Changeset 63847 in webkit


Ignore:
Timestamp:
Jul 21, 2010 11:38:12 AM (14 years ago)
Author:
yael.aharon@nokia.com
Message:

2010-07-21 Yael Aharon <yael.aharon@nokia.com>

Reviewed by Darin Adler.

Crash in Notification::disconnectFrame() triggered by Frame::lifeSupportTimerFired()
https://bugs.webkit.org/show_bug.cgi?id=42534

Call NotificationsCenter::disconnectFrame() when the frame is disconnected from the page.
Calling it from the destructor of Frame is too late and sometimes causes access violation.
I was not able to reproduce this crash, so did not add new tests.
This patch is based on the error reported in
http://code.google.com/p/chromium/issues/detail?id=49323.

  • page/DOMWindow.cpp: (WebCore::DOMWindow::pageDestroyed):
  • page/DOMWindow.h:
  • page/Frame.cpp: (WebCore::Frame::pageDestroyed):
Location:
trunk/WebCore
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/WebCore/ChangeLog

    r63846 r63847  
     12010-07-21  Yael Aharon  <yael.aharon@nokia.com>
     2
     3        Reviewed by Darin Adler.
     4
     5        Crash in Notification::disconnectFrame() triggered by Frame::lifeSupportTimerFired()
     6        https://bugs.webkit.org/show_bug.cgi?id=42534
     7
     8        Call NotificationsCenter::disconnectFrame() when the frame is disconnected from the page.
     9        Calling it from the destructor of Frame is too late and sometimes causes access violation.
     10        I was not able to reproduce this crash, so did not add new tests.
     11        This patch is based on the error reported in
     12        http://code.google.com/p/chromium/issues/detail?id=49323.
     13
     14        * page/DOMWindow.cpp:
     15        (WebCore::DOMWindow::pageDestroyed):
     16        * page/DOMWindow.h:
     17        * page/Frame.cpp:
     18        (WebCore::Frame::pageDestroyed):
     19
    1202010-07-21  Anders Carlsson  <andersca@apple.com>
    221

  • trunk/WebCore/notifications/NotificationCenter.cpp

    r62939 r63847  
    6262void NotificationCenter::disconnectFrame()
    6363{
     64    // m_notificationPresenter should never be 0. But just to be safe, we check it here.
     65    // Due to the mysterious bug http://code.google.com/p/chromium/issues/detail?id=49323.
     66    ASSERT(m_notificationPresenter);
     67    if (!m_notificationPresenter)
     68        return;
    6469    m_notificationPresenter->cancelRequestsForPermission(m_scriptExecutionContext);
    6570    m_notificationPresenter = 0;

  • trunk/WebCore/page/DOMWindow.cpp

    r63810 r63847  
    674674#endif
    675675
     676void DOMWindow::pageDestroyed()
     677{
     678#if ENABLE(NOTIFICATIONS)
     679    // Clearing Notifications requests involves accessing the client so it must be done
     680    // before the frame is detached.
     681    if (m_notifications)
     682        m_notifications->disconnectFrame();
     683    m_notifications = 0;
     684#endif
     685}
     686
    676687#if ENABLE(INDEXED_DATABASE)
    677688IndexedDatabaseRequest* DOMWindow::indexedDB() const

  • trunk/WebCore/page/DOMWindow.h

    r62424 r63847  
    228228        NotificationCenter* webkitNotifications() const;
    229229#endif
     230
     231        void pageDestroyed();
    230232
    231233#if ENABLE(INDEXED_DATABASE)

  • trunk/WebCore/page/Frame.cpp

    r63731 r63847  
    13481348        parent->loader()->checkLoadComplete();
    13491349
     1350    if (m_domWindow)
     1351        m_domWindow->pageDestroyed();
     1352
    13501353    // FIXME: It's unclear as to why this is called more than once, but it is,
    13511354    // so page() could be NULL.
Note: See TracChangeset for help on using the changeset viewer.