Changeset 62944 in webkit

Timestamp:

Jul 9, 2010 5:42:16 AM (14 years ago)

Author:

Nikolas Zimmermann

Message:

2010-07-09 Sheriff Bot <​webkit.review.bot@gmail.com>

Unreviewed, rolling out r62937.
​http://trac.webkit.org/changeset/62937
​https://bugs.webkit.org/show_bug.cgi?id=41955

Crashes SnowLeopard leaks and Windows debug bot in fast/xsl
/xslt-relative-path.xml, with assertion in
XSLTProcessorLibxslt.cpp:264 (Requested by WildFox on
#webkit).

• xml/XSLTProcessor.h: (WebCore::XSLTProcessor::XSLTProcessor):
• xml/XSLTProcessorLibxslt.cpp: (WebCore::docLoaderFunc): (WebCore::setXSLTLoadCallBack): (WebCore::xsltStylesheetPointer): (WebCore::XSLTProcessor::transformToString):

Location:

trunk/WebCore

Files:

• ChangeLog (modified) (1 diff)
• xml/XSLTProcessor.h (modified) (2 diffs)
• xml/XSLTProcessorLibxslt.cpp (modified) (12 diffs)

trunk/WebCore/ChangeLog

@@ +1 @@
+2010-07-09  Sheriff Bot  <webkit.review.bot@gmail.com>
+
+        Unreviewed, rolling out r62937.
+        http://trac.webkit.org/changeset/62937
+        https://bugs.webkit.org/show_bug.cgi?id=41955
+
+        Crashes SnowLeopard leaks and Windows debug bot in fast/xsl
+        /xslt-relative-path.xml, with assertion in
+        XSLTProcessorLibxslt.cpp:264 (Requested by WildFox on
+        #webkit).
+
+        * xml/XSLTProcessor.h:
+        (WebCore::XSLTProcessor::XSLTProcessor):
+        * xml/XSLTProcessorLibxslt.cpp:
+        (WebCore::docLoaderFunc):
+        (WebCore::setXSLTLoadCallBack):
+        (WebCore::xsltStylesheetPointer):
+        (WebCore::XSLTProcessor::transformToString):
+
 2010-07-09  Yael Aharon  <yael.aharon@nokia.com>
 

trunk/WebCore/xml/XSLTProcessor.h

@@ -68 +68 @@
     // Only for libXSLT callbacks
     XSLStyleSheet* xslStylesheet() const { return m_stylesheet.get(); }
-    Node* sourceNode() const { return m_sourceNode; }
 #endif
 
@@ -74 +73 @@
 
 private:
-    XSLTProcessor() : m_sourceNode(0) { }
+    XSLTProcessor() { }
 
     RefPtr<XSLStyleSheet> m_stylesheet;
     RefPtr<Node> m_stylesheetRootNode;
     ParameterMap m_parameters;
-
-    Node* m_sourceNode; // Source node is only non-null in transformToString(), so this cannot become a dangling pointer.
 };
 

trunk/WebCore/xml/XSLTProcessorLibxslt.cpp

@@ -46 +46 @@
 #include <libxslt/xsltutils.h>
 #include <wtf/Assertions.h>
-#include <wtf/HashSet.h>
 #include <wtf/text/CString.h>
 #include <wtf/Vector.h>
@@ -96 +95 @@
 }
 
