[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.19-706-ge5415e9
ap at apple.com
ap at apple.com
Thu Feb 4 21:21:52 UTC 2010
The following commit has been merged in the webkit-1.1 branch:
commit 117197c099323b8d14e80fa143cf0bda79701b16
Author: ap at apple.com <ap at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Jan 20 19:00:59 2010 +0000
Reviewed by Simon Fraser.
https://bugs.webkit.org/show_bug.cgi?id=33913
Crash under Media::matchMedium in detached frame
Also took the opportunity to fix JS bindings for the Media object.
Test: fast/media/lifetime.html
* css/Media.h:
(WebCore::Media::create): Take and store a Frame pointer, like other similar objects do.
(WebCore::Media::disconnectFrame): Zero out the frame pointer (this is called from
DOMWindow::clear()).
* css/Media.cpp:
(WebCore::Media::Media): Updated to storing Frame pointer.
(WebCore::Media::type): Ditto.
(WebCore::Media::matchMedium): Removed null check for document element - every document has
one. Also, every Frame has a document, so we only need to check for m_frame being zero.
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::markChildren):
* page/DOMWindow.cpp:
(WebCore::DOMWindow::clear):
(WebCore::DOMWindow::media):
* page/DOMWindow.h:
(WebCore::DOMWindow::optionalMedia):
Make sure there's only one Media object per window, and keep its wrapper alive.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53555 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/fast/media/lifetime-expected.txt b/LayoutTests/fast/media/lifetime-expected.txt
new file mode 100644
index 0000000..fa520ce
--- /dev/null
+++ b/LayoutTests/fast/media/lifetime-expected.txt
@@ -0,0 +1,4 @@
+Test Media object lifetime.
+
+PASS
+
diff --git a/LayoutTests/fast/media/lifetime.html b/LayoutTests/fast/media/lifetime.html
new file mode 100644
index 0000000..df32f5a
--- /dev/null
+++ b/LayoutTests/fast/media/lifetime.html
@@ -0,0 +1,46 @@
+<body onload="test()">
+<p>Test Media object lifetime.</p>
+<div id=result>Testing...</div>
+<iframe src="about:blank"></iframe>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function gc()
+{
+ if (window.GCController)
+ return GCController.collect();
+
+ for (var i = 0; i < 10000; i++) { // > force garbage collection (FF requires about 9K allocations before a collect)
+ var s = new String("abc");
+ }
+}
+
+function test()
+{
+ if (!window.media) {
+ document.getElementById("result").innerHTML = "FAIL - window.media is not supported.";
+ return;
+ }
+
+ media.foo = "bar";
+ gc();
+ if (media.foo != "bar") {
+ document.getElementById("result").innerHTML = "FAIL - Window.media doesn't return the same object each time.";
+ return;
+ }
+
+ var m = frames[0].media;
+ document.body.removeChild(document.getElementsByTagName("iframe")[0]);
+ try { m.matchMedium("foobar") } catch (ex) { }
+ setTimeout(function() {
+ gc();
+ try { m.matchMedium("foobar") } catch (ex) { }
+ document.getElementById("result").innerHTML = "PASS";
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }, 0);
+}
+</script>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index bd92162..21e1cf3 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,34 @@
+2010-01-20 Alexey Proskuryakov <ap at apple.com>
+
+ Reviewed by Simon Fraser.
+
+ https://bugs.webkit.org/show_bug.cgi?id=33913
+ Crash under Media::matchMedium in detached frame
+
+ Also took the opportunity to fix JS bindings for the Media object.
+
+ Test: fast/media/lifetime.html
+
+ * css/Media.h:
+ (WebCore::Media::create): Take and store a Frame pointer, like other similar objects do.
+ (WebCore::Media::disconnectFrame): Zero out the frame pointer (this is called from
+ DOMWindow::clear()).
+
+ * css/Media.cpp:
+ (WebCore::Media::Media): Updated to storing Frame pointer.
+ (WebCore::Media::type): Ditto.
+ (WebCore::Media::matchMedium): Removed null check for document element - every document has
+ one. Also, every Frame has a document, so we only need to check for m_frame being zero.
+
+ * bindings/js/JSDOMWindowCustom.cpp:
+ (WebCore::JSDOMWindow::markChildren):
+ * page/DOMWindow.cpp:
+ (WebCore::DOMWindow::clear):
+ (WebCore::DOMWindow::media):
+ * page/DOMWindow.h:
+ (WebCore::DOMWindow::optionalMedia):
+ Make sure there's only one Media object per window, and keep its wrapper alive.
+
2010-01-20 Steve Falkenburg <sfalken at apple.com>
Reviewed by Darin Adler and Adam Roben.
