[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
mjs
mjs at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:26:20 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit a8917f1f01dbd8c0ae7714e07b6543560d1587f3
Author: mjs <mjs at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Feb 26 23:22:45 2003 +0000
WebCore:
Reviewed by Dave.
- fixed reproducible hang at http://asp.eltonsoft.dk/cast/get.asp?cat=Quicktime
This was a set of mutually recursive frameset pages. This allows
the number of frames to grow huge, which kills both WebCore and
WebKit, so I added a hard limit of 200 total frames per page.
* khtml/html/html_baseimpl.cpp:
(HTMLFrameElementImpl::isURLAllowed):
(HTMLFrameElementImpl::attach):
(HTMLFrameElementImpl::detach):
(HTMLIFrameElementImpl::attach):
* khtml/html/html_baseimpl.h:
* khtml/khtml_part.cpp:
(KHTMLPart::init):
(KHTMLPart::incrementFrameCount):
(KHTMLPart::decrementFrameCount):
(KHTMLPart::topLevelFrameCount):
* khtml/khtml_part.h:
WebKit:
Reviewed by Dave.
- fixed reproducible hang at http://asp.eltonsoft.dk/cast/get.asp?cat=Quicktime
WebKit's processing time was O(N^3) in the number of
frames. Improved it to O(N^2) by storing frame pointer directly in
WebDataSource instead of linear scan. Could still be improved more.
* WebView.subproj/WebDataSource.m:
(-[WebDataSource webFrame]):
* WebView.subproj/WebDataSourcePrivate.h:
* WebView.subproj/WebDataSourcePrivate.m:
(-[WebDataSourcePrivate dealloc]):
(-[WebDataSource _stopLoadingWithError:]):
(-[WebDataSource _setWebFrame:]):
* WebView.subproj/WebFramePrivate.m:
(-[WebFrame _detachFromParent]):
(-[WebFrame _setDataSource:]):
(-[WebFrame _transitionToCommitted:]):
(-[WebFrame _isLoadComplete]):
(-[WebFrame _clearProvisionalDataSource]):
(-[WebFrame _continueLoadRequestAfterNavigationPolicy:formValues:]):
(-[WebFrame _loadDataSource:withLoadType:formValues:]):
(-[WebFrame _setProvisionalDataSource:]):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@3707 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog-2003-10-25 b/WebCore/ChangeLog-2003-10-25
index a814806..2476fb9 100644
--- a/WebCore/ChangeLog-2003-10-25
+++ b/WebCore/ChangeLog-2003-10-25
@@ -1,3 +1,26 @@
+2003-02-26 Maciej Stachowiak <mjs at apple.com>
+
+ Reviewed by Dave.
+
+ - fixed reproducible hang at http://asp.eltonsoft.dk/cast/get.asp?cat=Quicktime
+
+ This was a set of mutually recursive frameset pages. This allows
+ the number of frames to grow huge, which kills both WebCore and
+ WebKit, so I added a hard limit of 200 total frames per page.
+
+ * khtml/html/html_baseimpl.cpp:
+ (HTMLFrameElementImpl::isURLAllowed):
+ (HTMLFrameElementImpl::attach):
+ (HTMLFrameElementImpl::detach):
+ (HTMLIFrameElementImpl::attach):
+ * khtml/html/html_baseimpl.h:
+ * khtml/khtml_part.cpp:
+ (KHTMLPart::init):
+ (KHTMLPart::incrementFrameCount):
+ (KHTMLPart::decrementFrameCount):
+ (KHTMLPart::topLevelFrameCount):
+ * khtml/khtml_part.h:
+
2003-02-26 David Hyatt <hyatt at apple.com>
Fix numerous regressions with text-decoration in quirks mode and
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index a814806..2476fb9 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,26 @@
+2003-02-26 Maciej Stachowiak <mjs at apple.com>
+
+ Reviewed by Dave.
+
+ - fixed reproducible hang at http://asp.eltonsoft.dk/cast/get.asp?cat=Quicktime
+
+ This was a set of mutually recursive frameset pages. This allows
+ the number of frames to grow huge, which kills both WebCore and
+ WebKit, so I added a hard limit of 200 total frames per page.
