Changeset 76652 in webkit


Ignore:
Timestamp:
Jan 25, 2011 4:10:34 PM (13 years ago)
Author:
inferno@chromium.org
Message:

2011-01-25 Cris Neckar <cdn@chromium.org>

Reviewed by Adam Barth.

Test for crash when a window's location changes before creating an object URL.
https://bugs.webkit.org/show_bug.cgi?id=53038

  • fast/dom/window-domurl-crash-expected.txt: Added.
  • fast/dom/window-domurl-crash.html: Added.

2011-01-25 Cris Neckar <cdn@chromium.org>

Reviewed by Adam Barth.

Add a hashset of DOMURLs to ScriptExecutionContext to track back references.
https://bugs.webkit.org/show_bug.cgi?id=53038

Test: fast/dom/window-domurl-crash.html

  • dom/ScriptExecutionContext.cpp: (WebCore::ScriptExecutionContext::~ScriptExecutionContext): (WebCore::ScriptExecutionContext::createdDomUrl): (WebCore::ScriptExecutionContext::destroyedDomUrl):
  • dom/ScriptExecutionContext.h: (WebCore::ScriptExecutionContext::domUrls):
  • html/DOMURL.cpp: (WebCore::DOMURL::DOMURL): (WebCore::DOMURL::~DOMURL): (WebCore::DOMURL::contextDestroyed):
  • html/DOMURL.h: (WebCore::DOMURL::scriptExecutionContext):
Location:
trunk
Files:
2 added
6 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r76644 r76652  
     12011-01-25  Cris Neckar  <cdn@chromium.org>
     2
     3        Reviewed by Adam Barth.
     4
     5        Test for crash when a window's location changes before creating an object URL.
     6        https://bugs.webkit.org/show_bug.cgi?id=53038
     7
     8        * fast/dom/window-domurl-crash-expected.txt: Added.
     9        * fast/dom/window-domurl-crash.html: Added.
     10
    1112011-01-25  James Simonsen  <simonjam@chromium.org>
    212

  • trunk/Source/WebCore/ChangeLog

    r76648 r76652  
     12011-01-25  Cris Neckar  <cdn@chromium.org>
     2
     3        Reviewed by Adam Barth.
     4
     5        Add a hashset of DOMURLs to ScriptExecutionContext to track back references.
     6        https://bugs.webkit.org/show_bug.cgi?id=53038
     7
     8        Test: fast/dom/window-domurl-crash.html
     9
     10        * dom/ScriptExecutionContext.cpp:
     11        (WebCore::ScriptExecutionContext::~ScriptExecutionContext):
     12        (WebCore::ScriptExecutionContext::createdDomUrl):
     13        (WebCore::ScriptExecutionContext::destroyedDomUrl):
     14        * dom/ScriptExecutionContext.h:
     15        (WebCore::ScriptExecutionContext::domUrls):
     16        * html/DOMURL.cpp:
     17        (WebCore::DOMURL::DOMURL):
     18        (WebCore::DOMURL::~DOMURL):
     19        (WebCore::DOMURL::contextDestroyed):
     20        * html/DOMURL.h:
     21        (WebCore::DOMURL::scriptExecutionContext):
     22
    1232011-01-23  Antti Koivisto  <antti@apple.com>
    224

  • trunk/Source/WebCore/dom/ScriptExecutionContext.cpp

    r76429 r76652  
    3131#include "Blob.h"
    3232#include "BlobURL.h"
     33#include "DOMURL.h"
    3334#include "Database.h"
    3435#include "DatabaseTask.h"
     
    121122    for (HashSet<String>::iterator iter = m_publicBlobURLs.begin(); iter != publicBlobURLsEnd; ++iter)
    122123        ThreadableBlobRegistry::unregisterBlobURL(KURL(ParsedURLString, *iter));
     124
     125    HashSet<DOMURL*>::iterator domUrlsEnd = m_domUrls.end();
     126    for (HashSet<DOMURL*>::iterator iter = m_domUrls.begin(); iter != domUrlsEnd; ++iter) {
     127        ASSERT((*iter)->scriptExecutionContext() == this);
     128        (*iter)->contextDestroyed();
     129    }
    123130#endif
    124131}
     
    194201    m_messagePorts.remove(port);
    195202}
     203
     204#if ENABLE(BLOB)
     205void ScriptExecutionContext::createdDomUrl(DOMURL* url)
     206{
     207    ASSERT(url);
     208    m_domUrls.add(url);
     209}
     210
     211void ScriptExecutionContext::destroyedDomUrl(DOMURL* url)
     212{
     213    ASSERT(url);
     214    m_domUrls.remove(url);
     215}
     216#endif
    196217
    197218bool ScriptExecutionContext::canSuspendActiveDOMObjects()

  • trunk/Source/WebCore/dom/ScriptExecutionContext.h

    r76248 r76652  
    6161#endif
    6262    class MessagePort;
     63    class DOMURL;
    6364    class SecurityOrigin;
    6465    class ScriptCallStack;
     
    113114        const HashSet<MessagePort*>& messagePorts() const { return m_messagePorts; }
    114115
     116#if ENABLE(BLOB)
     117        void createdDomUrl(DOMURL*);
     118        void destroyedDomUrl(DOMURL*);
     119        const HashSet<DOMURL*>& domUrls() const { return m_domUrls; }
     120#endif
    115121        void ref() { refScriptExecutionContext(); }
    116122        void deref() { derefScriptExecutionContext(); }
     
    172178#if ENABLE(BLOB)
    173179        HashSet<String> m_publicBlobURLs;
     180        HashSet<DOMURL*> m_domUrls;
    174181#endif
    175182

  • trunk/Source/WebCore/html/DOMURL.cpp

    r75739 r76652  
    3838    : m_scriptExecutionContext(scriptExecutionContext)
    3939{
     40    m_scriptExecutionContext->createdDomUrl(this);
     41}
     42
     43DOMURL::~DOMURL()
     44{
     45    if (m_scriptExecutionContext)
     46        m_scriptExecutionContext->destroyedDomUrl(this);
     47}
     48
     49void DOMURL::contextDestroyed()
     50{
     51    ASSERT(m_scriptExecutionContext);
     52    m_scriptExecutionContext = 0;
    4053}
    4154

  • trunk/Source/WebCore/html/DOMURL.h

    r75739 r76652  
    4141public:
    4242    static PassRefPtr<DOMURL> create(ScriptExecutionContext* scriptExecutionContext) { return adoptRef(new DOMURL(scriptExecutionContext)); }
     43    ~DOMURL();
    4344
    4445    String createObjectURL(Blob*);
    4546    void revokeObjectURL(const String&);
    46    
     47
     48    void contextDestroyed();
     49    ScriptExecutionContext* scriptExecutionContext() const { return m_scriptExecutionContext; }
     50
    4751private:
    4852    explicit DOMURL(ScriptExecutionContext*);
Note: See TracChangeset for help on using the changeset viewer.