-static HashSet<XSLTProcessor*>& registeredXSLTProcessors()
-{
-    DEFINE_STATIC_LOCAL(HashSet<XSLTProcessor*>, xsltProcessors, ());
-    return xsltProcessors;
-}
-
-static HashSet<XSLStyleSheet*>& registeredXSLStyleSheets()
-{
-    DEFINE_STATIC_LOCAL(HashSet<XSLStyleSheet*>, xslStyleSheets, ());
-    return xslStyleSheets;
-}
-
+// FIXME: There seems to be no way to control the ctxt pointer for loading here, thus we have globals.
+static XSLTProcessor* globalProcessor = 0;
+static DocLoader* globalDocLoader = 0;
 static xmlDocPtr docLoaderFunc(const xmlChar* uri,
                                     xmlDictPtr,
@@ -114 +104 @@
                                     xsltLoadType type)
 {
+    if (!globalProcessor)
+        return 0;
+
     switch (type) {
     case XSLT_LOAD_DOCUMENT: {
-        xsltTransformContextPtr context = static_cast<xsltTransformContextPtr>(ctxt);
-        XSLTProcessor* processor = static_cast<XSLTProcessor*>(context->_private);
-        if (!processor || HashTraits<XSLTProcessor*>::isDeletedValue(processor)
-            || !registeredXSLTProcessors().contains(processor)) {
-            static bool errorMessagePrinted = false;
-            if (!errorMessagePrinted) {
-                fprintf(stderr, "WebKit XSLT document loader was called with unknown transformation context.");
-                errorMessagePrinted = true;
-            }
-            return 0;
-        }
-
-        RefPtr<Document> ownerDocument = processor->sourceNode()->document();
-        DocLoader* docLoader = ownerDocument->docLoader();
-
+        xsltTransformContextPtr context = (xsltTransformContextPtr)ctxt;
         xmlChar* base = xmlNodeGetBase(context->document->doc, context->node);
         KURL url(KURL(ParsedURLString, reinterpret_cast<const char*>(base)), reinterpret_cast<const char*>(uri));
@@ -139 +118 @@
         Vector<char> data;
 
-        bool requestAllowed = docLoader->frame() && docLoader->doc()->securityOrigin()->canRequest(url);
+        bool requestAllowed = globalDocLoader->frame() && globalDocLoader->doc()->securityOrigin()->canRequest(url);
         if (requestAllowed) {
-            docLoader->frame()->loader()->loadResourceSynchronously(url, AllowStoredCredentials, error, response, data);
-            requestAllowed = docLoader->doc()->securityOrigin()->canRequest(response.url());
+            globalDocLoader->frame()->loader()->loadResourceSynchronously(url, AllowStoredCredentials, error, response, data);
+            requestAllowed = globalDocLoader->doc()->securityOrigin()->canRequest(response.url());
         }
         if (!requestAllowed) {
             data.clear();
-            docLoader->printAccessDeniedMessage(url);
+            globalDocLoader->printAccessDeniedMessage(url);
         }
 
         Console* console = 0;
-        if (Frame* frame = processor->xslStylesheet()->ownerDocument()->frame())
+        if (Frame* frame = globalProcessor->xslStylesheet()->ownerDocument()->frame())
             console = frame->domWindow()->console();
         xmlSetStructuredErrorFunc(console, XSLTProcessor::parseErrorFunc);
@@ -164 +143 @@
         return doc;
     }
-    case XSLT_LOAD_STYLESHEET: {
-        xsltStylesheetPtr style = static_cast<xsltStylesheetPtr>(ctxt);
-        XSLStyleSheet* xslStyleSheet = static_cast<XSLStyleSheet*>(style->doc->_private);
-        if (!xslStyleSheet || HashTraits<XSLStyleSheet*>::isDeletedValue(xslStyleSheet)
-            || !registeredXSLStyleSheets().contains(xslStyleSheet)) {
-            static bool errorMessagePrinted = false;
-            if (!errorMessagePrinted) {
-                fprintf(stderr, "WebKit XSLT document loader was called with unknown transformation context.");
-                errorMessagePrinted = true;
-            }
-            return 0;
-        }
-
-        xmlDocPtr result = xslStyleSheet->locateStylesheetSubResource(style->doc, uri);
-        if (!result)
-            return 0;
-
-        // Save a pointer to the root stylesheet so that we can access it again from
-        // this callback function if this xsl document imports another xsl document.
-        ASSERT(!result->_private);
-        result->_private = xslStyleSheet;
-        return result;
-    }
+    case XSLT_LOAD_STYLESHEET:
+        return globalProcessor->xslStylesheet()->locateStylesheetSubResource(((xsltStylesheetPtr)ctxt)->doc, uri);
     default:
         break;
@@ -192 +150 @@
 
     return 0;
+}
+
+static inline void setXSLTLoadCallBack(xsltDocLoaderFunc func, XSLTProcessor* processor, DocLoader* loader)
+{
+    xsltSetLoaderFunc(func);
+    globalProcessor = processor;
+    globalDocLoader = loader;
 }
 