+
+ * khtml/html/html_baseimpl.cpp:
+ (HTMLFrameElementImpl::isURLAllowed):
+ (HTMLFrameElementImpl::attach):
+ (HTMLFrameElementImpl::detach):
+ (HTMLIFrameElementImpl::attach):
+ * khtml/html/html_baseimpl.h:
+ * khtml/khtml_part.cpp:
+ (KHTMLPart::init):
+ (KHTMLPart::incrementFrameCount):
+ (KHTMLPart::decrementFrameCount):
+ (KHTMLPart::topLevelFrameCount):
+ * khtml/khtml_part.h:
+
2003-02-26 David Hyatt <hyatt at apple.com>
Fix numerous regressions with text-decoration in quirks mode and
diff --git a/WebCore/khtml/html/html_baseimpl.cpp b/WebCore/khtml/html/html_baseimpl.cpp
index cffa617..d28211c 100644
--- a/WebCore/khtml/html/html_baseimpl.cpp
+++ b/WebCore/khtml/html/html_baseimpl.cpp
@@ -222,6 +222,18 @@ bool HTMLFrameElementImpl::isURLAllowed(const DOMString &URLString) const
KURL newURL(getDocument()->completeURL(URLString.string()));
newURL.setRef(QString::null);
+ // Don't allow more than 1000 total frames in a set. This seems
+ // like a reasonable upper bound, and otherwise mutually recursive
+ // frameset pages can quickly bring the program to its knees with
+ // exponential growth in the number of frames.
+
+ // FIXME: This limit could be higher, but WebKit has some
+ // algorithms that happen while loading which appear to be N^2 or
+ // worse in the number of frames
+ if (w->part()->topLevelFrameCount() >= 200) {
+ return false;
+ }
+
// Prohibit non-file URLs if we are asked to.
if (w->part()->onlyLocalReferences() && newURL.protocol().lower() != "file") {
return false;
@@ -375,6 +387,8 @@ void HTMLFrameElementImpl::attach()
KHTMLView* w = getDocument()->view();
+ w->part()->incrementFrameCount();
+
// we need a unique name for every frame in the frameset. Hope that's unique enough.
if(name.isEmpty() || w->part()->frameExists( name.string() ) )
name = DOMString(w->part()->requestFrameName());
@@ -383,6 +397,16 @@ void HTMLFrameElementImpl::attach()
w->part()->requestFrame( static_cast<RenderFrame*>(m_render), url.string(), name.string() );
}
+void HTMLFrameElementImpl::detach()
+{
+ if (m_render) {
+ KHTMLView* w = getDocument()->view();
+ w->part()->decrementFrameCount();
+ }
+
+ HTMLElementImpl::detach();
+}
+
// FIXME: Why is this different from updateForNewURL?
void HTMLFrameElementImpl::setLocation( const DOMString& str )
{
@@ -672,6 +696,7 @@ void HTMLIFrameElementImpl::attach()
if (m_render) {
// we need a unique name for every frame in the frameset. Hope that's unique enough.
KHTMLView* w = getDocument()->view();
+ w->part()->incrementFrameCount();
if(name.isEmpty() || w->part()->frameExists( name.string() ))
name = DOMString(w->part()->requestFrameName());
diff --git a/WebCore/khtml/html/html_baseimpl.h b/WebCore/khtml/html/html_baseimpl.h
index f429629..dfb684f 100644
--- a/WebCore/khtml/html/html_baseimpl.h
+++ b/WebCore/khtml/html/html_baseimpl.h
@@ -86,6 +86,7 @@ public:
virtual void parseAttribute(AttributeImpl *);
virtual void init();
virtual void attach();
+ virtual void detach();
virtual bool rendererIsNeeded(khtml::RenderStyle *);
virtual khtml::RenderObject *createRenderer(RenderArena *, khtml::RenderStyle *);
diff --git a/WebCore/khtml/khtml_part.cpp b/WebCore/khtml/khtml_part.cpp
index 234a9c3..baaa977 100644
--- a/WebCore/khtml/khtml_part.cpp
+++ b/WebCore/khtml/khtml_part.cpp
@@ -174,6 +174,8 @@ void KHTMLPart::init( KHTMLView *view, GUIProfile prof )
else if ( prof == BrowserViewGUI )
setXMLFile( "khtml_browser.rc" );
+ frameCount = 0;
+
d = new KHTMLPartPrivate(parent());
d->m_view = view;
@@ -5216,6 +5218,32 @@ bool KHTMLPart::restored() const
return d->m_restored;
}
+void KHTMLPart::incrementFrameCount()
+{
+ frameCount++;
+ if (parentPart()) {
+ parentPart()->incrementFrameCount();
+ }
+}
+
+void KHTMLPart::decrementFrameCount()
+{
+ frameCount--;
+ if (parentPart()) {
+ parentPart()->decrementFrameCount();
+ }
+}
+
+int KHTMLPart::topLevelFrameCount()
+{
+ if (parentPart()) {
+ return parentPart()->topLevelFrameCount();
+ }
+
+ return frameCount;
+}
+
+
using namespace KParts;
#include "khtml_part.moc"
diff --git a/WebCore/khtml/khtml_part.h b/WebCore/khtml/khtml_part.h
index 1748bd7..415cdc4 100644
--- a/WebCore/khtml/khtml_part.h
+++ b/WebCore/khtml/khtml_part.h
@@ -721,6 +721,10 @@ public:
*/
bool restored() const;
+ void incrementFrameCount();
+ void decrementFrameCount();
+ int topLevelFrameCount();
+
signals:
/**
* Emitted if the cursor is moved over an URL.
