[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-10851-g50815da

mrowe at apple.com mrowe at apple.com
Wed Dec 22 18:37:59 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit f366860cbf6ba86b3847c4dbb05de4f1d2cd7a18
Author: mrowe at apple.com <mrowe at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Dec 14 23:54:00 2010 +0000

    <http://webkit.org/b/51064> Reproducible crash inside WebCore::MediaPlayerPrivateQTKit::createQTMovie when loading <video>
    
    Reviewed by Sam Weinig.
    
    JavaScriptCore:
    
    * wtf/text/WTFString.h: Prevent String from being implicitly convertable to bool.
    It was previously implicitly convertible to bool on Mac via operator NSString*,
    but since that always has a non-zero return value it would give unexpected results.
    
    WebCore:
    
    We were crashing inside MediaPlayerPrivateQTKit::createQTMovie as we were passing a null URL in
    to CFNetworkCopyProxiesForURL. This happened because we were null-checking the URL incorrectly.
    
    * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
    (WebCore::MediaPlayerPrivateQTKit::resumeLoad): Explicitly test for a null string.
    
    WebKit/mac:
    
    * History/WebHistoryItem.mm:
    (-[WebHistoryItem description]): Test whether the string is empty rather than incorrectly
    always including the target in the output.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@74065 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index 9171997..d4bf538 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,13 @@
+2010-12-14  Mark Rowe  <mrowe at apple.com>
+
+        Reviewed by Sam Weinig.
+
+        <http://webkit.org/b/51064> Reproducible crash inside WebCore::MediaPlayerPrivateQTKit::createQTMovie when loading <video>
+
+        * wtf/text/WTFString.h: Prevent String from being implicitly convertable to bool.
+        It was previously implicitly convertible to bool on Mac via operator NSString*,
+        but since that always has a non-zero return value it would give unexpected results.
+
 2010-12-14  Laszlo Gombos  <laszlo.1.gombos at nokia.com>
 
         Reviewed by Eric Seidel.
diff --git a/JavaScriptCore/wtf/text/WTFString.h b/JavaScriptCore/wtf/text/WTFString.h
index eb95b41..4d853d2 100644
--- a/JavaScriptCore/wtf/text/WTFString.h
+++ b/JavaScriptCore/wtf/text/WTFString.h
@@ -276,6 +276,13 @@ public:
     // to ever prefer copy() over plain old assignment.
     String threadsafeCopy() const;
 
+    // Prevent Strings from being implicitly convertable to bool as it will be ambiguous on any platform that
+    // allows implicit conversion to another pointer type (e.g., Mac allows implicit conversion to NSString*).
+    typedef struct ImplicitConversionFromWTFStringToBoolDisallowedA* (String::*UnspecifiedBoolTypeA);
+    typedef struct ImplicitConversionFromWTFStringToBoolDisallowedB* (String::*UnspecifiedBoolTypeB);
+    operator UnspecifiedBoolTypeA() const;
+    operator UnspecifiedBoolTypeB() const;
+
 #if PLATFORM(CF)
     String(CFStringRef);
     CFStringRef createCFString() const;
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index ef3848d..f3e4f25 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-12-14  Mark Rowe  <mrowe at apple.com>
+
+        Reviewed by Sam Weinig.
+
+        <http://webkit.org/b/51064> Reproducible crash inside WebCore::MediaPlayerPrivateQTKit::createQTMovie when loading <video>
+
+        We were crashing inside MediaPlayerPrivateQTKit::createQTMovie as we were passing a null URL in
+        to CFNetworkCopyProxiesForURL. This happened because we were null-checking the URL incorrectly.
+
+        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
+        (WebCore::MediaPlayerPrivateQTKit::resumeLoad): Explicitly test for a null string.
+
 2010-12-14  David Hyatt  <hyatt at apple.com>
 
         Reviewed by Dan Bernstein.
diff --git a/WebCore/platform/graphics/mac/MediaPlayerPrivateQTKit.mm b/WebCore/platform/graphics/mac/MediaPlayerPrivateQTKit.mm
index 5d461ab..2361f6a 100644
--- a/WebCore/platform/graphics/mac/MediaPlayerPrivateQTKit.mm
+++ b/WebCore/platform/graphics/mac/MediaPlayerPrivateQTKit.mm
@@ -623,7 +623,7 @@ void MediaPlayerPrivateQTKit::resumeLoad()
 {
     m_delayingLoad = false;
 
-    if (m_movieURL)
+    if (!m_movieURL.isNull())
         loadInternal(m_movieURL);
 }
 
diff --git a/WebKit/mac/ChangeLog b/WebKit/mac/ChangeLog
index 1aaeff8..ffd1fed 100644
--- a/WebKit/mac/ChangeLog
+++ b/WebKit/mac/ChangeLog
@@ -1,3 +1,13 @@
+2010-12-14  Mark Rowe  <mrowe at apple.com>
+
+        Reviewed by Sam Weinig.
+
+        <http://webkit.org/b/51064> Reproducible crash inside WebCore::MediaPlayerPrivateQTKit::createQTMovie when loading <video>
+
+        * History/WebHistoryItem.mm:
+        (-[WebHistoryItem description]): Test whether the string is empty rather than incorrectly
+        always including the target in the output.
+
 2010-12-13  Alexey Proskuryakov  <ap at apple.com>
 
         Reviewed by Adam Barth.
diff --git a/WebKit/mac/History/WebHistoryItem.mm b/WebKit/mac/History/WebHistoryItem.mm
index 48baa7c..de56180 100644
--- a/WebKit/mac/History/WebHistoryItem.mm
+++ b/WebKit/mac/History/WebHistoryItem.mm
@@ -219,7 +219,7 @@ void WKNotifyHistoryItemChanged(HistoryItem*)
     ASSERT_MAIN_THREAD();
     HistoryItem* coreItem = core(_private);
     NSMutableString *result = [NSMutableString stringWithFormat:@"%@ %@", [super description], (NSString*)coreItem->urlString()];
-    if (coreItem->target()) {
+    if (!coreItem->target().isEmpty()) {
         NSString *target = coreItem->target();
         [result appendFormat:@" in \"%@\"", target];
     }

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list