[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373
dimich at chromium.org
dimich at chromium.org
Thu Apr 8 01:10:06 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit 948b9a3b10fae840f64853d8e3a2627db688b18f
Author: dimich at chromium.org <dimich at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Jan 15 21:47:15 2010 +0000
Need to ensure that Document::postTask does not provide the Task with a dangling pointer to destroyed Document
https://bugs.webkit.org/show_bug.cgi?id=31633
Reviewed by Darin Adler.
Don't see a way to add test for it, we don't have a way to reproduce the issue currently.
* dom/Document.cpp:
(WebCore::DocumentWeakReference::DocumentWeakReference):
(WebCore::DocumentWeakReference::document):
(WebCore::DocumentWeakReference::clear):
(WebCore::Document::Document): Create a weak reference to this Document.
(WebCore::Document::~Document): Clear the weak pointer, preventing further execution of tasks.
(WebCore::PerformTaskContext::PerformTaskContext):
(WebCore::performTask): Check if the documentWeakReference is cleared by Document destructor - in this case do not run the task.
(WebCore::Document::postTask):
* dom/Document.h:
(WebCore::DocumentWeakReference::create):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53345 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 01bf65e..e3e6f56 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,24 @@
+2010-01-15 Dmitry Titov <dimich at chromium.org>
+
+ Reviewed by Darin Adler.
+
+ Need to ensure that Document::postTask does not provide the Task with a dangling pointer to destroyed Document
+ https://bugs.webkit.org/show_bug.cgi?id=31633
+
+ Don't see a way to add test for it, we don't have a way to reproduce the issue currently.
+
+ * dom/Document.cpp:
+ (WebCore::DocumentWeakReference::DocumentWeakReference):
+ (WebCore::DocumentWeakReference::document):
+ (WebCore::DocumentWeakReference::clear):
+ (WebCore::Document::Document): Create a weak reference to this Document.
+ (WebCore::Document::~Document): Clear the weak pointer, preventing further execution of tasks.
+ (WebCore::PerformTaskContext::PerformTaskContext):
+ (WebCore::performTask): Check if the documentWeakReference is cleared by Document destructor - in this case do not run the task.
+ (WebCore::Document::postTask):
+ * dom/Document.h:
+ (WebCore::DocumentWeakReference::create):
+
2010-01-15 Vitaly Repeshko <vitalyr at chromium.org>
Reviewed by David Levin.
diff --git a/WebCore/dom/Document.cpp b/WebCore/dom/Document.cpp
index 5c977ad..457bcc3 100644
--- a/WebCore/dom/Document.cpp
+++ b/WebCore/dom/Document.cpp
@@ -367,6 +367,7 @@ Document::Document(Frame* frame, bool isXHTML)
#if ENABLE(WML)
, m_containsWMLContent(false)
#endif
+ , m_weakReference(DocumentWeakReference::create(this))
{
m_document = this;
@@ -516,6 +517,8 @@ Document::~Document()
if (m_styleSheets)
m_styleSheets->documentDestroyed();
+
+ m_weakReference->clear();
}
#if USE(JSC)
@@ -4696,21 +4699,27 @@ private:
};
struct PerformTaskContext : Noncopyable {
- PerformTaskContext(ScriptExecutionContext* scriptExecutionContext, PassOwnPtr<ScriptExecutionContext::Task> task)
- : scriptExecutionContext(scriptExecutionContext)
+ PerformTaskContext(PassRefPtr<DocumentWeakReference> documentReference, PassOwnPtr<ScriptExecutionContext::Task> task)
+ : documentReference(documentReference)
, task(task)
{
}
- ScriptExecutionContext* scriptExecutionContext; // The context should exist until task execution.
+ RefPtr<DocumentWeakReference> documentReference;
OwnPtr<ScriptExecutionContext::Task> task;
};
static void performTask(void* ctx)
{
- PerformTaskContext* ptctx = reinterpret_cast<PerformTaskContext*>(ctx);
- ptctx->task->performTask(ptctx->scriptExecutionContext);
- delete ptctx;
+ ASSERT(isMainThread());
+
+ PerformTaskContext* context = reinterpret_cast<PerformTaskContext*>(ctx);
+ ASSERT(context);
+
+ if (Document* document = context->documentReference->document())
+ context->task->performTask(document);
+
+ delete context;
}
void Document::postTask(PassOwnPtr<Task> task)
@@ -4719,7 +4728,7 @@ void Document::postTask(PassOwnPtr<Task> task)
ScriptExecutionContextTaskTimer* timer = new ScriptExecutionContextTaskTimer(static_cast<Document*>(this), task);
timer->startOneShot(0);
} else {
- callOnMainThread(performTask, new PerformTaskContext(this, task));
+ callOnMainThread(performTask, new PerformTaskContext(m_weakReference, task));
}
}
@@ -4785,4 +4794,22 @@ InspectorTimelineAgent* Document::inspectorTimelineAgent() const
}
#endif
+inline DocumentWeakReference::DocumentWeakReference(Document* document)
+ : m_document(document)
+{
+ ASSERT(isMainThread());
+}
+
+inline Document* DocumentWeakReference::document()
+{
+ ASSERT(isMainThread());
+ return m_document;
+}
+
+inline void DocumentWeakReference::clear()
+{
+ ASSERT(isMainThread());
+ m_document = 0;
+}
+
} // namespace WebCore
diff --git a/WebCore/dom/Document.h b/WebCore/dom/Document.h
index 857aacb..4d17e0b 100644
--- a/WebCore/dom/Document.h
+++ b/WebCore/dom/Document.h
@@ -173,6 +173,19 @@ struct FormElementKeyHashTraits : WTF::GenericHashTraits<FormElementKey> {
static bool isDeletedValue(const FormElementKey& value) { return value.isHashTableDeletedValue(); }
};
+class DocumentWeakReference : public ThreadSafeShared<DocumentWeakReference> {
+public:
+ static PassRefPtr<DocumentWeakReference> create(Document* document)
+ {
+ return adoptRef(new DocumentWeakReference(document));
+ }
+ Document* document();
+ void clear();
+private:
+ DocumentWeakReference(Document*);
+ Document* m_document;
+};
+
class Document : public ContainerNode, public ScriptExecutionContext {
public:
static PassRefPtr<Document> create(Frame* frame)
@@ -1191,6 +1204,8 @@ private:
#if ENABLE(WML)
bool m_containsWMLContent;
#endif
+
+ RefPtr<DocumentWeakReference> m_weakReference;
};
inline bool Document::hasElementWithId(AtomicStringImpl* id) const
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list