[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.22-985-g3c00f00
ukai at chromium.org
ukai at chromium.org
Wed Mar 17 18:19:41 UTC 2010
The following commit has been merged in the webkit-1.1 branch:
commit b018d4a212139b00a7f33cd79b5fa6f90597fd08
Author: ukai at chromium.org <ukai at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Mar 5 05:50:38 2010 +0000
WebSocket crash bug when reloading the page while the WebSocket is busy
https://bugs.webkit.org/show_bug.cgi?id=35732
Reviewed by Alexey Proskuryakov.
WebCore:
* websockets/WebSocketChannel.cpp:
(WebCore::WebSocketChannel::disconnect): clear m_context from WebSocketChannel and WebSocketHandshake.
(WebCore::WebSocketChannel::didOpen): check m_context
(WebCore::WebSocketChannel::didClose): clear m_context
(WebCore::WebSocketChannel::didReceiveData): check m_context, and check m_client early before appending to buffer
* websockets/WebSocketHandshake.cpp:
(WebCore::WebSocketHandshake::clearScriptExecutionContext): Added.
* websockets/WebSocketHandshake.h:
LayoutTests:
* websocket/tests/reload-crash-expected.txt: Added.
* websocket/tests/reload-crash.html: Added.
* websocket/tests/resoures/reload-crash-iframe.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@55570 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index ff7573a..c223a51 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,14 @@
+2010-03-04 Fumitoshi Ukai <ukai at chromium.org>
+
+ Reviewed by Alexey Proskuryakov.
+
+ WebSocket crash bug when reloading the page while the WebSocket is busy
+ https://bugs.webkit.org/show_bug.cgi?id=35732
+
+ * websocket/tests/reload-crash-expected.txt: Added.
+ * websocket/tests/reload-crash.html: Added.
+ * websocket/tests/resoures/reload-crash-iframe.html: Added.
+
2010-03-04 MORITA Hajime <morrita at google.com>
Reviewed by Alexey Proskuryakov.
diff --git a/LayoutTests/websocket/tests/reload-crash-expected.txt b/LayoutTests/websocket/tests/reload-crash-expected.txt
new file mode 100644
index 0000000..0175dee
--- /dev/null
+++ b/LayoutTests/websocket/tests/reload-crash-expected.txt
@@ -0,0 +1,11 @@
+Test if it doesn't crash when reloading while Web Socket is busy
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+PASS insert a iframe
+PASS iframe is ready.
+PASS reloaded iframe while WebSocket is busy
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/websocket/tests/reload-crash.html b/LayoutTests/websocket/tests/reload-crash.html
new file mode 100644
index 0000000..516c2f6
--- /dev/null
+++ b/LayoutTests/websocket/tests/reload-crash.html
@@ -0,0 +1,48 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="../../fast/js/resources/js-test-style.css">
+<script src="../../fast/js/resources/js-test-pre.js"></script>
+<script src="../../fast/js/resources/js-test-post-function.js"></script>
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script type="text/javascript">
+description("Test if it doesn't crash when reloading while Web Socket is busy");
+
+if (window.layoutTestController)
+ layoutTestController.waitUntilDone();
+
+var frameDiv;
+var reloadCount = 0;
+
+function endTest()
+{
+ isSuccessfullyParsed();
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+};
+
+document.iframeReady = function ()
+{
+ if (reloadCount == 0)
+ debug("PASS iframe is ready.");
+ if (reloadCount == 1) {
+ debug("PASS reloaded iframe while WebSocket is busy");
+ endTest();
+ return;
+ }
+ reloadCount += 1;
+};
+
+frameDiv = document.createElement("iframe");
+frameDiv.src = "resources/reload-crash-iframe.html";
+document.body.appendChild(frameDiv);
+debug("PASS insert a iframe");
+
+var successfullyParsed = true;
+</script>
+
+</body>
+</html>
diff --git a/LayoutTests/websocket/tests/resources/reload-crash-iframe.html b/LayoutTests/websocket/tests/resources/reload-crash-iframe.html
new file mode 100644
index 0000000..0abcbd6
--- /dev/null
+++ b/LayoutTests/websocket/tests/resources/reload-crash-iframe.html
@@ -0,0 +1,15 @@
+<html>
+<head>
+<script src="../../../fast/js/resources/js-test-pre.js"></script>
+<script src="../../../fast/js/resources/js-test-post-function.js"></script>
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script type="text/javascript">
+parent.document.iframeReady();
+var ws = new WebSocket("ws://127.0.0.1:8880/websocket/tests/close-on-unload");
+location.reload();
+</script>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 32d1585..14c6b51 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,19 @@
+2010-03-04 Fumitoshi Ukai <ukai at chromium.org>
+
+ Reviewed by Alexey Proskuryakov.