@@ -257 +222 @@
 }
 
-static void clearSavedStyleSheetPointers(xsltStylesheetPtr style)
-{
-    if (!style || !style->doc)
-        return;
-
-    ASSERT(style->doc->_private);
-    style->doc->_private = 0;
-
-    for (xsltStylesheetPtr import = style->imports; import; import = import->next)
-        clearSavedStyleSheetPointers(import);
-}
-
 static xsltStylesheetPtr xsltStylesheetPointer(RefPtr<XSLStyleSheet>& cachedStylesheet, Node* stylesheetRootNode)
 {
@@ -278 +231 @@
     }
 
-    if (!cachedStylesheet)
+    if (!cachedStylesheet || !cachedStylesheet->document())
         return 0;
 
-    xmlDocPtr xslDocument = cachedStylesheet->document();
-    if (!xslDocument)
-        return 0;
-
-    // Save a pointer to the stylesheet so that we can access it from the libxslt loader callback.
-    void* old = xslDocument->_private;
-    xslDocument->_private = cachedStylesheet.get();
-    registeredXSLStyleSheets().add(cachedStylesheet.get());
-
-    xsltStylesheetPtr result = cachedStylesheet->compileStyleSheet();
-    registeredXSLStyleSheets().remove(cachedStylesheet.get());
-    clearSavedStyleSheetPointers(result);
-    xslDocument->_private = old;
-    return result;
+    return cachedStylesheet->compileStyleSheet();
 }
 
@@ -334 +274 @@
 bool XSLTProcessor::transformToString(Node* sourceNode, String& mimeType, String& resultString, String& resultEncoding)
 {
-    xsltSetLoaderFunc(docLoaderFunc);
+    RefPtr<Document> ownerDocument = sourceNode->document();
+
+    setXSLTLoadCallBack(docLoaderFunc, this, ownerDocument->docLoader());
     xsltStylesheetPtr sheet = xsltStylesheetPointer(m_stylesheet, m_stylesheetRootNode.get());
     if (!sheet) {
-        xsltSetLoaderFunc(0);
+        setXSLTLoadCallBack(0, 0, 0);
         return false;
     }
@@ -356 +298 @@
         registerXSLTExtensions(transformContext);
 
-        // Save a pointer to this XSLTProcessor so that we can access it from the libxslt loader callback.
-        ASSERT(!transformContext->_private);
-        transformContext->_private = this;
-        registeredXSLTProcessors().add(this);
-        m_sourceNode = sourceNode;
-
         // <http://bugs.webkit.org/show_bug.cgi?id=16077>: XSLT processor <xsl:sort> algorithm only compares by code point.
         xsltSetCtxtSortFunc(transformContext, xsltUnicodeSortFunction);
@@ -374 +310 @@
         xmlDocPtr resultDoc = xsltApplyStylesheetUser(sheet, sourceDoc, 0, 0, 0, transformContext);
 
-        registeredXSLTProcessors().remove(this);
         xsltFreeTransformContext(transformContext);
         freeXsltParamArray(params);
@@ -389 +324 @@
 
     sheet->method = origMethod;
-    xsltSetLoaderFunc(0);
+    setXSLTLoadCallBack(0, 0, 0);
     xsltFreeStylesheet(sheet);
     m_stylesheet = 0;
-    m_sourceNode = 0;
 
     return success;