[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
inferno at chromium.org
inferno at chromium.org
Wed Dec 22 12:22:59 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 28c76f516ff73632877a31df7a70486d027ee50f
Author: inferno at chromium.org <inferno at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Aug 20 18:00:21 2010 +0000
2010-08-20 Abhishek Arya <inferno at chromium.org>
Reviewed by Darin Fisher.
Prevent use of stale notification presenter pointer in notifications by instead using
a notification center pointer and deriving the presenter from it. Notification presenter
gets properly destroyed using disconnectFrame function inside notification center. Add
null checks for notification presenter.
https://bugs.webkit.org/show_bug.cgi?id=43645
Test: fast/notifications/notifications-window-close-crash.html
* notifications/Notification.cpp:
(WebCore::Notification::Notification):
(WebCore::Notification::create):
(WebCore::Notification::show):
(WebCore::Notification::cancel):
(WebCore::Notification::contextDestroyed):
(WebCore::Notification::finishLoading):
* notifications/Notification.h:
(WebCore::Notification::detachPresenter):
* notifications/NotificationCenter.h:
(WebCore::NotificationCenter::createHTMLNotification):
(WebCore::NotificationCenter::createNotification):
2010-08-20 Abhishek Arya <inferno at chromium.org>
Reviewed by Darin Fisher.
Manual test to check that canceling the notification on a closed window does
not result in crash.
https://bugs.webkit.org/show_bug.cgi?id=43645
* fast/notifications/notifications-window-close-crash-expected.txt: Added.
* fast/notifications/notifications-window-close-crash.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@65742 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index a80302b..2f00bb3 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,14 @@
+2010-08-20 Abhishek Arya <inferno at chromium.org>
+
+ Reviewed by Darin Fisher.
+
+ Manual test to check that canceling the notification on a closed window does
+ not result in crash.
+ https://bugs.webkit.org/show_bug.cgi?id=43645
+
+ * fast/notifications/notifications-window-close-crash-expected.txt: Added.
+ * fast/notifications/notifications-window-close-crash.html: Added.
+
2010-08-19 Zhenyao Mo <zmo at google.com>
Reviewed by Kenneth Russell.
diff --git a/LayoutTests/fast/notifications/notifications-window-close-crash-expected.txt b/LayoutTests/fast/notifications/notifications-window-close-crash-expected.txt
new file mode 100644
index 0000000..e37d934
--- /dev/null
+++ b/LayoutTests/fast/notifications/notifications-window-close-crash-expected.txt
@@ -0,0 +1 @@
+This test needs to run manually and cannot run inside DumpRenderTree. Passes if it does not crash on running the test alongwith with a couple of page reloads.
diff --git a/LayoutTests/fast/notifications/notifications-window-close-crash.html b/LayoutTests/fast/notifications/notifications-window-close-crash.html
new file mode 100644
index 0000000..c8717f8
--- /dev/null
+++ b/LayoutTests/fast/notifications/notifications-window-close-crash.html
@@ -0,0 +1,23 @@
+<html>
+ <head>
+ <script>
+ function runTest()
+ {
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+ else
+ {
+ var win = window.open("about:blank");
+ var notification = win.webkitNotifications.createNotification('');
+ notification.show();
+ win.close();
+ notification.cancel();
+ }
+ }
+ </script>
+ </head>
+ <body onload="runTest()">
+ <p>This test needs to run manually and cannot run inside DumpRenderTree. Passes if it does not crash on running the test alongwith with a couple of page reloads.</p>
+ </body>
+</html>
+
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index edf6b62..f2a92f9 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,28 @@
+2010-08-20 Abhishek Arya <inferno at chromium.org>
+
+ Reviewed by Darin Fisher.
+
+ Prevent use of stale notification presenter pointer in notifications by instead using
+ a notification center pointer and deriving the presenter from it. Notification presenter
+ gets properly destroyed using disconnectFrame function inside notification center. Add
+ null checks for notification presenter.
