Skip to site navigation (Press enter)

[webkit-changes] [103436] branches/safari-534.54-branch

lforschler Wed, 21 Dec 2011 13:05:02 -0800

Title: [103436] branches/safari-534.54-branch

Revision: 103436
Author: lforsch...@apple.com
Date: 2011-12-21 13:04:51 -0800 (Wed, 21 Dec 2011)

Log Message

Merged r94112.


Modified Paths

branches/safari-534.54-branch/LayoutTests/ChangeLog
branches/safari-534.54-branch/Source/WebCore/ChangeLog
branches/safari-534.54-branch/Source/WebCore/loader/DocumentWriter.cpp


Added Paths

branches/safari-534.54-branch/LayoutTests/fast/loader/_javascript_-url-iframe-crash-expected.txt
branches/safari-534.54-branch/LayoutTests/fast/loader/_javascript_-url-iframe-crash.html

Diff

Modified: branches/safari-534.54-branch/LayoutTests/ChangeLog (103435 => 103436)


--- branches/safari-534.54-branch/LayoutTests/ChangeLog	2011-12-21 21:01:43 UTC (rev 103435)
+++ branches/safari-534.54-branch/LayoutTests/ChangeLog	2011-12-21 21:04:51 UTC (rev 103436)
@@ -1,5 +1,19 @@
 2011-12-21  Lucas Forschler  <lforsch...@apple.com>
 
+    Merge 94112
+
+    2011-08-30  Adam Barth  <aba...@webkit.org>
+
+            Flaky crash with _javascript_ URLs
+            https://bugs.webkit.org/show_bug.cgi?id=66360
+
+            Reviewed by Nate Chapin.
+
+            * fast/loader/_javascript_-url-iframe-crash-expected.txt: Added.
+            * fast/loader/_javascript_-url-iframe-crash.html: Added.
+
+2011-12-21  Lucas Forschler  <lforsch...@apple.com>
+
     Merge 94109
 
     2011-08-30  Abhishek Arya  <infe...@chromium.org>

Copied: branches/safari-534.54-branch/LayoutTests/fast/loader/_javascript_-url-iframe-crash-expected.txt (from rev 94112, trunk/LayoutTests/fast/loader/_javascript_-url-iframe-crash-expected.txt) (0 => 103436)


--- branches/safari-534.54-branch/LayoutTests/fast/loader/_javascript_-url-iframe-crash-expected.txt	                        (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/fast/loader/_javascript_-url-iframe-crash-expected.txt	2011-12-21 21:04:51 UTC (rev 103436)
@@ -0,0 +1,7 @@
+
+
+
+
+
+This test passes if it doesn't crash.
+

Copied: branches/safari-534.54-branch/LayoutTests/fast/loader/_javascript_-url-iframe-crash.html (from rev 94112, trunk/LayoutTests/fast/loader/_javascript_-url-iframe-crash.html) (0 => 103436)


--- branches/safari-534.54-branch/LayoutTests/fast/loader/_javascript_-url-iframe-crash.html	                        (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/fast/loader/_javascript_-url-iframe-crash.html	2011-12-21 21:04:51 UTC (rev 103436)
@@ -0,0 +1,9 @@
+<iframe src=""
+<a><summary><pre><pre><pre><pre><pre><iframe src=""
+
+<a>
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+</script>
+This test passes if it doesn't crash.

Modified: branches/safari-534.54-branch/Source/WebCore/ChangeLog (103435 => 103436)


--- branches/safari-534.54-branch/Source/WebCore/ChangeLog	2011-12-21 21:01:43 UTC (rev 103435)
+++ branches/safari-534.54-branch/Source/WebCore/ChangeLog	2011-12-21 21:04:51 UTC (rev 103436)
@@ -1,5 +1,24 @@
 2011-12-21  Lucas Forschler  <lforsch...@apple.com>
 
+    Merge 94112
+
+    2011-08-30  Adam Barth  <aba...@webkit.org>
+
+            Flaky crash with _javascript_ URLs
+            https://bugs.webkit.org/show_bug.cgi?id=66360
+
+            Reviewed by Nate Chapin.
+
+            This patch teaches DocumentWriter::begin to make a copy of the URL
+            before beginning a new document to avoid a crash.
+
+            Test: fast/loader/_javascript_-url-iframe-crash.html
+
+            * loader/DocumentWriter.cpp:
+            (WebCore::DocumentWriter::begin):
+
+2011-12-21  Lucas Forschler  <lforsch...@apple.com>
+
     Merge 94109
 
     2011-08-30  Abhishek Arya  <infe...@chromium.org>

Modified: branches/safari-534.54-branch/Source/WebCore/loader/DocumentWriter.cpp (103435 => 103436)


--- branches/safari-534.54-branch/Source/WebCore/loader/DocumentWriter.cpp	2011-12-21 21:01:43 UTC (rev 103435)
+++ branches/safari-534.54-branch/Source/WebCore/loader/DocumentWriter.cpp	2011-12-21 21:04:51 UTC (rev 103436)
@@ -106,12 +106,17 @@
     return DOMImplementation::createDocument(m_mimeType, m_frame, url, m_frame->inViewSourceMode());
 }
 
-void DocumentWriter::begin(const KURL& url, bool dispatch, SecurityOrigin* origin)
+void DocumentWriter::begin(const KURL& urlReference, bool dispatch, SecurityOrigin* origin)
 {
     // We need to take a reference to the security origin because |clear|
     // might destroy the document that owns it.
     RefPtr<SecurityOrigin> forcedSecurityOrigin = origin;
 
+    // We grab a local copy of the URL because it's easy for callers to supply
+    // a URL that will be deallocated during the execution of this function.
+    // For example, see <https://bugs.webkit.org/show_bug.cgi?id=66360>.
+    KURL url = ""
+
     // Create a new document before clearing the frame, because it may need to
     // inherit an aliased security context.
     RefPtr<Document> document = createDocument(url);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes