Skip to site navigation (Press enter)

[webkit-changes] [95059] trunk

commit-queue Tue, 13 Sep 2011 17:28:15 -0700

Title: [95059] trunk

Revision: 95059
Author: commit-qu...@webkit.org
Date: 2011-09-13 17:29:11 -0700 (Tue, 13 Sep 2011)

Log Message

Source/WebCore: Fix crash when an iframe element is removed during a transition to
fullscreen.
https://bugs.webkit.org/show_bug.cgi?id=67960


Patch by Jeremy Apthorp <jere...@google.com> on 2011-09-13
Reviewed by Adam Barth.

Test: fullscreen/full-screen-remove-ancestor-during-transition.html

* dom/Document.cpp:
(WebCore::Document::~Document):
Clear the list of elements to which we need to send a fullscreenchange
event.

LayoutTests: Removing an iframe from the document during a transition to fullscreen
should not crash.
https://bugs.webkit.org/show_bug.cgi?id=67960

Patch by Jeremy Apthorp <jere...@google.com> on 2011-09-13
Reviewed by Adam Barth.

* fullscreen/full-screen-remove-ancestor-during-transition-expected.txt: Added.
* fullscreen/full-screen-remove-ancestor-during-transition.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/dom/Document.cpp

Added Paths

trunk/LayoutTests/fullscreen/full-screen-remove-ancestor-during-transition-expected.txt
trunk/LayoutTests/fullscreen/full-screen-remove-ancestor-during-transition.html

Diff

Modified: trunk/LayoutTests/ChangeLog (95058 => 95059)


--- trunk/LayoutTests/ChangeLog	2011-09-14 00:17:09 UTC (rev 95058)
+++ trunk/LayoutTests/ChangeLog	2011-09-14 00:29:11 UTC (rev 95059)
@@ -1,3 +1,14 @@
+2011-09-13  Jeremy Apthorp  <jere...@google.com>
+
+        Removing an iframe from the document during a transition to fullscreen
+        should not crash.
+        https://bugs.webkit.org/show_bug.cgi?id=67960
+
+        Reviewed by Adam Barth.
+
+        * fullscreen/full-screen-remove-ancestor-during-transition-expected.txt: Added.
+        * fullscreen/full-screen-remove-ancestor-during-transition.html: Added.
+
 2011-09-13  David Hyatt  <hy...@apple.com>
 
         https://bugs.webkit.org/show_bug.cgi?id=68040

Added: trunk/LayoutTests/fullscreen/full-screen-remove-ancestor-during-transition-expected.txt (0 => 95059)


--- trunk/LayoutTests/fullscreen/full-screen-remove-ancestor-during-transition-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fullscreen/full-screen-remove-ancestor-during-transition-expected.txt	2011-09-14 00:29:11 UTC (rev 95059)
@@ -0,0 +1 @@
+PASS

Added: trunk/LayoutTests/fullscreen/full-screen-remove-ancestor-during-transition.html (0 => 95059)


--- trunk/LayoutTests/fullscreen/full-screen-remove-ancestor-during-transition.html	                        (rev 0)
+++ trunk/LayoutTests/fullscreen/full-screen-remove-ancestor-during-transition.html	2011-09-14 00:29:11 UTC (rev 95059)
@@ -0,0 +1,43 @@
+<script src=""
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+function runWithKeyDown(fn)
+{
+    document.addEventListener('mousedown', function() { fn(); }, false);
+    if (window.layoutTestController) {
+        eventSender.mouseDown();
+    }
+}
+
+function init() {
+    // Bail out early if the full screen API is not enabled or is missing:
+    if (Element.prototype.webkitRequestFullScreen == undefined) {
+        alert("Fullscreen API not available.");
+    } else {
+        runWithKeyDown(goFullScreen);
+    }
+}
+
+function goFullScreen() {
+    var iframe = document.getElementById('block1');
+    var element = iframe.contentDocument.documentElement;
+    setTimeout(function () {
+        iframe.parentNode.removeChild(iframe);
+        gc();
+        setTimeout(function () {
+            if (window.layoutTestController) {
+                layoutTestController.notifyDone();
+            }
+        }, 0);
+    }, 0);
+    element.webkitRequestFullScreen();
+}
+</script>
+<body _onload_="init()">
+    <iframe webkitallowfullscreen src="" id="block1"></iframe>
+    PASS
+</body>

Modified: trunk/Source/WebCore/ChangeLog (95058 => 95059)


--- trunk/Source/WebCore/ChangeLog	2011-09-14 00:17:09 UTC (rev 95058)
+++ trunk/Source/WebCore/ChangeLog	2011-09-14 00:29:11 UTC (rev 95059)
@@ -1,3 +1,18 @@
+2011-09-13  Jeremy Apthorp  <jere...@google.com>
+
+        Fix crash when an iframe element is removed during a transition to
+        fullscreen.
+        https://bugs.webkit.org/show_bug.cgi?id=67960
+
+        Reviewed by Adam Barth.
+
+        Test: fullscreen/full-screen-remove-ancestor-during-transition.html
+
+        * dom/Document.cpp:
+        (WebCore::Document::~Document):
+        Clear the list of elements to which we need to send a fullscreenchange
+        event.
+
 2011-09-13  David Hyatt  <hy...@apple.com>
 
         https://bugs.webkit.org/show_bug.cgi?id=68040

Modified: trunk/Source/WebCore/dom/Document.cpp (95058 => 95059)


--- trunk/Source/WebCore/dom/Document.cpp	2011-09-14 00:17:09 UTC (rev 95058)
+++ trunk/Source/WebCore/dom/Document.cpp	2011-09-14 00:29:11 UTC (rev 95059)
@@ -574,6 +574,10 @@
             (*m_userSheets)[i]->clearOwnerNode();
     }
 
+#if ENABLE(FULLSCREEN_API)
+    m_fullScreenChangeEventTargetQueue.clear();
+#endif
+
     deleteRetiredCustomFonts();
 
     m_weakReference->clear();

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes