[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
mjs at apple.com
mjs at apple.com
Wed Dec 22 12:02:50 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit cf163dc1e7e26066ef74425058ecdc073e69fe1d
Author: mjs at apple.com <mjs at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Aug 13 03:21:42 2010 +0000
2010-08-12 Maciej Stachowiak <mjs at apple.com>
Reviewed by Sam Weinig.
WebKit2 crashes when WebFrame outlives WebPage
https://bugs.webkit.org/show_bug.cgi?id=43939
* WebProcess/WebCoreSupport/WebChromeClient.h:
(WebKit::WebChromeClient::page): Add this method, to allow
WebFrame to retrieve its WebPage following WebCore pointers.
* WebProcess/WebPage/WebFrame.cpp:
(WebKit::WebFrame::WebFrame): Do not initialize m_page (it's gone).
(WebKit::WebFrame::page): Don't use the data member, get it from
WebCore.
(WebKit::WebFrame::invalidate): Use method to get page() and null check.
(WebKit::WebFrame::isMainFrame): ditto
* WebProcess/WebPage/WebFrame.h:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@65292 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebKit2/ChangeLog b/WebKit2/ChangeLog
index f0d6dde..10fdb6b 100644
--- a/WebKit2/ChangeLog
+++ b/WebKit2/ChangeLog
@@ -1,3 +1,21 @@
+2010-08-12 Maciej Stachowiak <mjs at apple.com>
+
+ Reviewed by Sam Weinig.
+
+ WebKit2 crashes when WebFrame outlives WebPage
+ https://bugs.webkit.org/show_bug.cgi?id=43939
+
+ * WebProcess/WebCoreSupport/WebChromeClient.h:
+ (WebKit::WebChromeClient::page): Add this method, to allow
+ WebFrame to retrieve its WebPage following WebCore pointers.
+ * WebProcess/WebPage/WebFrame.cpp:
+ (WebKit::WebFrame::WebFrame): Do not initialize m_page (it's gone).
+ (WebKit::WebFrame::page): Don't use the data member, get it from
+ WebCore.
+ (WebKit::WebFrame::invalidate): Use method to get page() and null check.
+ (WebKit::WebFrame::isMainFrame): ditto
+ * WebProcess/WebPage/WebFrame.h:
+
2010-08-12 Jon Honeycutt <jhoneycutt at apple.com>
WebKitTestRunner needs to run tests without using native controls
diff --git a/WebKit2/WebProcess/WebCoreSupport/WebChromeClient.h b/WebKit2/WebProcess/WebCoreSupport/WebChromeClient.h
index cc7a35c..9e85c28 100644
--- a/WebKit2/WebProcess/WebCoreSupport/WebChromeClient.h
+++ b/WebKit2/WebProcess/WebCoreSupport/WebChromeClient.h
@@ -41,6 +41,7 @@ public:
{
}
+ WebPage* page() const { return m_page; }
private:
virtual void chromeDestroyed();
diff --git a/WebKit2/WebProcess/WebPage/WebFrame.cpp b/WebKit2/WebProcess/WebPage/WebFrame.cpp
index 0c872c0..6415a45 100644
--- a/WebKit2/WebProcess/WebPage/WebFrame.cpp
+++ b/WebKit2/WebProcess/WebPage/WebFrame.cpp
@@ -27,12 +27,15 @@
#include "InjectedBundleNodeHandle.h"
#include "InjectedBundleScriptWorld.h"
+#include "WebChromeClient.h"
#include "WebPage.h"
#include <JavaScriptCore/APICast.h>
#include <JavaScriptCore/JSLock.h>
#include <WebCore/AnimationController.h>
#include <WebCore/CSSComputedStyleDeclaration.h>
+#include <WebCore/Chrome.h>
#include <WebCore/Frame.h>
+#include <WebCore/Page.h>
#include <WebCore/HTMLFrameOwnerElement.h>
#include <WebCore/JSCSSStyleDeclaration.h>
#include <WebCore/JSElement.h>
@@ -84,15 +87,14 @@ PassRefPtr<WebFrame> WebFrame::create(WebPage* page, const String& frameName, HT
}
WebFrame::WebFrame(WebPage* page, const String& frameName, HTMLFrameOwnerElement* ownerElement)
- : m_page(page)
- , m_coreFrame(0)
+ : m_coreFrame(0)
, m_policyListenerID(0)
, m_policyFunction(0)
, m_frameLoaderClient(this)
, m_loadListener(0)
, m_frameID(generateFrameID())
{
- m_page->addWebFrame(m_frameID, this);
+ page->addWebFrame(m_frameID, this);
RefPtr<Frame> frame = Frame::create(page->corePage(), ownerElement, &m_frameLoaderClient);
m_coreFrame = frame.get();
@@ -120,9 +122,21 @@ WebFrame::~WebFrame()
#endif
}
+WebPage* WebFrame::page() const
+{
+ if (!m_coreFrame)
+ return 0;
+
+ if (WebCore::Page* page = m_coreFrame->page())
+ return static_cast<WebChromeClient*>(page->chrome()->client())->page();
+
+ return 0;
+}
+
void WebFrame::invalidate()
{
- m_page->removeWebFrame(m_frameID);
+ if (WebPage* p = page())
+ p->removeWebFrame(m_frameID);
m_coreFrame = 0;
}
@@ -168,7 +182,10 @@ void WebFrame::didReceivePolicyDecision(uint64_t listenerID, PolicyAction action
bool WebFrame::isMainFrame() const
{
- return m_page->mainFrame() == this;
+ if (WebPage* p = page())
+ return p->mainFrame() == this;
+
+ return false;
}
String WebFrame::name() const
diff --git a/WebKit2/WebProcess/WebPage/WebFrame.h b/WebKit2/WebProcess/WebPage/WebFrame.h
index d78044c..0ac0fc7 100644
--- a/WebKit2/WebProcess/WebPage/WebFrame.h
+++ b/WebKit2/WebProcess/WebPage/WebFrame.h
@@ -59,7 +59,7 @@ public:
// Called when the FrameLoaderClient (and therefore the WebCore::Frame) is being torn down.
void invalidate();
- WebPage* page() const { return m_page; }
+ WebPage* page() const;
WebCore::Frame* coreFrame() const { return m_coreFrame; }
uint64_t frameID() const { return m_frameID; }
@@ -105,7 +105,6 @@ private:
virtual Type type() const { return APIType; }
- WebPage* m_page;
WebCore::Frame* m_coreFrame;
uint64_t m_policyListenerID;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list