[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

mdelaney at apple.com mdelaney at apple.com
Wed Dec 22 15:42:54 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit ec3115e5622345b9c2bad4548649a9b191e440ce
Author: mdelaney at apple.com <mdelaney at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Wed Nov 10 22:44:23 2010 +0000

    2010-11-10  Matthew Delaney  <mdelaney at apple.com>
    
            Reviewed by Darin Adler.
    
            Crash in documentWillBecomeInactive() when closing window with Reader showing content with SVG
            https://bugs.webkit.org/show_bug.cgi?id=49084
    
            Manual test added.
    
            * manual-tests/svg-deep-clone-to-new-doc.html: Added manual test for reproducing bug since an automated version proved to be a bit tough to craft up.
            * svg/SVGSVGElement.cpp: Added in necessary document ownership transfer calls.
            * svg/SVGSVGElement.h:
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@71772 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 4e6934e..cb302f5 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,16 @@
+2010-11-10  Matthew Delaney  <mdelaney at apple.com>
+
+        Reviewed by Darin Adler.
+
+        Crash in documentWillBecomeInactive() when closing window with Reader showing content with SVG
+        https://bugs.webkit.org/show_bug.cgi?id=49084
+
+        Manual test added.
+
+        * manual-tests/svg-deep-clone-to-new-doc.html: Added manual test for reproducing bug since an automated version proved to be a bit tough to craft up.
+        * svg/SVGSVGElement.cpp: Added in necessary document ownership transfer calls.
+        * svg/SVGSVGElement.h:
+
 2010-11-10  Pavel Feldman  <pfeldman at chromium.org>
 
         Reviewed by Yury Semikhatsky.
diff --git a/WebCore/manual-tests/svg-deep-clone-to-new-doc.html b/WebCore/manual-tests/svg-deep-clone-to-new-doc.html
new file mode 100644
index 0000000..faf0ef5
--- /dev/null
+++ b/WebCore/manual-tests/svg-deep-clone-to-new-doc.html
@@ -0,0 +1,56 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+
+  <!-- To run this test: Open this page, close the window, and (hopefully) don't crash.-->
+
+  <script>    
+    function gc()
+    {
+        if (window.GCController)
+            GCController.collect();
+        else
+            for (var i = 0; i < 10000; ++i) // Allocate a sufficient number of objects to force a GC.
+                ({});
+    }
+    window.onload = init;
+    
+    function init() {
+      var iframe = document.getElementById("iframe");
+      var thesvgdiv = document.getElementById('thediv');
+      var theclone = thesvgdiv.cloneNode(true);
+      iframe.contentDocument.body.appendChild(theclone);
+      setTimeout(function() {
+        iframe.style.display = 'none';
+        iframe.parentNode.removeChild(iframe);
+        gc();
+        window.close();
+      }, 500);
+    }
+  </script>
+</head>
+
+<body>
+  <div>
+    <div id="thediv">
+      <svg id="thesvg" width="12cm" height="3.6cm" viewBox="0 0 1000 300">  
+          <defs>
+            <lineargradient id="orange_red" x2="0" y2="1" >
+              <stop stop-color="yellow" />
+              <stop offset="1" stop-color="red" />
+            </lineargradient>
+          </defs>
+          <path id="MyPath" d="M 100 200  C 200 100 300   0 400 100   C 500 200 600 300 700 200  C 800 100 900 100 900 100" fill="none" stroke="red" />  
+          <text font-family="Verdana" font-size="72.5" fill="url(#orange_red)" >    
+            <textpath xlink:href="#MyPath"> Look mom, SVG in HTML! </textpath>  
+          </text>
+          (If you had an HTML5 compliant browser, the previous text would be colored and on a path.)
+      </svg>
+    </div>
+    <div>
+      <iframe id="iframe" width="50%" height="50%"></iframe>
+    </div>
+  </div>
+</body>
+</html>
\ No newline at end of file
diff --git a/WebCore/svg/SVGSVGElement.cpp b/WebCore/svg/SVGSVGElement.cpp
index 314f522..7e9862c 100644
--- a/WebCore/svg/SVGSVGElement.cpp
+++ b/WebCore/svg/SVGSVGElement.cpp
@@ -91,6 +91,18 @@ SVGSVGElement::~SVGSVGElement()
     document()->accessSVGExtensions()->removeTimeContainer(this);
 }
 
+void SVGSVGElement::willMoveToNewOwnerDocument()
+{
+    document()->unregisterForDocumentActivationCallbacks(this);
+    SVGStyledLocatableElement::willMoveToNewOwnerDocument();
+}
+
+void SVGSVGElement::didMoveToNewOwnerDocument()
+{
+    document()->registerForDocumentActivationCallbacks(this);
+    SVGStyledLocatableElement::didMoveToNewOwnerDocument();
+}
+
 const AtomicString& SVGSVGElement::contentScriptType() const
 {
     DEFINE_STATIC_LOCAL(const AtomicString, defaultValue, ("text/ecmascript"));
diff --git a/WebCore/svg/SVGSVGElement.h b/WebCore/svg/SVGSVGElement.h
index dca3ac2..7c65a2c 100644
--- a/WebCore/svg/SVGSVGElement.h
+++ b/WebCore/svg/SVGSVGElement.h
@@ -121,6 +121,10 @@ namespace WebCore {
 
         Element* getElementById(const AtomicString&) const;
 
+    protected:
+        virtual void willMoveToNewOwnerDocument();
+        virtual void didMoveToNewOwnerDocument();
+
     private:
         SVGSVGElement(const QualifiedName&, Document*);
         virtual ~SVGSVGElement();

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list