+
+ WebSocket crash bug when reloading the page while the WebSocket is busy
+ https://bugs.webkit.org/show_bug.cgi?id=35732
+
+ * websockets/WebSocketChannel.cpp:
+ (WebCore::WebSocketChannel::disconnect): clear m_context from WebSocketChannel and WebSocketHandshake.
+ (WebCore::WebSocketChannel::didOpen): check m_context
+ (WebCore::WebSocketChannel::didClose): clear m_context
+ (WebCore::WebSocketChannel::didReceiveData): check m_context, and check m_client early before appending to buffer
+ * websockets/WebSocketHandshake.cpp:
+ (WebCore::WebSocketHandshake::clearScriptExecutionContext): Added.
+ * websockets/WebSocketHandshake.h:
+
2010-03-04 MORITA Hajime <morrita at google.com>
Reviewed by Alexey Proskuryakov.
diff --git a/WebCore/websockets/WebSocketChannel.cpp b/WebCore/websockets/WebSocketChannel.cpp
index 96e9838..d482885 100644
--- a/WebCore/websockets/WebSocketChannel.cpp
+++ b/WebCore/websockets/WebSocketChannel.cpp
@@ -103,7 +103,9 @@ void WebSocketChannel::close()
void WebSocketChannel::disconnect()
{
LOG(Network, "WebSocketChannel %p disconnect", this);
+ m_handshake.clearScriptExecutionContext();
m_client = 0;
+ m_context = 0;
if (m_handle)
m_handle->close();
}
@@ -112,6 +114,8 @@ void WebSocketChannel::didOpen(SocketStreamHandle* handle)
{
LOG(Network, "WebSocketChannel %p didOpen", this);
ASSERT(handle == m_handle);
+ if (!m_context)
+ return;
const CString& handshakeMessage = m_handshake.clientHandshakeMessage();
if (!handle->send(handshakeMessage.data(), handshakeMessage.length())) {
m_context->addMessage(ConsoleDestination, JSMessageSource, LogMessageType, ErrorMessageLevel, "Error sending handshake message.", 0, m_handshake.clientOrigin());
@@ -127,6 +131,7 @@ void WebSocketChannel::didClose(SocketStreamHandle* handle)
unsigned long unhandledBufferedAmount = m_handle->bufferedAmount();
WebSocketChannelClient* client = m_client;
m_client = 0;
+ m_context = 0;
m_handle = 0;
if (client)
client->didClose(unhandledBufferedAmount);
@@ -139,14 +144,17 @@ void WebSocketChannel::didReceiveData(SocketStreamHandle* handle, const char* da
LOG(Network, "WebSocketChannel %p didReceiveData %d", this, len);
RefPtr<WebSocketChannel> protect(this); // The client can close the channel, potentially removing the last reference.
ASSERT(handle == m_handle);
- if (!appendToBuffer(data, len)) {
- handle->close();
+ if (!m_context) {
return;
}
if (!m_client) {
handle->close();
return;
}
+ if (!appendToBuffer(data, len)) {
+ handle->close();
+ return;
+ }
if (m_handshake.mode() == WebSocketHandshake::Incomplete) {
int headerLength = m_handshake.readServerHandshake(m_buffer, m_bufferSize);
if (headerLength <= 0)
diff --git a/WebCore/websockets/WebSocketHandshake.cpp b/WebCore/websockets/WebSocketHandshake.cpp
index 037da78..5263ed4 100644
--- a/WebCore/websockets/WebSocketHandshake.cpp
+++ b/WebCore/websockets/WebSocketHandshake.cpp
@@ -221,6 +221,11 @@ void WebSocketHandshake::reset()
m_setCookie2 = String();
}
+void WebSocketHandshake::clearScriptExecutionContext()
+{
+ m_context = 0;
+}
+
int WebSocketHandshake::readServerHandshake(const char* header, size_t len)
{
m_mode = Incomplete;
diff --git a/WebCore/websockets/WebSocketHandshake.h b/WebCore/websockets/WebSocketHandshake.h
index a22399c..df199ff 100644
--- a/WebCore/websockets/WebSocketHandshake.h
+++ b/WebCore/websockets/WebSocketHandshake.h
@@ -67,6 +67,7 @@ namespace WebCore {
WebSocketHandshakeRequest clientHandshakeRequest() const;
void reset();
+ void clearScriptExecutionContext();
int readServerHandshake(const char* header, size_t len);
Mode mode() const;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list