[webkit-changes] [92298] trunk

Wed, 03 Aug 2011 11:56:45 -0700

Title: [92298] trunk
Revision
92298
Author
aba...@webkit.org
Date
2011-08-03 11:56:37 -0700 (Wed, 03 Aug 2011)

Log Message

Crash in DocumentWriter::endIfNotLoadingMainResource
https://bugs.webkit.org/show_bug.cgi?id=65581

Reviewed by Nate Chapin.

Source/WebCore:

This function is poorly designed because isLoadingMainResource is a
poor proxy for determing whether to flush/finish the parser.  Really,
we should change how loads complete to match the model in HTML5, but
that's pretty tricky.  In the meantime, this null check fixes the
crash.

I'm sure there's another bug on file about this crash, but we've never
been able to reproduce it.  Thanks to Berend-Jan Wever for the test
case!

Test: fast/loader/reload-zero-byte-plugin.html

* loader/DocumentWriter.cpp:
(WebCore::DocumentWriter::endIfNotLoadingMainResource):

LayoutTests:

* fast/loader/reload-zero-byte-plugin-expected.txt: Added.
* fast/loader/reload-zero-byte-plugin.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (92297 => 92298)


--- trunk/LayoutTests/ChangeLog	2011-08-03 18:40:24 UTC (rev 92297)
+++ trunk/LayoutTests/ChangeLog	2011-08-03 18:56:37 UTC (rev 92298)
@@ -1,3 +1,13 @@
+2011-08-03  Adam Barth  <aba...@webkit.org>
+
+        Crash in DocumentWriter::endIfNotLoadingMainResource
+        https://bugs.webkit.org/show_bug.cgi?id=65581
+
+        Reviewed by Nate Chapin.
+
+        * fast/loader/reload-zero-byte-plugin-expected.txt: Added.
+        * fast/loader/reload-zero-byte-plugin.html: Added.
+
 2011-08-03  Anders Carlsson  <ander...@apple.com>
 
         Add a Mac Lion skipped list.

Added: trunk/LayoutTests/fast/loader/reload-zero-byte-plugin-expected.txt (0 => 92298)


--- trunk/LayoutTests/fast/loader/reload-zero-byte-plugin-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/loader/reload-zero-byte-plugin-expected.txt	2011-08-03 18:56:37 UTC (rev 92298)
@@ -0,0 +1 @@
+This test passes if it doesn't crash. To run manually, please disable your popup blocker.

Added: trunk/LayoutTests/fast/loader/reload-zero-byte-plugin.html (0 => 92298)


--- trunk/LayoutTests/fast/loader/reload-zero-byte-plugin.html	                        (rev 0)
+++ trunk/LayoutTests/fast/loader/reload-zero-byte-plugin.html	2011-08-03 18:56:37 UTC (rev 92298)
@@ -0,0 +1,19 @@
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+    layoutTestController.setCanOpenWindows(true);
+    layoutTestController.setCloseRemainingWindowsWhenComplete(true);
+}
+
+var win = window.open('data:application/x-webkit-test-netscape,');
+setTimeout(function() {
+    win.location.reload();
+    setTimeout(function() {
+        if (window.layoutTestController)
+            layoutTestController.notifyDone();
+    }, 100);
+}, 100);
+</script>
+This test passes if it doesn't crash. To run manually, please disable your
+popup blocker.

Modified: trunk/Source/WebCore/ChangeLog (92297 => 92298)


--- trunk/Source/WebCore/ChangeLog	2011-08-03 18:40:24 UTC (rev 92297)
+++ trunk/Source/WebCore/ChangeLog	2011-08-03 18:56:37 UTC (rev 92298)
@@ -1,3 +1,25 @@
+2011-08-03  Adam Barth  <aba...@webkit.org>
+
+        Crash in DocumentWriter::endIfNotLoadingMainResource
+        https://bugs.webkit.org/show_bug.cgi?id=65581
+
+        Reviewed by Nate Chapin.
+
+        This function is poorly designed because isLoadingMainResource is a
+        poor proxy for determing whether to flush/finish the parser.  Really,
+        we should change how loads complete to match the model in HTML5, but
+        that's pretty tricky.  In the meantime, this null check fixes the
+        crash.
+
+        I'm sure there's another bug on file about this crash, but we've never
+        been able to reproduce it.  Thanks to Berend-Jan Wever for the test
+        case!
+
+        Test: fast/loader/reload-zero-byte-plugin.html
+
+        * loader/DocumentWriter.cpp:
+        (WebCore::DocumentWriter::endIfNotLoadingMainResource):
+
 2011-08-03  Anders Carlsson  <ander...@apple.com>
 
         WebCore images backing CG patterns should be released on the main thread

Modified: trunk/Source/WebCore/loader/DocumentWriter.cpp (92297 => 92298)


--- trunk/Source/WebCore/loader/DocumentWriter.cpp	2011-08-03 18:40:24 UTC (rev 92297)
+++ trunk/Source/WebCore/loader/DocumentWriter.cpp	2011-08-03 18:56:37 UTC (rev 92298)
@@ -211,6 +211,8 @@
 
 void DocumentWriter::endIfNotLoadingMainResource()
 {
+    // FIXME: This isn't really the check we should be doing. We should re-work
+    // how we end parsing to match the model in HTML5.
     if (m_frame->loader()->isLoadingMainResource() || !m_frame->page() || !m_frame->document())
         return;
 
@@ -219,6 +221,8 @@
     // so we'll add a protective refcount
     RefPtr<Frame> protector(m_frame);
 
+    if (!m_parser)
+        return;
     // FIXME: m_parser->finish() should imply m_parser->flush().
     m_parser->flush(this);
     if (!m_parser)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to