@@ -1099,6 +1103,7 @@ public:
void started(KIO::Job *);
#endif
+ int frameCount;
};
#if APPLE_CHANGES
diff --git a/WebKit/ChangeLog b/WebKit/ChangeLog
index 718ef45..6a5749e 100644
--- a/WebKit/ChangeLog
+++ b/WebKit/ChangeLog
@@ -1,3 +1,30 @@
+2003-02-26 Maciej Stachowiak <mjs at apple.com>
+
+ Reviewed by Dave.
+
+ - fixed reproducible hang at http://asp.eltonsoft.dk/cast/get.asp?cat=Quicktime
+
+ WebKit's processing time was O(N^3) in the number of
+ frames. Improved it to O(N^2) by storing frame pointer directly in
+ WebDataSource instead of linear scan. Could still be improved more.
+
+ * WebView.subproj/WebDataSource.m:
+ (-[WebDataSource webFrame]):
+ * WebView.subproj/WebDataSourcePrivate.h:
+ * WebView.subproj/WebDataSourcePrivate.m:
+ (-[WebDataSourcePrivate dealloc]):
+ (-[WebDataSource _stopLoadingWithError:]):
+ (-[WebDataSource _setWebFrame:]):
+ * WebView.subproj/WebFramePrivate.m:
+ (-[WebFrame _detachFromParent]):
+ (-[WebFrame _setDataSource:]):
+ (-[WebFrame _transitionToCommitted:]):
+ (-[WebFrame _isLoadComplete]):
+ (-[WebFrame _clearProvisionalDataSource]):
+ (-[WebFrame _continueLoadRequestAfterNavigationPolicy:formValues:]):
+ (-[WebFrame _loadDataSource:withLoadType:formValues:]):
+ (-[WebFrame _setProvisionalDataSource:]):
+
2003-02-26 Richard Williamson <rjw at apple.com>
Fixed 3102760. Removed WebDocumentDragSettings from API.
diff --git a/WebKit/WebView.subproj/WebDataSource.m b/WebKit/WebView.subproj/WebDataSource.m
index 1b2aa39..818bfd0 100644
--- a/WebKit/WebView.subproj/WebDataSource.m
+++ b/WebKit/WebView.subproj/WebDataSource.m
@@ -82,7 +82,7 @@
- (WebFrame *)webFrame
{
- return [_private->controller frameForDataSource: self];
+ return _private->webFrame;
}
// Returns the name of the frame containing this data source, or nil
diff --git a/WebKit/WebView.subproj/WebDataSourcePrivate.h b/WebKit/WebView.subproj/WebDataSourcePrivate.h
index e08e44d..0d7fda4 100644
--- a/WebKit/WebView.subproj/WebDataSourcePrivate.h
+++ b/WebKit/WebView.subproj/WebDataSourcePrivate.h
@@ -105,6 +105,8 @@
BOOL storedInPageCache;
BOOL loadingFromPageCache;
+
+ WebFrame *webFrame;
}
@end
@@ -174,4 +176,6 @@
- (void)_stopLoadingWithError:(WebError *)error;
+- (void)_setWebFrame:(WebFrame *)frame;
+
@end
diff --git a/WebKit/WebView.subproj/WebDataSourcePrivate.m b/WebKit/WebView.subproj/WebDataSourcePrivate.m
index f6d1bf0..abbad6a 100644
--- a/WebKit/WebView.subproj/WebDataSourcePrivate.m
+++ b/WebKit/WebView.subproj/WebDataSourcePrivate.m
@@ -69,6 +69,7 @@
[downloadPath release];
[downloadDirectory release];
[responses release];
+ [webFrame release];
[super dealloc];
}
@@ -734,4 +735,11 @@
[_private->mainClient cancelWithError:error];
}
+- (void)_setWebFrame:(WebFrame *)frame
+{
+ [frame retain];
+ [_private->webFrame release];
+ _private->webFrame = frame;
+}
+
@end
diff --git a/WebKit/WebView.subproj/WebFramePrivate.m b/WebKit/WebView.subproj/WebFramePrivate.m
index 1dcdf34..a3da505 100644
--- a/WebKit/WebView.subproj/WebFramePrivate.m
+++ b/WebKit/WebView.subproj/WebFramePrivate.m
