[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.0.1-3-2-g9fbe044
Mike Hommey
glandium at debian.org
Wed Sep 24 05:41:35 UTC 2008
The following commit has been merged in the debian/unstable branch:
commit 1d794eee77947e0a2251a0d2d383f0fb8417a57b
Author: Mike Hommey <glandium at debian.org>
Date: Wed Sep 24 07:37:36 2008 +0200
Reviewed by Beth Dakin.
CSS @import statements can cause DocLoader to use
a dead Frame pointer.
https://bugs.webkit.org/show_bug.cgi?id=19618
The fix is to get rid of the Frame pointer on DocLoader.
I also took this opportunity to clean up Document::detach
a little to make it clear why we clear the m_frame pointer
there, and to note that in the future we should stop
using Node::detach to mean "tear down the whole rendering
tree and detach from the frame".
Test: I don't know how to make a good test for this, the test
we have is network timing dependent and does not make a good
layout test.
* dom/Document.cpp:
(WebCore::Document::Document):
(WebCore::Document::detach):
(WebCore::Document::clearFramePointer):
* dom/Document.h:
* loader/DocLoader.cpp:
(WebCore::DocLoader::frame):
* loader/DocLoader.h:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@34815 268f45cc-cd09-0410-ab3c-d52691b4dbfc
filter-origin: b89996bcba45ebfb06b024fbda19c66af544475a
Conflicts:
WebCore/ChangeLog
WebCore/loader/DocLoader.cpp
diff --git a/WebCore/dom/Document.cpp b/WebCore/dom/Document.cpp
index 6050cc5..7f50b5a 100644
--- a/WebCore/dom/Document.cpp
+++ b/WebCore/dom/Document.cpp
@@ -308,8 +308,7 @@ Document::Document(Frame* frame, bool isXHTML)
m_axObjectCache = 0;
- // FIXME: DocLoader probably no longer needs the frame argument
- m_docLoader = new DocLoader(frame, this);
+ m_docLoader = new DocLoader(this);
visuallyOrdered = false;
m_bParsing = false;
@@ -1285,9 +1284,12 @@ void Document::detach()
if (render)
render->destroy();
-
- // FIXME: is this needed or desirable?
- m_frame = 0;
+
+ // This is required, as our Frame might delete itself as soon as it detaches
+ // us. However, this violates Node::detach() symantics, as it's never
+ // possible to re-attach. Eventually Document::detach() should be renamed
+ // or this call made explicit in each of the callers of Document::detach().
+ clearFramePointer();
if (m_renderArena) {
delete m_renderArena;
@@ -1295,6 +1297,11 @@ void Document::detach()
}
}
+void Document::clearFramePointer()
+{
+ m_frame = 0;
+}
+
void Document::removeAllEventListenersFromAllNodes()
{
m_windowEventListeners.clear();
diff --git a/WebCore/dom/Document.h b/WebCore/dom/Document.h
index 3934b9e..6849d1c 100644
--- a/WebCore/dom/Document.h
+++ b/WebCore/dom/Document.h
@@ -377,6 +377,8 @@ public:
virtual void attach();
virtual void detach();
+ void clearFramePointer();
+
RenderArena* renderArena() { return m_renderArena; }
void clearAXObjectCache();
diff --git a/WebCore/loader/DocLoader.cpp b/WebCore/loader/DocLoader.cpp
index 0b8e3e4..b3b2b4e 100644
--- a/WebCore/loader/DocLoader.cpp
+++ b/WebCore/loader/DocLoader.cpp
@@ -42,10 +42,9 @@
namespace WebCore {
-DocLoader::DocLoader(Frame *frame, Document* doc)
+DocLoader::DocLoader(Document* doc)
: m_cache(cache())
, m_cachePolicy(CachePolicyVerify)
- , m_frame(frame)
, m_doc(doc)
, m_requestCount(0)
, m_autoLoadImages(true)
@@ -64,6 +63,11 @@ DocLoader::~DocLoader()
m_cache->removeDocLoader(this);
}
+Frame* DocLoader::frame() const
+{
+ return m_doc->frame();
+}
+
void DocLoader::checkForReload(const KURL& fullURL)
{
if (m_allowStaleResources)
@@ -147,8 +151,8 @@ CachedResource* DocLoader::requestResource(CachedResource::Type type, const Stri
m_docResources.remove(it);
}
}
-
- if (m_frame && m_frame->loader()->isReloading())
+
+ if (frame() && frame()->loader()->isReloading())
setCachePolicy(CachePolicyReload);
checkForReload(fullURL);
@@ -196,14 +200,14 @@ void DocLoader::removeCachedResource(CachedResource* resource) const
void DocLoader::setLoadInProgress(bool load)
{
m_loadInProgress = load;
- if (!load && m_frame)
- m_frame->loader()->loadDone();
+ if (!load && frame())
+ frame()->loader()->loadDone();
}
void DocLoader::checkCacheObjectStatus(CachedResource* resource)
{
// Return from the function for objects that we didn't load from the cache or if we don't have a frame.
- if (!resource || !m_frame)
+ if (!resource || !frame())
return;
switch (resource->status()) {
@@ -217,7 +221,7 @@ void DocLoader::checkCacheObjectStatus(CachedResource* resource)
}
// FIXME: If the WebKit client changes or cancels the request, WebCore does not respect this and continues the load.
- m_frame->loader()->loadedResourceFromMemoryCache(resource);
+ frame()->loader()->loadedResourceFromMemoryCache(resource);
}
void DocLoader::incrementRequestCount()
diff --git a/WebCore/loader/DocLoader.h b/WebCore/loader/DocLoader.h
index 6273b34..283bc52 100644
--- a/WebCore/loader/DocLoader.h
+++ b/WebCore/loader/DocLoader.h
@@ -51,7 +51,7 @@ friend class Cache;
friend class HTMLImageLoader;
public:
- DocLoader(Frame*, Document*);
+ DocLoader(Document*);
~DocLoader();
CachedImage* requestImage(const String& url);
@@ -76,7 +76,7 @@ public:
CachePolicy cachePolicy() const { return m_cachePolicy; }
void setCachePolicy(CachePolicy);
- Frame* frame() const { return m_frame; }
+ Frame* frame() const; // Can be NULL
Document* doc() const { return m_doc; }
void removeCachedResource(CachedResource*) const;
@@ -108,8 +108,7 @@ private:
HashSet<String> m_reloadedURLs;
mutable HashMap<String, CachedResource*> m_docResources;
CachePolicy m_cachePolicy;
- Frame* m_frame;
- Document *m_doc;
+ Document* m_doc;
int m_requestCount;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list