Changeset 51510 in webkit
- Timestamp:
- Nov 30, 2009 1:41:03 PM (14 years ago)
- Location:
- trunk/WebKit/win
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/WebKit/win/ChangeLog
r51500 r51510 1 2009-11-30 Adam Roben <aroben@apple.com> 2 3 Fix double-free of BSTRs passed to WebNavigationData::createInstance 4 5 WebFrameLoaderClient::updateGlobalHistory was converting 6 WebCore::Strings to WebCore::BStrings, then passing them to 7 WebNavigationData::createInstance. But the latter function takes BSTR 8 parameters and adopts them into WebCore::BStrings. So the end result 9 was that two WebCore::BStrings would end up freeing each underlying 10 BSTR. 11 12 The fix is to only convert to WebCore::BString inside 13 WebNavigationData. 14 15 Fixes <http://webkit.org/b/31998> <rdar://problem/7383452> REGRESSION 16 (r49564): Crash in updateGlobalHistory when running Javascript iBench 17 test 18 19 I couldn't find a way to reproduce this in DumpRenderTree. 20 21 Reviewed by Steve Falkenburg. 22 23 * WebCoreSupport/WebFrameLoaderClient.cpp: 24 (WebFrameLoaderClient::updateGlobalHistory): Pass WebCore::Strings to 25 WebNavigationData::createInstance. 26 27 * WebNavigationData.cpp: 28 (WebNavigationData::WebNavigationData): 29 (WebNavigationData::createInstance): 30 * WebNavigationData.h: 31 Changed to take const WebCore::String&s instead of BSTRs and to 32 convert the Strings to BStrings at this level. 33 1 34 2009-11-30 Steve Falkenburg <sfalken@apple.com> 2 35 -
trunk/WebKit/win/WebCoreSupport/WebFrameLoaderClient.cpp
r50772 r51510 501 501 502 502 if (historyDelegate) { 503 BString url(loader->urlForHistory());504 BString title(loader->title());505 BString redirectSource(loader->clientRedirectSourceForHistory());506 503 COMPtr<IWebURLResponse> urlResponse(AdoptCOM, WebURLResponse::createInstance(loader->response())); 507 504 COMPtr<IWebURLRequest> urlRequest(AdoptCOM, WebMutableURLRequest::createInstance(loader->originalRequestCopy())); 508 505 509 506 COMPtr<IWebNavigationData> navigationData(AdoptCOM, WebNavigationData::createInstance( 510 url, title, urlRequest.get(), urlResponse.get(), loader->substituteData().isValid(), redirectSource));507 loader->urlForHistory(), loader->title(), urlRequest.get(), urlResponse.get(), loader->substituteData().isValid(), loader->clientRedirectSourceForHistory())); 511 508 512 509 historyDelegate->didNavigateWithNavigationData(webView, navigationData.get(), m_webFrame); -
trunk/WebKit/win/WebNavigationData.cpp
r49564 r51510 28 28 #include "WebNavigationData.h" 29 29 30 #include <WebCore/BString.h> 31 using WebCore::BString; 30 using namespace WebCore; 32 31 33 32 // IUnknown ------------------------------------------------------------------- … … 63 62 // WebNavigationData ------------------------------------------------------------------- 64 63 65 WebNavigationData::WebNavigationData( BSTR url, BSTR title, IWebURLRequest* request, IWebURLResponse* response, bool hasSubstituteData, BSTRclientRedirectSource)64 WebNavigationData::WebNavigationData(const String& url, const String& title, IWebURLRequest* request, IWebURLResponse* response, bool hasSubstituteData, const String& clientRedirectSource) 66 65 : m_refCount(0) 66 , m_url(url) 67 , m_title(title) 67 68 , m_request(request) 68 69 , m_response(response) 69 70 , m_hasSubstituteData(hasSubstituteData) 71 , m_clientRedirectSource(clientRedirectSource) 70 72 71 73 { 72 74 gClassCount++; 73 75 gClassNameCount.add("WebNavigationData"); 74 75 m_url.adoptBSTR(url);76 m_title.adoptBSTR(title);77 m_clientRedirectSource.adoptBSTR(clientRedirectSource);78 76 } 79 77 … … 84 82 } 85 83 86 WebNavigationData* WebNavigationData::createInstance( BSTR url, BSTR title, IWebURLRequest* request, IWebURLResponse* response, bool hasSubstituteData, BSTRclientRedirectSource)84 WebNavigationData* WebNavigationData::createInstance(const String& url, const String& title, IWebURLRequest* request, IWebURLResponse* response, bool hasSubstituteData, const String& clientRedirectSource) 87 85 { 88 86 WebNavigationData* instance = new WebNavigationData(url, title, request, response, hasSubstituteData, clientRedirectSource); -
trunk/WebKit/win/WebNavigationData.h
r49564 r51510 34 34 class WebNavigationData : public IWebNavigationData { 35 35 public: 36 static WebNavigationData* createInstance( BSTR, BSTR, IWebURLRequest*, IWebURLResponse*, bool, BSTR);36 static WebNavigationData* createInstance(const WebCore::String& url, const WebCore::String& title, IWebURLRequest*, IWebURLResponse*, bool hasSubstituteData, const WebCore::String& clientRedirectSource); 37 37 private: 38 WebNavigationData( BSTR url, BSTR title, IWebURLRequest*, IWebURLResponse*, bool hasSubstituteData, BSTRclientRedirectSource);38 WebNavigationData(const WebCore::String& url, const WebCore::String& title, IWebURLRequest*, IWebURLResponse*, bool hasSubstituteData, const WebCore::String& clientRedirectSource); 39 39 ~WebNavigationData(); 40 40
Note: See TracChangeset
for help on using the changeset viewer.