@@ -348,7 +348,7 @@ Repeat load of the same URL (by any other means of navigation other than the rel
[_private->dataSource _setController:nil];
[_private->provisionalDataSource _setController:nil];
- [_private setDataSource:nil];
+ [self _setDataSource:nil];
[_private setWebView:nil];
[_private->scheduledLayoutTimer invalidate];
@@ -365,6 +365,10 @@ Repeat load of the same URL (by any other means of navigation other than the rel
- (void)_setDataSource:(WebDataSource *)ds
{
+ if (ds == nil && _private->dataSource == nil) {
+ return;
+ }
+
ASSERT(ds != _private->dataSource);
if ([_private->dataSource isDocumentHTML] && ![ds isDocumentHTML]) {
@@ -373,8 +377,11 @@ Repeat load of the same URL (by any other means of navigation other than the rel
[self _detachChildren];
+ [_private->dataSource _setWebFrame:nil];
+
[_private setDataSource:ds];
[ds _setController:[self controller]];
+ [ds _setWebFrame:self];
}
- (void)_setLoadType: (WebFrameLoadType)t
@@ -521,7 +528,7 @@ Repeat load of the same URL (by any other means of navigation other than the rel
// Set the committed data source on the frame.
[self _setDataSource:_private->provisionalDataSource];
- [_private setProvisionalDataSource: nil];
+ [self _setProvisionalDataSource: nil];
[self _setState: WebFrameStateCommittedPage];
@@ -796,8 +803,8 @@ static CFAbsoluteTime _timeOfLastCompletedLoad;
[[[self controller] locationChangeDelegate] locationChangeDone:[pd mainDocumentError] forDataSource:pd];
- // We know the provisional data source didn't cut the mustard, release it.
- [_private setProvisionalDataSource:nil];
+ // We know the provisional data source didn't cut the muster, release it.
+ [self _setProvisionalDataSource:nil];
[self _setState:WebFrameStateComplete];
return;
@@ -948,7 +955,7 @@ static CFAbsoluteTime _timeOfLastCompletedLoad;
- (void)_clearProvisionalDataSource
{
- [_private setProvisionalDataSource:nil];
+ [self _setProvisionalDataSource:nil];
}
// helper method that determines whether the subframes described by the item's subitems
@@ -1693,7 +1700,7 @@ static CFAbsoluteTime _timeOfLastCompletedLoad;
if (!request) {
[self _resetBackForwardListToCurrent];
[self _setLoadType: WebFrameLoadTypeStandard];
- [_private setProvisionalDataSource:nil];
+ [self _setProvisionalDataSource:nil];
return;
}
@@ -1745,7 +1752,7 @@ static CFAbsoluteTime _timeOfLastCompletedLoad;
[newDataSource _setJustOpenedForTargetedLink:_private->justOpenedForTargetedLink];
_private->justOpenedForTargetedLink = NO;
- [_private setProvisionalDataSource:newDataSource];
+ [self _setProvisionalDataSource:newDataSource];
ASSERT([newDataSource webFrame] == self);
@@ -1773,7 +1780,11 @@ static CFAbsoluteTime _timeOfLastCompletedLoad;
- (void)_setProvisionalDataSource: (WebDataSource *)d
{
+ if (_private->provisionalDataSource != _private->dataSource) {
+ [_private->provisionalDataSource _setWebFrame:nil];
+ }
[_private setProvisionalDataSource: d];
+ [d _setWebFrame:self];
}
// used to decide to use loadType=Same
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list