diff --git a/WebCore/bindings/js/JSDOMWindowCustom.cpp b/WebCore/bindings/js/JSDOMWindowCustom.cpp
index a349a0b..6f8d428 100644
--- a/WebCore/bindings/js/JSDOMWindowCustom.cpp
+++ b/WebCore/bindings/js/JSDOMWindowCustom.cpp
@@ -113,6 +113,7 @@ void JSDOMWindow::markChildren(MarkStack& markStack)
markDOMObjectWrapper(markStack, globalData, impl()->optionalStatusbar());
markDOMObjectWrapper(markStack, globalData, impl()->optionalToolbar());
markDOMObjectWrapper(markStack, globalData, impl()->optionalLocation());
+ markDOMObjectWrapper(markStack, globalData, impl()->optionalMedia());
#if ENABLE(DOM_STORAGE)
markDOMObjectWrapper(markStack, globalData, impl()->optionalSessionStorage());
markDOMObjectWrapper(markStack, globalData, impl()->optionalLocalStorage());
diff --git a/WebCore/css/Media.cpp b/WebCore/css/Media.cpp
index 57c4aac..e238602 100644
--- a/WebCore/css/Media.cpp
+++ b/WebCore/css/Media.cpp
@@ -34,15 +34,14 @@
namespace WebCore {
-Media::Media(DOMWindow* window)
- : m_window(window)
+Media::Media(Frame* frame)
+ : m_frame(frame)
{
}
String Media::type() const
{
- Frame* frame = m_window->frame();
- FrameView* view = frame ? frame->view() : 0;
+ FrameView* view = m_frame ? m_frame->view() : 0;
if (view)
return view->mediaType();
@@ -51,15 +50,19 @@ String Media::type() const
bool Media::matchMedium(const String& query) const
{
- Document* document = m_window->document();
- Frame* frame = m_window->frame();
+ if (!m_frame)
+ return false;
+
+ Document* document = m_frame->document();
+ ASSERT(document);
+ Element* documentElement = document->documentElement();
+ ASSERT(documentElement);
CSSStyleSelector* styleSelector = document->styleSelector();
- Element* docElement = document->documentElement();
- if (!styleSelector || !docElement || !frame)
+ if (!styleSelector)
return false;
- RefPtr<RenderStyle> rootStyle = styleSelector->styleForElement(docElement, 0 /*defaultParent*/, false /*allowSharing*/, true /*resolveForRootDefault*/);
+ RefPtr<RenderStyle> rootStyle = styleSelector->styleForElement(documentElement, 0 /*defaultParent*/, false /*allowSharing*/, true /*resolveForRootDefault*/);
RefPtr<MediaList> media = MediaList::create();
ExceptionCode ec = 0;
@@ -67,7 +70,7 @@ bool Media::matchMedium(const String& query) const
if (ec)
return false;
- MediaQueryEvaluator screenEval(type(), frame, rootStyle.get());
+ MediaQueryEvaluator screenEval(type(), m_frame, rootStyle.get());
return screenEval.eval(media.get());
}
diff --git a/WebCore/css/Media.h b/WebCore/css/Media.h
index 0d7b504..ee6961b 100644
--- a/WebCore/css/Media.h
+++ b/WebCore/css/Media.h
@@ -32,21 +32,21 @@ namespace WebCore {
class Media : public RefCounted<Media> {
public:
- static PassRefPtr<Media> create(DOMWindow* window)
+ static PassRefPtr<Media> create(Frame* frame)
{
- return adoptRef(new Media(window));
+ return adoptRef(new Media(frame));
}
-
- Document* document() const { return m_window->document(); }
+
+ void disconnectFrame() { m_frame = 0; }
String type() const;
bool matchMedium(const String&) const;
private:
- Media(DOMWindow*);
+ Media(Frame*);
- RefPtr<DOMWindow> m_window;
+ Frame* m_frame;
};
} // namespace
diff --git a/WebCore/page/DOMWindow.cpp b/WebCore/page/DOMWindow.cpp
index 564c2c4..3e1db8f 100644
--- a/WebCore/page/DOMWindow.cpp
+++ b/WebCore/page/DOMWindow.cpp
@@ -442,6 +442,10 @@ void DOMWindow::clear()
if (m_location)
m_location->disconnectFrame();
m_location = 0;
+
+ if (m_media)
+ m_media->disconnectFrame();
+ m_media = 0;
#if ENABLE(DOM_STORAGE)
if (m_sessionStorage)
@@ -1053,7 +1057,9 @@ Document* DOMWindow::document() const
PassRefPtr<Media> DOMWindow::media() const
{
- return Media::create(const_cast<DOMWindow*>(this));
+ if (!m_media)
+ m_media = Media::create(m_frame);
+ return m_media.get();
}
PassRefPtr<CSSStyleDeclaration> DOMWindow::getComputedStyle(Element* elt, const String&) const
diff --git a/WebCore/page/DOMWindow.h b/WebCore/page/DOMWindow.h
index d6e5ad7..bdd1ef5 100644
--- a/WebCore/page/DOMWindow.h
+++ b/WebCore/page/DOMWindow.h
@@ -345,6 +345,7 @@ namespace WebCore {
Console* optionalConsole() const { return m_console.get(); }
Navigator* optionalNavigator() const { return m_navigator.get(); }
Location* optionalLocation() const { return m_location.get(); }
+ Media* optionalMedia() const { return m_media.get(); }
#if ENABLE(DOM_STORAGE)
Storage* optionalSessionStorage() const { return m_sessionStorage.get(); }
Storage* optionalLocalStorage() const { return m_localStorage.get(); }
@@ -381,6 +382,7 @@ namespace WebCore {
mutable RefPtr<Console> m_console;
mutable RefPtr<Navigator> m_navigator;
mutable RefPtr<Location> m_location;
+ mutable RefPtr<Media> m_media;
#if ENABLE(DOM_STORAGE)
mutable RefPtr<Storage> m_sessionStorage;
mutable RefPtr<Storage> m_localStorage;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list