[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.15.1-1414-gc69ee75

dimich at chromium.org dimich at chromium.org
Thu Oct 29 20:48:16 UTC 2009 

The following commit has been merged in the webkit-1.1 branch:
commit de9aa7ec6c6f3989325dccf656cc2864a544ef4a
Author: dimich at chromium.org <dimich at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Oct 20 00:41:26 2009 +0000

    Manual Test for crash caused by JS accessing DOMWindow which is disconnected from the Frame.
    https://bugs.webkit.org/show_bug.cgi?id=30544
    
    Reviewed by Darin Adler.
    
    * manual-tests/crash-on-accessing-domwindow-without-frame.html: Added.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@49824 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 18efb0e..ddf6f99 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,12 @@
+2009-10-19  Dmitry Titov  <dimich at chromium.org>
+
+        Reviewed by Darin Adler.
+
+        Manual Test for crash caused by JS accessing DOMWindow which is disconnected from the Frame.
+        https://bugs.webkit.org/show_bug.cgi?id=30544
+
+        * manual-tests/crash-on-accessing-domwindow-without-frame.html: Added.
+
 2009-10-19  Simon Fraser  <simon.fraser at apple.com>
 
         Reviewed by Darin Adler.
diff --git a/WebCore/manual-tests/crash-on-accessing-domwindow-without-frame.html b/WebCore/manual-tests/crash-on-accessing-domwindow-without-frame.html
new file mode 100644
index 0000000..77dd115
--- /dev/null
+++ b/WebCore/manual-tests/crash-on-accessing-domwindow-without-frame.html
@@ -0,0 +1,22 @@
+<script>
+var w;
+function clear() {
+    // Id doesn't matter, the crash happens while trying to access the NULL Document to lookup the Id.
+    w.clearTimeout(153);
+}
+
+function test() {
+    w = window.open("data:text/html,"+
+        "<script>" +
+        "function navigate() { location.href='data:text/html,<body>Close this page and wait.</body>'};" +
+        "setTimeout(navigate,0);</" + 
+        "script>");
+
+    setInterval(clear, 20);
+}
+</script>
+<body><p>This test reproduces the crash that happens when JavaScript has access to DOMWindow which is disconnected from its Frame. This crash was fixed by http://trac.webkit.org/changeset/49786</p>
+To reproduce the crash:
+<ul><li>Click the link below, the popup window opens.</li><li>Close the popup window.</li><li>Wait about 10 seconds (~10, page cache should start deleting pages) and observe the crash.</li></ul>
+Crashes on Safari 4.0.3</p><p><a href="javascript:test()">Crash me!</a></p>
+</body>

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list