Title: [94112] trunk
- Revision
- 94112
- Author
- [email protected]
- Date
- 2011-08-30 14:31:57 -0700 (Tue, 30 Aug 2011)
Log Message
Flaky crash with _javascript_ URLs
https://bugs.webkit.org/show_bug.cgi?id=66360
Reviewed by Nate Chapin.
Source/WebCore:
This patch teaches DocumentWriter::begin to make a copy of the URL
before beginning a new document to avoid a crash.
Test: fast/loader/_javascript_-url-iframe-crash.html
* loader/DocumentWriter.cpp:
(WebCore::DocumentWriter::begin):
LayoutTests:
* fast/loader/_javascript_-url-iframe-crash-expected.txt: Added.
* fast/loader/_javascript_-url-iframe-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (94111 => 94112)
--- trunk/LayoutTests/ChangeLog 2011-08-30 21:27:03 UTC (rev 94111)
+++ trunk/LayoutTests/ChangeLog 2011-08-30 21:31:57 UTC (rev 94112)
@@ -1,3 +1,13 @@
+2011-08-30 Adam Barth <[email protected]>
+
+ Flaky crash with _javascript_ URLs
+ https://bugs.webkit.org/show_bug.cgi?id=66360
+
+ Reviewed by Nate Chapin.
+
+ * fast/loader/_javascript_-url-iframe-crash-expected.txt: Added.
+ * fast/loader/_javascript_-url-iframe-crash.html: Added.
+
2011-08-30 Tony Gentilcore <[email protected]>
PreloadScanner shouldn't load images inside noscript via doc.write
Added: trunk/LayoutTests/fast/loader/_javascript_-url-iframe-crash-expected.txt (0 => 94112)
--- trunk/LayoutTests/fast/loader/_javascript_-url-iframe-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/loader/_javascript_-url-iframe-crash-expected.txt 2011-08-30 21:31:57 UTC (rev 94112)
@@ -0,0 +1,7 @@
+
+
+
+
+
+This test passes if it doesn't crash.
+
Added: trunk/LayoutTests/fast/loader/_javascript_-url-iframe-crash.html (0 => 94112)
--- trunk/LayoutTests/fast/loader/_javascript_-url-iframe-crash.html (rev 0)
+++ trunk/LayoutTests/fast/loader/_javascript_-url-iframe-crash.html 2011-08-30 21:31:57 UTC (rev 94112)
@@ -0,0 +1,9 @@
+<iframe src=""
+<a><summary><pre><pre><pre><pre><pre><iframe src=""
+
+<a>
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+</script>
+This test passes if it doesn't crash.
Modified: trunk/Source/WebCore/ChangeLog (94111 => 94112)
--- trunk/Source/WebCore/ChangeLog 2011-08-30 21:27:03 UTC (rev 94111)
+++ trunk/Source/WebCore/ChangeLog 2011-08-30 21:31:57 UTC (rev 94112)
@@ -1,3 +1,18 @@
+2011-08-30 Adam Barth <[email protected]>
+
+ Flaky crash with _javascript_ URLs
+ https://bugs.webkit.org/show_bug.cgi?id=66360
+
+ Reviewed by Nate Chapin.
+
+ This patch teaches DocumentWriter::begin to make a copy of the URL
+ before beginning a new document to avoid a crash.
+
+ Test: fast/loader/_javascript_-url-iframe-crash.html
+
+ * loader/DocumentWriter.cpp:
+ (WebCore::DocumentWriter::begin):
+
2011-08-30 Tony Gentilcore <[email protected]>
PreloadScanner shouldn't load images inside noscript via doc.write
Modified: trunk/Source/WebCore/loader/DocumentWriter.cpp (94111 => 94112)
--- trunk/Source/WebCore/loader/DocumentWriter.cpp 2011-08-30 21:27:03 UTC (rev 94111)
+++ trunk/Source/WebCore/loader/DocumentWriter.cpp 2011-08-30 21:31:57 UTC (rev 94112)
@@ -106,12 +106,17 @@
return DOMImplementation::createDocument(m_mimeType, m_frame, url, m_frame->inViewSourceMode());
}
-void DocumentWriter::begin(const KURL& url, bool dispatch, SecurityOrigin* origin)
+void DocumentWriter::begin(const KURL& urlReference, bool dispatch, SecurityOrigin* origin)
{
// We need to take a reference to the security origin because |clear|
// might destroy the document that owns it.
RefPtr<SecurityOrigin> forcedSecurityOrigin = origin;
+ // We grab a local copy of the URL because it's easy for callers to supply
+ // a URL that will be deallocated during the execution of this function.
+ // For example, see <https://bugs.webkit.org/show_bug.cgi?id=66360>.
+ KURL url = ""
+
// Create a new document before clearing the frame, because it may need to
// inherit an aliased security context.
RefPtr<Document> document = createDocument(url);
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
