Changeset 94112 in webkit


Ignore:
Timestamp:
Aug 30, 2011 2:31:57 PM (13 years ago)
Author:
abarth@webkit.org
Message:

Flaky crash with JavaScript URLs
https://bugs.webkit.org/show_bug.cgi?id=66360

Reviewed by Nate Chapin.

Source/WebCore:

This patch teaches DocumentWriter::begin to make a copy of the URL
before beginning a new document to avoid a crash.

Test: fast/loader/javascript-url-iframe-crash.html

  • loader/DocumentWriter.cpp:

(WebCore::DocumentWriter::begin):

LayoutTests:

  • fast/loader/javascript-url-iframe-crash-expected.txt: Added.
  • fast/loader/javascript-url-iframe-crash.html: Added.
Location:
trunk
Files:
2 added
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r94111 r94112  
     12011-08-30  Adam Barth  <abarth@webkit.org>
     2
     3        Flaky crash with JavaScript URLs
     4        https://bugs.webkit.org/show_bug.cgi?id=66360
     5
     6        Reviewed by Nate Chapin.
     7
     8        * fast/loader/javascript-url-iframe-crash-expected.txt: Added.
     9        * fast/loader/javascript-url-iframe-crash.html: Added.
     10
    1112011-08-30  Tony Gentilcore  <tonyg@chromium.org>
    212

  • trunk/Source/WebCore/ChangeLog

    r94111 r94112  
     12011-08-30  Adam Barth  <abarth@webkit.org>
     2
     3        Flaky crash with JavaScript URLs
     4        https://bugs.webkit.org/show_bug.cgi?id=66360
     5
     6        Reviewed by Nate Chapin.
     7
     8        This patch teaches DocumentWriter::begin to make a copy of the URL
     9        before beginning a new document to avoid a crash.
     10
     11        Test: fast/loader/javascript-url-iframe-crash.html
     12
     13        * loader/DocumentWriter.cpp:
     14        (WebCore::DocumentWriter::begin):
     15
    1162011-08-30  Tony Gentilcore  <tonyg@chromium.org>
    217

  • trunk/Source/WebCore/loader/DocumentWriter.cpp

    r92298 r94112  
    107107}
    108108
    109 void DocumentWriter::begin(const KURL& url, bool dispatch, SecurityOrigin* origin)
     109void DocumentWriter::begin(const KURL& urlReference, bool dispatch, SecurityOrigin* origin)
    110110{
    111111    // We need to take a reference to the security origin because |clear|
    112112    // might destroy the document that owns it.
    113113    RefPtr<SecurityOrigin> forcedSecurityOrigin = origin;
     114
     115    // We grab a local copy of the URL because it's easy for callers to supply
     116    // a URL that will be deallocated during the execution of this function.
     117    // For example, see <https://bugs.webkit.org/show_bug.cgi?id=66360>.
     118    KURL url = urlReference;
    114119
    115120    // Create a new document before clearing the frame, because it may need to
Note: See TracChangeset for help on using the changeset viewer.