Changeset 51306 in webkit
- Timestamp:
- Nov 23, 2009 4:58:30 AM (14 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/WebCore/ChangeLog
r51304 r51306 1 2009-11-23 Simon Hausmann <simon.hausmann@nokia.com> 2 3 Reviewed by Kenneth Rohde Christiansen. 4 5 [Qt] Wrong runtime instance objects of wrapped QObjects may be used if 6 the wrapped object died before the gc removed the instance. 7 8 https://bugs.webkit.org/show_bug.cgi?id=31681 9 10 Before using a cached instance, verify that its wrapped QObject is 11 still alive. 12 13 * bridge/qt/qt_instance.cpp: 14 (JSC::Bindings::QtInstance::getQtInstance): 15 * bridge/qt/qt_instance.h: 16 (JSC::Bindings::QtInstance::hashKey): 17 1 18 2009-11-22 Chris Fleizach <cfleizach@apple.com> 2 19 -
trunk/WebCore/bridge/qt/qt_instance.cpp
r51052 r51306 120 120 JSLock lock(SilenceAssertionsOnly); 121 121 122 foreach(QtInstance* instance, cachedInstances.values(o)) { 123 if (instance->rootObject() == rootObject) 124 return instance; 125 } 122 foreach(QtInstance* instance, cachedInstances.values(o)) 123 if (instance->rootObject() == rootObject) { 124 // The garbage collector removes instances, but it may happen that the wrapped 125 // QObject dies before the gc kicks in. To handle that case we have to do an additional 126 // check if to see if the instance's wrapped object is still alive. If it isn't, then 127 // we have to create a new wrapper. 128 if (!instance->getObject()) 129 cachedInstances.remove(instance->hashKey()); 130 else 131 return instance; 132 } 126 133 127 134 RefPtr<QtInstance> ret = QtInstance::create(o, rootObject, ownership); -
trunk/WebCore/bridge/qt/qt_instance.h
r48538 r51306 60 60 61 61 QObject* getObject() const { return m_object; } 62 QObject* hashKey() const { return m_hashkey; } 62 63 63 64 static PassRefPtr<QtInstance> getQtInstance(QObject*, PassRefPtr<RootObject>, QScriptEngine::ValueOwnership ownership); -
trunk/WebKit/qt/ChangeLog
r51186 r51306 1 2009-11-23 Simon Hausmann <simon.hausmann@nokia.com> 2 3 Reviewed by Kenneth Rohde Christiansen. 4 5 [Qt] Wrong runtime instance objects of wrapped QObjects may be used if 6 the wrapped object died before the gc removed the instance. 7 8 https://bugs.webkit.org/show_bug.cgi?id=31681 9 10 Added a unit-test to verify that wrapping a QObject with the 11 same identity as a previously but now dead object works. 12 13 * tests/qwebframe/tst_qwebframe.cpp: 14 1 15 2009-11-19 Jocelyn Turcotte <jocelyn.turcotte@nokia.com> 2 16 -
trunk/WebKit/qt/tests/qwebframe/tst_qwebframe.cpp
r51184 r51306 605 605 void scrollPosition(); 606 606 void evaluateWillCauseRepaint(); 607 void qObjectWrapperWithSameIdentity(); 607 608 608 609 private: … … 2759 2760 } 2760 2761 2762 class TestFactory : public QObject 2763 { 2764 Q_OBJECT 2765 public: 2766 TestFactory() 2767 : obj(0), counter(0) 2768 {} 2769 2770 Q_INVOKABLE QObject* getNewObject() 2771 { 2772 delete obj; 2773 obj = new QObject(this); 2774 obj->setObjectName(QLatin1String("test") + QString::number(++counter)); 2775 return obj; 2776 2777 } 2778 2779 QObject* obj; 2780 int counter; 2781 }; 2782 2783 void tst_QWebFrame::qObjectWrapperWithSameIdentity() 2784 { 2785 m_view->setHtml("<script>function triggerBug() { document.getElementById('span1').innerText = test.getNewObject().objectName; }</script>" 2786 "<body><span id='span1'>test</span></body>"); 2787 2788 QWebFrame* mainFrame = m_view->page()->mainFrame(); 2789 QCOMPARE(mainFrame->toPlainText(), QString("test")); 2790 2791 mainFrame->addToJavaScriptWindowObject("test", new TestFactory, QScriptEngine::ScriptOwnership); 2792 2793 mainFrame->evaluateJavaScript("triggerBug();"); 2794 QCOMPARE(mainFrame->toPlainText(), QString("test1")); 2795 2796 mainFrame->evaluateJavaScript("triggerBug();"); 2797 QCOMPARE(mainFrame->toPlainText(), QString("test2")); 2798 } 2761 2799 2762 2800 QTEST_MAIN(tst_QWebFrame)
Note: See TracChangeset
for help on using the changeset viewer.