug.cgi?id=31681

Before using a cached instance, verify that its wrapped QObject is
still alive.

  • bridge/qt/qt_instance.cpp: (JSC::Bindings::QtInstance::getQtInstance):
  • bridge/qt/qt_instance.h: (JSC::Bindings::QtInstance::hashKey):

2009-11-23 Simon Hausmann <simon.hausmann@nokia.com>

Reviewed by Kenneth Rohde Christiansen.

[Qt] Wrong runtime instance objects of wrapped QObjects may be used if
the wrapped object died before the gc removed the instance.

https://bugs.webkit.org/show_bug.cgi?id=31681

Added a unit-test to verify that wrapping a QObject with the
same identity as a previously but now dead object works.

  • tests/qwebframe/tst_qwebframe.cpp:
Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/WebCore/ChangeLog

    r51304 r51306  
     12009-11-23  Simon Hausmann  <simon.hausmann@nokia.com>
     2
     3        Reviewed by Kenneth Rohde Christiansen.
     4
     5        [Qt] Wrong runtime instance objects of wrapped QObjects may be used if
     6        the wrapped object died before the gc removed the instance.
     7
     8        https://bugs.webkit.org/show_bug.cgi?id=31681
     9
     10        Before using a cached instance, verify that its wrapped QObject is
     11        still alive.
     12
     13        * bridge/qt/qt_instance.cpp:
     14        (JSC::Bindings::QtInstance::getQtInstance):
     15        * bridge/qt/qt_instance.h:
     16        (JSC::Bindings::QtInstance::hashKey):
     17
    1182009-11-22  Chris Fleizach  <cfleizach@apple.com>
    219
  • trunk/WebCore/bridge/qt/qt_instance.cpp

    r51052 r51306  
    120120    JSLock lock(SilenceAssertionsOnly);
    121121
    122     foreach(QtInstance* instance, cachedInstances.values(o)) {
    123         if (instance->rootObject() == rootObject)
    124             return instance;
    125     }
     122    foreach(QtInstance* instance, cachedInstances.values(o))
     123        if (instance->rootObject() == rootObject) {
     124            // The garbage collector removes instances, but it may happen that the wrapped
     125            // QObject dies before the gc kicks in. To handle that case we have to do an additional
     126            // check if to see if the instance's wrapped object is still alive. If it isn't, then
     127            // we have to create a new wrapper.
     128            if (!instance->getObject())
     129                cachedInstances.remove(instance->hashKey());
     130            else
     131                return instance;
     132        }
    126133
    127134    RefPtr<QtInstance> ret = QtInstance::create(o, rootObject, ownership);
  • trunk/WebCore/bridge/qt/qt_instance.h

    r48538 r51306  
    6060
    6161    QObject* getObject() const { return m_object; }
     62    QObject* hashKey() const { return m_hashkey; }
    6263
    6364    static PassRefPtr<QtInstance> getQtInstance(QObject*, PassRefPtr<RootObject>, QScriptEngine::ValueOwnership ownership);
  • trunk/WebKit/qt/ChangeLog

    r51186 r51306  
     12009-11-23  Simon Hausmann  <simon.hausmann@nokia.com>
     2
     3        Reviewed by Kenneth Rohde Christiansen.
     4
     5        [Qt] Wrong runtime instance objects of wrapped QObjects may be used if
     6        the wrapped object died before the gc removed the instance.
     7
     8        https://bugs.webkit.org/show_bug.cgi?id=31681
     9
     10        Added a unit-test to verify that wrapping a QObject with the
     11        same identity as a previously but now dead object works.
     12
     13        * tests/qwebframe/tst_qwebframe.cpp:
     14
    1152009-11-19  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
    216
  • trunk/WebKit/qt/tests/qwebframe/tst_qwebframe.cpp

    r51184 r51306  
    605605    void scrollPosition();
    606606    void evaluateWillCauseRepaint();
     607    void qObjectWrapperWithSameIdentity();
    607608
    608609private:
     
    27592760}
    27602761
     2762class TestFactory : public QObject
     2763{
     2764    Q_OBJECT
     2765public:
     2766    TestFactory()
     2767        : obj(0), counter(0)
     2768    {}
     2769
     2770    Q_INVOKABLE QObject* getNewObject()
     2771    {
     2772        delete obj;
     2773        obj = new QObject(this);
     2774        obj->setObjectName(QLatin1String("test") + QString::number(++counter));
     2775        return obj;
     2776
     2777    }
     2778
     2779    QObject* obj;
     2780    int counter;
     2781};
     2782
     2783void tst_QWebFrame::qObjectWrapperWithSameIdentity()
     2784{
     2785    m_view->setHtml("<script>function triggerBug() { document.getElementById('span1').innerText = test.getNewObject().objectName; }</script>"
     2786                    "<body><span id='span1'>test</span></body>");
     2787
     2788    QWebFrame* mainFrame = m_view->page()->mainFrame();
     2789    QCOMPARE(mainFrame->toPlainText(), QString("test"));
     2790
     2791    mainFrame->addToJavaScriptWindowObject("test", new TestFactory, QScriptEngine::ScriptOwnership);
     2792
     2793    mainFrame->evaluateJavaScript("triggerBug();");
     2794    QCOMPARE(mainFrame->toPlainText(), QString("test1"));
     2795
     2796    mainFrame->evaluateJavaScript("triggerBug();");
     2797    QCOMPARE(mainFrame->toPlainText(), QString("test2"));
     2798}
    27612799
    27622800QTEST_MAIN(tst_QWebFrame)
Note: See TracChangeset for help on using the changeset viewer.