[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

mjs at apple.com mjs at apple.com
Wed Dec 22 12:02:50 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit cf163dc1e7e26066ef74425058ecdc073e69fe1d
Author: mjs at apple.com <mjs at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Aug 13 03:21:42 2010 +0000

    2010-08-12  Maciej Stachowiak  <mjs at apple.com>
    
            Reviewed by Sam Weinig.
    
            WebKit2 crashes when WebFrame outlives WebPage
            https://bugs.webkit.org/show_bug.cgi?id=43939
    
            * WebProcess/WebCoreSupport/WebChromeClient.h:
            (WebKit::WebChromeClient::page): Add this method, to allow
            WebFrame to retrieve its WebPage following WebCore pointers.
            * WebProcess/WebPage/WebFrame.cpp:
            (WebKit::WebFrame::WebFrame): Do not initialize m_page (it's gone).
            (WebKit::WebFrame::page): Don't use the data member, get it from
            WebCore.
            (WebKit::WebFrame::invalidate): Use method to get page() and null check.
            (WebKit::WebFrame::isMainFrame): ditto
            * WebProcess/WebPage/WebFrame.h:
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@65292 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebKit2/ChangeLog b/WebKit2/ChangeLog
index f0d6dde..10fdb6b 100644
--- a/WebKit2/ChangeLog
+++ b/WebKit2/ChangeLog
@@ -1,3 +1,21 @@
+2010-08-12  Maciej Stachowiak  <mjs at apple.com>
+
+        Reviewed by Sam Weinig.
+
+        WebKit2 crashes when WebFrame outlives WebPage
+        https://bugs.webkit.org/show_bug.cgi?id=43939
+
+        * WebProcess/WebCoreSupport/WebChromeClient.h:
+        (WebKit::WebChromeClient::page): Add this method, to allow
+        WebFrame to retrieve its WebPage following WebCore pointers.
+        * WebProcess/WebPage/WebFrame.cpp:
+        (WebKit::WebFrame::WebFrame): Do not initialize m_page (it's gone).
+        (WebKit::WebFrame::page): Don't use the data member, get it from
+        WebCore.
+        (WebKit::WebFrame::invalidate): Use method to get page() and null check.
+        (WebKit::WebFrame::isMainFrame): ditto
+        * WebProcess/WebPage/WebFrame.h:
+
 2010-08-12  Jon Honeycutt  <jhoneycutt at apple.com>
 
         WebKitTestRunner needs to run tests without using native controls
diff --git a/WebKit2/WebProcess/WebCoreSupport/WebChromeClient.h b/WebKit2/WebProcess/WebCoreSupport/WebChromeClient.h
index cc7a35c..9e85c28 100644
--- a/WebKit2/WebProcess/WebCoreSupport/WebChromeClient.h
+++ b/WebKit2/WebProcess/WebCoreSupport/WebChromeClient.h
@@ -41,6 +41,7 @@ public:
     {
     }
     
+    WebPage* page() const { return m_page; }
 private:
     virtual void chromeDestroyed();
     
diff --git a/WebKit2/WebProcess/WebPage/WebFrame.cpp b/WebKit2/WebProcess/WebPage/WebFrame.cpp
index 0c872c0..6415a45 100644
--- a/WebKit2/WebProcess/WebPage/WebFrame.cpp
+++ b/WebKit2/WebProcess/WebPage/WebFrame.cpp
@@ -27,12 +27,15 @@
 
 #include "InjectedBundleNodeHandle.h"
 #include "InjectedBundleScriptWorld.h"
+#include "WebChromeClient.h"
 #include "WebPage.h"
 #include <JavaScriptCore/APICast.h>
 #include <JavaScriptCore/JSLock.h>
 #include <WebCore/AnimationController.h>
 #include <WebCore/CSSComputedStyleDeclaration.h>
+#include <WebCore/Chrome.h>
 #include <WebCore/Frame.h>
+#include <WebCore/Page.h>
 #include <WebCore/HTMLFrameOwnerElement.h>
 #include <WebCore/JSCSSStyleDeclaration.h>
 #include <WebCore/JSElement.h>
@@ -84,15 +87,14 @@ PassRefPtr<WebFrame> WebFrame::create(WebPage* page, const String& frameName, HT
 }
 
 WebFrame::WebFrame(WebPage* page, const String& frameName, HTMLFrameOwnerElement* ownerElement)
-    : m_page(page)
-    , m_coreFrame(0)
+    : m_coreFrame(0)
     , m_policyListenerID(0)
     , m_policyFunction(0)
     , m_frameLoaderClient(this)
     , m_loadListener(0)
     , m_frameID(generateFrameID())
 {
-    m_page->addWebFrame(m_frameID, this);
+    page->addWebFrame(m_frameID, this);
 
     RefPtr<Frame> frame = Frame::create(page->corePage(), ownerElement, &m_frameLoaderClient);
     m_coreFrame = frame.get();
@@ -120,9 +122,21 @@ WebFrame::~WebFrame()
 #endif
 }
 
+WebPage* WebFrame::page() const
+{ 
+    if (!m_coreFrame)
+        return 0;
+    
+    if (WebCore::Page* page = m_coreFrame->page())
+        return static_cast<WebChromeClient*>(page->chrome()->client())->page();
+
+    return 0;
+}
+
 void WebFrame::invalidate()
 {
-    m_page->removeWebFrame(m_frameID);
+    if (WebPage* p = page())
+        p->removeWebFrame(m_frameID);
     m_coreFrame = 0;
 }
 
@@ -168,7 +182,10 @@ void WebFrame::didReceivePolicyDecision(uint64_t listenerID, PolicyAction action
 
 bool WebFrame::isMainFrame() const
 {
-    return m_page->mainFrame() == this;
+    if (WebPage* p = page())
+        return p->mainFrame() == this;
+
+    return false;
 }
 
 String WebFrame::name() const
diff --git a/WebKit2/WebProcess/WebPage/WebFrame.h b/WebKit2/WebProcess/WebPage/WebFrame.h
index d78044c..0ac0fc7 100644
--- a/WebKit2/WebProcess/WebPage/WebFrame.h
+++ b/WebKit2/WebProcess/WebPage/WebFrame.h
@@ -59,7 +59,7 @@ public:
     // Called when the FrameLoaderClient (and therefore the WebCore::Frame) is being torn down.
     void invalidate();
 
-    WebPage* page() const { return m_page; }
+    WebPage* page() const;
     WebCore::Frame* coreFrame() const { return m_coreFrame; }
 
     uint64_t frameID() const { return m_frameID; }
@@ -105,7 +105,6 @@ private:
 
     virtual Type type() const { return APIType; }
 
-    WebPage* m_page;
     WebCore::Frame* m_coreFrame;
 
     uint64_t m_policyListenerID;

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list