[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373

barraclough at apple.com barraclough at apple.com
Wed Apr 7 23:32:29 UTC 2010 

The following commit has been merged in the webkit-1.2 branch:
commit 342ed52c17384d72205a2a11ccc95409b6d0347d
Author: barraclough at apple.com <barraclough at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Nov 12 01:00:24 2009 +0000

    DOM Wrappers for some nodes may not be marked.
    https://bugs.webkit.org/show_bug.cgi?id=31380
    
    Patch by Gavin Barraclough <barraclough at apple.com> on 2009-11-11
    Reviewed by Sam Weinig.
    
    Some markChildren methods are calling getCachedDOMNodeWrapper, which will find
    the wrapper for the current world only.  This means that wrappers may be GC'ed
    prematurely, and properties lost.
    
    Move to a model more like markDOMObjectWrapper, mark wrappers for all worlds.
    
    * bindings/js/JSAttrCustom.cpp:
    (WebCore::JSAttr::markChildren):
    * bindings/js/JSDOMBinding.cpp:
    (WebCore::markDOMNodeWrapper):
    * bindings/js/JSDOMBinding.h:
    * bindings/js/JSNamedNodeMapCustom.cpp:
    (WebCore::JSNamedNodeMap::markChildren):
    * bindings/js/JSNodeCustom.cpp:
    (WebCore::JSNode::markChildren):
    * bindings/js/JSSVGElementInstanceCustom.cpp:
    (WebCore::JSSVGElementInstance::markChildren):
    * bindings/js/JSStyleSheetCustom.cpp:
    (WebCore::JSStyleSheet::markChildren):
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@50850 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index c4f0c3a..3bbf9b6 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,30 @@
+2009-11-11  Gavin Barraclough  <barraclough at apple.com>
+
+        Reviewed by Sam Weinig.
+
+        DOM Wrappers for some nodes may not be marked.
+        https://bugs.webkit.org/show_bug.cgi?id=31380
+
+        Some markChildren methods are calling getCachedDOMNodeWrapper, which will find
+        the wrapper for the current world only.  This means that wrappers may be GC'ed
+        prematurely, and properties lost.
+
+        Move to a model more like markDOMObjectWrapper, mark wrappers for all worlds.
+
+        * bindings/js/JSAttrCustom.cpp:
+        (WebCore::JSAttr::markChildren):
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::markDOMNodeWrapper):
+        * bindings/js/JSDOMBinding.h:
+        * bindings/js/JSNamedNodeMapCustom.cpp:
+        (WebCore::JSNamedNodeMap::markChildren):
+        * bindings/js/JSNodeCustom.cpp:
+        (WebCore::JSNode::markChildren):
+        * bindings/js/JSSVGElementInstanceCustom.cpp:
+        (WebCore::JSSVGElementInstance::markChildren):
+        * bindings/js/JSStyleSheetCustom.cpp:
+        (WebCore::JSStyleSheet::markChildren):
+
 2009-11-11  Ben Murdoch  <benm at google.com>
 
         Reviewed by Darin Adler.
diff --git a/WebCore/bindings/js/JSAttrCustom.cpp b/WebCore/bindings/js/JSAttrCustom.cpp
index 14457c4..3c01535 100644
--- a/WebCore/bindings/js/JSAttrCustom.cpp
+++ b/WebCore/bindings/js/JSAttrCustom.cpp
@@ -65,10 +65,8 @@ void JSAttr::markChildren(MarkStack& markStack)
 
     // Mark the element so that this will work to access the attribute even if the last
     // other reference goes away.
-    if (Element* element = impl()->ownerElement()) {
-        if (JSNode* wrapper = getCachedDOMNodeWrapper(element->document(), element))
-            markStack.append(wrapper);
-    }
+    if (Element* element = impl()->ownerElement())
+        markDOMNodeWrapper(markStack, element->document(), element);
 }
 
 } // namespace WebCore
diff --git a/WebCore/bindings/js/JSDOMBinding.cpp b/WebCore/bindings/js/JSDOMBinding.cpp
index 11a73fb..cf6f201 100644
--- a/WebCore/bindings/js/JSDOMBinding.cpp
+++ b/WebCore/bindings/js/JSDOMBinding.cpp
@@ -536,6 +536,23 @@ void markDOMObjectWrapper(MarkStack& markStack, JSGlobalData& globalData, void*
     }
 }
 
+void markDOMNodeWrapper(MarkStack& markStack, Document* document, Node* node)
+{
+    if (document) {
+        JSWrapperCacheMap& wrapperCacheMap = document->wrapperCacheMap();
+        for (JSWrapperCacheMap::iterator iter = wrapperCacheMap.begin(); iter != wrapperCacheMap.end(); ++iter) {
+            if (JSNode* wrapper = iter->second->get(node))
+                markStack.append(wrapper);
+        }
+        return;
+    }
+
+    for (JSGlobalDataWorldIterator worldIter(JSDOMWindow::commonJSGlobalData()); worldIter; ++worldIter) {
+        if (DOMObject* wrapper = worldIter->m_wrappers.get(node))
+            markStack.append(wrapper);
+    }
+}
+
 JSValue jsStringOrNull(ExecState* exec, const String& s)
 {
     if (s.isNull())
diff --git a/WebCore/bindings/js/JSDOMBinding.h b/WebCore/bindings/js/JSDOMBinding.h
index 0f9f66f..4e78c4c 100644
--- a/WebCore/bindings/js/JSDOMBinding.h
+++ b/WebCore/bindings/js/JSDOMBinding.h
@@ -238,6 +238,7 @@ namespace WebCore {
     void markDOMNodesForDocument(JSC::MarkStack&, Document*);
     void markActiveObjectsForContext(JSC::MarkStack&, JSC::JSGlobalData&, ScriptExecutionContext*);
     void markDOMObjectWrapper(JSC::MarkStack&, JSC::JSGlobalData& globalData, void* object);
+    void markDOMNodeWrapper(JSC::MarkStack& markStack, Document* document, Node* node);
 
