[webkit-changes] [91589] branches/safari-534.51-branch

Fri, 22 Jul 2011 12:23:50 -0700

Title: [91589] branches/safari-534.51-branch

Diff

Modified: branches/safari-534.51-branch/LayoutTests/ChangeLog (91588 => 91589)


--- branches/safari-534.51-branch/LayoutTests/ChangeLog	2011-07-22 19:21:09 UTC (rev 91588)
+++ branches/safari-534.51-branch/LayoutTests/ChangeLog	2011-07-22 19:23:43 UTC (rev 91589)
@@ -1,5 +1,23 @@
 2011-07-22  Lucas Forschler  <lforsch...@apple.com>
 
+    Merged 90914.
+
+    2011-07-13  John Knottenbelt  <jknot...@chromium.org>
+
+        Reference Geolocation object from GeoNotifier and Geolocation::setIsAllowed.
+        https://bugs.webkit.org/show_bug.cgi?id=64363
+
+        Reviewed by Tony Gentilcore.
+
+        * fast/dom/Geolocation/remove-remote-context-in-error-callback-crash.html: Added.
+        * fast/dom/Geolocation/resources/remove-remote-context-in-error-callback-crash-inner.html: Added.
+        * fast/dom/Geolocation/script-tests/remove-remote-context-in-error-callback-crash.js: Added.
+        * fast/dom/Geolocation/remove-remote-context-in-error-callback-crash-expected.txt: Added.
+        (gc):
+        (onIframeReady):
+
+2011-07-22  Lucas Forschler  <lforsch...@apple.com>
+
     Merged 90573.
 
     2011-07-07  Dan Bernstein  <m...@apple.com>

Copied: branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash-expected.txt (from rev 90914, trunk/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash-expected.txt) (0 => 91589)


--- branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash-expected.txt	                        (rev 0)
+++ branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash-expected.txt	2011-07-22 19:23:43 UTC (rev 91589)
@@ -0,0 +1,10 @@
+Tests that we do not crash when a Geolocation request is made from a remote frame, which is then removed from the DOM in the error callback.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS Error callback invoked.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Copied: branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash.html (from rev 90914, trunk/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash.html) (0 => 91589)


--- branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash.html	                        (rev 0)
+++ branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/remove-remote-context-in-error-callback-crash.html	2011-07-22 19:23:43 UTC (rev 91589)
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href=""
+<script src=""
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script src=""
+<script src=""
+</body>
+</html>

Copied: branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/resources/remove-remote-context-in-error-callback-crash-inner.html (from rev 90914, trunk/LayoutTests/fast/dom/Geolocation/resources/remove-remote-context-in-error-callback-crash-inner.html) (0 => 91589)


--- branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/resources/remove-remote-context-in-error-callback-crash-inner.html	                        (rev 0)
+++ branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/resources/remove-remote-context-in-error-callback-crash-inner.html	2011-07-22 19:23:43 UTC (rev 91589)
@@ -0,0 +1,14 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+  <head>
+    <script>
+      function init() {
+          if (window.layoutTestController)
+              layoutTestController.setGeolocationPermission(false);
+          window.parent.onIframeReady()
+      }
+    </script>
+  </head>
+  <body _onload_="init()">
+  </body>
+</html>

Copied: branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/script-tests/remove-remote-context-in-error-callback-crash.js (from rev 90914, trunk/LayoutTests/fast/dom/Geolocation/script-tests/remove-remote-context-in-error-callback-crash.js) (0 => 91589)


--- branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/script-tests/remove-remote-context-in-error-callback-crash.js	                        (rev 0)
+++ branches/safari-534.51-branch/LayoutTests/fast/dom/Geolocation/script-tests/remove-remote-context-in-error-callback-crash.js	2011-07-22 19:23:43 UTC (rev 91589)
@@ -0,0 +1,31 @@
+description("Tests that we do not crash when a Geolocation request is made from a remote frame, which is then removed from the DOM in the error callback.");
+
+function gc() {
+    if (window.GCController) {
+        GCController.collect();
+        return;
+    }
+
+    for (var i = 0; i < 10000; i++)
+        new String(i);
+}
+
+function onIframeReady() {
+    // Make request from remote frame
+    iframe.contentWindow.navigator.geolocation.getCurrentPosition(function() {
+        testFailed('Success callback invoked unexpectedly');
+        finishJSTest();
+    }, function() {
+        testPassed('Error callback invoked.');
+        document.body.removeChild(iframe);
+        gc();
+        finishJSTest();
+    });
+}
+
+var iframe = document.createElement('iframe');
+iframe.src = '';
+document.body.appendChild(iframe);
+
+window.jsTestIsAsync = true;
+window.successfullyParsed = true;

Modified: branches/safari-534.51-branch/Source/WebCore/ChangeLog (91588 => 91589)


--- branches/safari-534.51-branch/Source/WebCore/ChangeLog	2011-07-22 19:21:09 UTC (rev 91588)
+++ branches/safari-534.51-branch/Source/WebCore/ChangeLog	2011-07-22 19:23:43 UTC (rev 91589)
@@ -1,5 +1,22 @@
 2011-07-22  Lucas Forschler  <lforsch...@apple.com>
 
+    Merged 90914.
+
+    2011-07-13  John Knottenbelt  <jknot...@chromium.org>
+
+        Reference Geolocation object from GeoNotifier and Geolocation::setIsAllowed.
+        https://bugs.webkit.org/show_bug.cgi?id=64363
+
+        Reviewed by Tony Gentilcore.
+
+        Test: fast/dom/Geolocation/remove-remote-context-in-error-callback-crash.html
+
+        * page/Geolocation.cpp:
+        (WebCore::Geolocation::setIsAllowed):
+        * page/Geolocation.h:
+
+2011-07-22  Lucas Forschler  <lforsch...@apple.com>
+
     Merged 90797.
 
     2011-07-11  Jer Noble  <jer.no...@apple.com>

Modified: branches/safari-534.51-branch/Source/WebCore/page/Geolocation.cpp (91588 => 91589)


--- branches/safari-534.51-branch/Source/WebCore/page/Geolocation.cpp	2011-07-22 19:21:09 UTC (rev 91588)
+++ branches/safari-534.51-branch/Source/WebCore/page/Geolocation.cpp	2011-07-22 19:23:43 UTC (rev 91589)
@@ -442,6 +442,9 @@
 
 void Geolocation::setIsAllowed(bool allowed)
 {
+    // Protect the Geolocation object from garbage collection during a callback.
+    RefPtr<Geolocation> protect(this);
+
     // This may be due to either a new position from the service, or a cached
     // position.
     m_allowGeolocation = allowed ? Yes : No;

Modified: branches/safari-534.51-branch/Source/WebCore/page/Geolocation.h (91588 => 91589)


--- branches/safari-534.51-branch/Source/WebCore/page/Geolocation.h	2011-07-22 19:21:09 UTC (rev 91588)
+++ branches/safari-534.51-branch/Source/WebCore/page/Geolocation.h	2011-07-22 19:23:43 UTC (rev 91589)
@@ -100,7 +100,7 @@
         void startTimerIfNeeded();
         void timerFired(Timer<GeoNotifier>*);
         
-        Geolocation* m_geolocation;
+        RefPtr<Geolocation> m_geolocation;
         RefPtr<PositionCallback> m_successCallback;
         RefPtr<PositionErrorCallback> m_errorCallback;
         RefPtr<PositionOptions> m_options;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to