+ https://bugs.webkit.org/show_bug.cgi?id=43645
+
+ Test: fast/notifications/notifications-window-close-crash.html
+
+ * notifications/Notification.cpp:
+ (WebCore::Notification::Notification):
+ (WebCore::Notification::create):
+ (WebCore::Notification::show):
+ (WebCore::Notification::cancel):
+ (WebCore::Notification::contextDestroyed):
+ (WebCore::Notification::finishLoading):
+ * notifications/Notification.h:
+ (WebCore::Notification::detachPresenter):
+ * notifications/NotificationCenter.h:
+ (WebCore::NotificationCenter::createHTMLNotification):
+ (WebCore::NotificationCenter::createNotification):
+
2010-08-20 Martin Robinson <mrobinson at igalia.com>
Reviewed by Xan Lopez.
diff --git a/WebCore/notifications/Notification.cpp b/WebCore/notifications/Notification.cpp
index c1edab4..4cb2f85 100644
--- a/WebCore/notifications/Notification.cpp
+++ b/WebCore/notifications/Notification.cpp
@@ -34,6 +34,7 @@
#if ENABLE(NOTIFICATIONS)
#include "Notification.h"
+#include "NotificationCenter.h"
#include "NotificationContents.h"
#include "Document.h"
@@ -45,14 +46,14 @@
namespace WebCore {
-Notification::Notification(const KURL& url, ScriptExecutionContext* context, ExceptionCode& ec, NotificationPresenter* provider)
+Notification::Notification(const KURL& url, ScriptExecutionContext* context, ExceptionCode& ec, PassRefPtr<NotificationCenter> provider)
: ActiveDOMObject(context, this)
, m_isHTML(true)
, m_state(Idle)
- , m_presenter(provider)
+ , m_notificationCenter(provider)
{
- ASSERT(m_presenter);
- if (m_presenter->checkPermission(context) != NotificationPresenter::PermissionAllowed) {
+ ASSERT(m_notificationCenter->presenter());
+ if (m_notificationCenter->presenter()->checkPermission(context) != NotificationPresenter::PermissionAllowed) {
ec = SECURITY_ERR;
return;
}
@@ -65,15 +66,15 @@ Notification::Notification(const KURL& url, ScriptExecutionContext* context, Exc
m_notificationURL = url;
}
-Notification::Notification(const NotificationContents& contents, ScriptExecutionContext* context, ExceptionCode& ec, NotificationPresenter* provider)
+Notification::Notification(const NotificationContents& contents, ScriptExecutionContext* context, ExceptionCode& ec, PassRefPtr<NotificationCenter> provider)
: ActiveDOMObject(context, this)
, m_isHTML(false)
, m_contents(contents)
, m_state(Idle)
- , m_presenter(provider)
+ , m_notificationCenter(provider)
{
- ASSERT(m_presenter);
- if (m_presenter->checkPermission(context) != NotificationPresenter::PermissionAllowed) {
+ ASSERT(m_notificationCenter->presenter());
+ if (m_notificationCenter->presenter()->checkPermission(context) != NotificationPresenter::PermissionAllowed) {
ec = SECURITY_ERR;
return;
}
@@ -92,6 +93,16 @@ Notification::~Notification()
}
}
+PassRefPtr<Notification> Notification::create(const KURL& url, ScriptExecutionContext* context, ExceptionCode& ec, PassRefPtr<NotificationCenter> provider)
+{
+ return adoptRef(new Notification(url, context, ec, provider));
+}
+
+PassRefPtr<Notification> Notification::create(const NotificationContents& contents, ScriptExecutionContext* context, ExceptionCode& ec, PassRefPtr<NotificationCenter> provider)
+{
+ return adoptRef(new Notification(contents, context, ec, provider));
+}
+
void Notification::show()
{
#if PLATFORM(QT)
@@ -100,13 +111,14 @@ void Notification::show()
// handling of ondisplay may rely on that.
if (m_state == Idle) {
m_state = Showing;
- m_presenter->show(this);
+ if (m_notificationCenter->presenter())
+ m_notificationCenter->presenter()->show(this);
}
} else
startLoading();
#else
// prevent double-showing
- if (m_state == Idle && m_presenter->show(this))
+ if (m_state == Idle && m_notificationCenter->presenter() && m_notificationCenter->presenter()->show(this))
m_state = Showing;
#endif
}
@@ -121,7 +133,8 @@ void Notification::cancel()
stopLoading();
break;
case Showing:
- m_presenter->cancel(this);
+ if (m_notificationCenter->presenter())
+ m_notificationCenter->presenter()->cancel(this);
break;
case Cancelled:
break;
@@ -141,8 +154,8 @@ EventTargetData* Notification::ensureEventTargetData()
void Notification::contextDestroyed()
{
ActiveDOMObject::contextDestroyed();
- if (m_presenter)
- m_presenter->notificationObjectDestroyed(this);
+ if (m_notificationCenter->presenter())
+ m_notificationCenter->presenter()->notificationObjectDestroyed(this);
}
void Notification::startLoading()
@@ -205,7 +218,7 @@ void Notification::didReceiveAuthenticationCancellation(const ResourceResponse&)
void Notification::finishLoading()
{
if (m_state == Loading) {
- if (m_presenter->show(this))
+ if (m_notificationCenter->presenter() && m_notificationCenter->presenter()->show(this))
m_state = Showing;
}
unsetPendingActivity(this);
diff --git a/WebCore/notifications/Notification.h b/WebCore/notifications/Notification.h
index e8e29f4..35f9cb8 100644
--- a/WebCore/notifications/Notification.h
+++ b/WebCore/notifications/Notification.h
@@ -55,12 +55,13 @@
#if ENABLE(NOTIFICATIONS)
namespace WebCore {
+ class NotificationCenter;
class WorkerContext;
class Notification : public RefCounted<Notification>, public ActiveDOMObject, public ThreadableLoaderClient, public EventTarget {
public:
- static PassRefPtr<Notification> create(const KURL& url, ScriptExecutionContext* context, ExceptionCode& ec, NotificationPresenter* provider) { return adoptRef(new Notification(url, context, ec, provider)); }
- static PassRefPtr<Notification> create(const NotificationContents& contents, ScriptExecutionContext* context, ExceptionCode& ec, NotificationPresenter* provider) { return adoptRef(new Notification(contents, context, ec, provider)); }
+ static PassRefPtr<Notification> create(const KURL& url, ScriptExecutionContext* context, ExceptionCode& ec, PassRefPtr<NotificationCenter> provider);
+ static PassRefPtr<Notification> create(const NotificationContents& contents, ScriptExecutionContext* context, ExceptionCode& ec, PassRefPtr<NotificationCenter> provider);
virtual ~Notification();
@@ -98,8 +99,8 @@ namespace WebCore {
SharedBuffer* iconData() { return m_iconData.get(); }
void releaseIconData() { m_iconData = 0; }
- // Called if the presenter is deleted before the notification is GC'd
- void detachPresenter() { m_presenter = 0; }
+ // Deprecated. Use functions from NotificationCenter.
+ void detachPresenter() { }
virtual void didReceiveResponse(const ResourceResponse&);
virtual void didReceiveData(const char* data, int lengthReceived);
@@ -109,8 +110,8 @@ namespace WebCore {
virtual void didReceiveAuthenticationCancellation(const ResourceResponse&);
private:
- Notification(const KURL&, ScriptExecutionContext*, ExceptionCode&, NotificationPresenter*);
- Notification(const NotificationContents&, ScriptExecutionContext*, ExceptionCode&, NotificationPresenter*);
+ Notification(const KURL&, ScriptExecutionContext*, ExceptionCode&, PassRefPtr<NotificationCenter>);
+ Notification(const NotificationContents&, ScriptExecutionContext*, ExceptionCode&, PassRefPtr<NotificationCenter>);
// EventTarget interface
virtual void refEventTarget() { ref(); }
@@ -137,7 +138,7 @@ namespace WebCore {
NotificationState m_state;
- NotificationPresenter* m_presenter;
+ RefPtr<NotificationCenter> m_notificationCenter;
EventTargetData m_eventTargetData;
diff --git a/WebCore/notifications/NotificationCenter.h b/WebCore/notifications/NotificationCenter.h
index 349e8a4..adad59d 100644
--- a/WebCore/notifications/NotificationCenter.h
+++ b/WebCore/notifications/NotificationCenter.h
@@ -58,7 +58,7 @@ namespace WebCore {
ec = SYNTAX_ERR;
return 0;
}
- return Notification::create(m_scriptExecutionContext->completeURL(URI), context(), ec, presenter());
+ return Notification::create(m_scriptExecutionContext->completeURL(URI), context(), ec, this);
}
PassRefPtr<Notification> createNotification(const String& iconURI, const String& title, const String& body, ExceptionCode& ec)
@@ -68,7 +68,7 @@ namespace WebCore {
return 0;
}
NotificationContents contents(iconURI.isEmpty() ? KURL() : m_scriptExecutionContext->completeURL(iconURI), title, body);
- return Notification::create(contents, context(), ec, presenter());
+ return Notification::create(contents, context(), ec, this);
}
ScriptExecutionContext* context() const { return m_scriptExecutionContext; }
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list