     JSC::Structure* getCachedDOMStructure(JSDOMGlobalObject*, const JSC::ClassInfo*);
     JSC::Structure* cacheDOMStructure(JSDOMGlobalObject*, NonNullPassRefPtr<JSC::Structure>, const JSC::ClassInfo*);
diff --git a/WebCore/bindings/js/JSNamedNodeMapCustom.cpp b/WebCore/bindings/js/JSNamedNodeMapCustom.cpp
index 1974ab0..d1bbeec 100644
--- a/WebCore/bindings/js/JSNamedNodeMapCustom.cpp
+++ b/WebCore/bindings/js/JSNamedNodeMapCustom.cpp
@@ -52,10 +52,8 @@ void JSNamedNodeMap::markChildren(MarkStack& markStack)
 
     // Mark the element so that this will work to access the attribute even if the last
     // other reference goes away.
-    if (Element* element = impl()->element()) {
-        if (JSNode* wrapper = getCachedDOMNodeWrapper(element->document(), element))
-            markStack.append(wrapper);
-    }
+    if (Element* element = impl()->element())
+        markDOMNodeWrapper(markStack, element->document(), element);
 }
 
 } // namespace WebCore
diff --git a/WebCore/bindings/js/JSNodeCustom.cpp b/WebCore/bindings/js/JSNodeCustom.cpp
index 2a4aa80..8f513f2 100644
--- a/WebCore/bindings/js/JSNodeCustom.cpp
+++ b/WebCore/bindings/js/JSNodeCustom.cpp
@@ -161,11 +161,8 @@ void JSNode::markChildren(MarkStack& markStack)
 
     // Mark the whole tree subtree.
     root->setInSubtreeMark(true);
-    for (Node* nodeToMark = root; nodeToMark; nodeToMark = nodeToMark->traverseNextNode()) {
-        JSNode* wrapper = getCachedDOMNodeWrapper(m_impl->document(), nodeToMark);
-        if (wrapper)
-            markStack.append(wrapper);
-    }
+    for (Node* nodeToMark = root; nodeToMark; nodeToMark = nodeToMark->traverseNextNode())
+        markDOMNodeWrapper(markStack, m_impl->document(), nodeToMark);
     root->setInSubtreeMark(false);
 }
 
diff --git a/WebCore/bindings/js/JSSVGElementInstanceCustom.cpp b/WebCore/bindings/js/JSSVGElementInstanceCustom.cpp
index ba1cf22..5f26df3 100644
--- a/WebCore/bindings/js/JSSVGElementInstanceCustom.cpp
+++ b/WebCore/bindings/js/JSSVGElementInstanceCustom.cpp
@@ -43,9 +43,7 @@ void JSSVGElementInstance::markChildren(MarkStack& markStack)
     Base::markChildren(markStack);
 
     // Mark the wrapper for our corresponding element, so it can mark its event handlers.
-    JSNode* correspondingWrapper = getCachedDOMNodeWrapper(impl()->correspondingElement()->document(), impl()->correspondingElement());
-    if (correspondingWrapper)
-        markStack.append(correspondingWrapper);
+    markDOMNodeWrapper(markStack, impl()->correspondingElement()->document(), impl()->correspondingElement());
 }
 
 JSValue JSSVGElementInstance::addEventListener(ExecState* exec, const ArgList& args)
diff --git a/WebCore/bindings/js/JSStyleSheetCustom.cpp b/WebCore/bindings/js/JSStyleSheetCustom.cpp
index d711b6f..aea64dd 100644
--- a/WebCore/bindings/js/JSStyleSheetCustom.cpp
+++ b/WebCore/bindings/js/JSStyleSheetCustom.cpp
@@ -68,10 +68,8 @@ void JSStyleSheet::markChildren(MarkStack& markStack)
     // is kept around, then we want the node to stay around too. One possibility would
     // be to make ref/deref on the style sheet ref/deref the node instead, but there's
     // a lot of disentangling of the CSS DOM objects that would need to happen first.
-    if (Node* ownerNode = sheet->ownerNode()) {
-        if (JSNode* ownerNodeWrapper = getCachedDOMNodeWrapper(ownerNode->document(), ownerNode))
-            markStack.append(ownerNodeWrapper);
-    }
+    if (Node* ownerNode = sheet->ownerNode())
+        markDOMNodeWrapper(markStack, ownerNode->document(), ownerNode);
 }
 
 } // namespace WebCore

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list