Title: [135740] trunk
- Revision
- 135740
- Author
- infe...@chromium.org
- Date
- 2012-11-26 10:58:27 -0800 (Mon, 26 Nov 2012)
Log Message
Crash in Frame::dispatchVisibilityStateChangeEvent.
https://bugs.webkit.org/show_bug.cgi?id=102053
Reviewed by Adam Barth.
Source/WebCore:
Child frame can go away inside webkitvisibilitychange
event handler. Store it in a ref counted vector.
Test: fast/frames/page-visibility-crash.html
* page/Frame.cpp:
(WebCore::Frame::dispatchVisibilityStateChangeEvent):
LayoutTests:
* fast/frames/page-visibility-crash-expected.txt: Added.
* fast/frames/page-visibility-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (135739 => 135740)
--- trunk/LayoutTests/ChangeLog 2012-11-26 18:56:22 UTC (rev 135739)
+++ trunk/LayoutTests/ChangeLog 2012-11-26 18:58:27 UTC (rev 135740)
@@ -1,3 +1,13 @@
+2012-11-26 Abhishek Arya <infe...@chromium.org>
+
+ Crash in Frame::dispatchVisibilityStateChangeEvent.
+ https://bugs.webkit.org/show_bug.cgi?id=102053
+
+ Reviewed by Adam Barth.
+
+ * fast/frames/page-visibility-crash-expected.txt: Added.
+ * fast/frames/page-visibility-crash.html: Added.
+
2012-11-26 Thiago Marcos P. Santos <thiago.san...@intel.com>
Import more CSS Device Adaptation layout tests
Added: trunk/LayoutTests/fast/frames/page-visibility-crash-expected.txt (0 => 135740)
--- trunk/LayoutTests/fast/frames/page-visibility-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/frames/page-visibility-crash-expected.txt 2012-11-26 18:58:27 UTC (rev 135740)
@@ -0,0 +1 @@
+PASS. WebKit didn't crash
Added: trunk/LayoutTests/fast/frames/page-visibility-crash.html (0 => 135740)
--- trunk/LayoutTests/fast/frames/page-visibility-crash.html (rev 0)
+++ trunk/LayoutTests/fast/frames/page-visibility-crash.html 2012-11-26 18:58:27 UTC (rev 135740)
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+if (window.testRunner) {
+ window.testRunner.dumpAsText();
+ window.testRunner.waitUntilDone();
+}
+
+function finish() {
+ if (window.testRunner)
+ testRunner.resetPageVisibility();
+
+ document.open();
+ document.write("PASS. WebKit didn't crash");
+ document.close();
+
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+function crash()
+{
+ document.body.removeChild(document.getElementById("f"));
+ setTimeout("finish()", 0);
+}
+
+frame = document.createElement("iframe");
+frame.id = "f";
+document.body.appendChild(frame);
+scriptElement = frame.contentDocument.createElement("script");
+frame.contentDocument.body.appendChild(scriptElement);
+scriptElement.innerText = "function handleVisibilityChange() \
+ { \
+ parent.crash(); \
+ } \
+ document.addEventListener('webkitvisibilitychange', handleVisibilityChange, false);";
+
+if (window.testRunner)
+ testRunner.setPageVisibility("hidden");
+
+// Many platforms don't support the page visibility api. For those, just bail out.
+setTimeout("finish()", 10);
+</script>
+</body>
+</html>
Property changes on: trunk/LayoutTests/fast/frames/page-visibility-crash.html
___________________________________________________________________
Added: svn:executable
Modified: trunk/Source/WebCore/ChangeLog (135739 => 135740)
--- trunk/Source/WebCore/ChangeLog 2012-11-26 18:56:22 UTC (rev 135739)
+++ trunk/Source/WebCore/ChangeLog 2012-11-26 18:58:27 UTC (rev 135740)
@@ -1,3 +1,18 @@
+2012-11-26 Abhishek Arya <infe...@chromium.org>
+
+ Crash in Frame::dispatchVisibilityStateChangeEvent.
+ https://bugs.webkit.org/show_bug.cgi?id=102053
+
+ Reviewed by Adam Barth.
+
+ Child frame can go away inside webkitvisibilitychange
+ event handler. Store it in a ref counted vector.
+
+ Test: fast/frames/page-visibility-crash.html
+
+ * page/Frame.cpp:
+ (WebCore::Frame::dispatchVisibilityStateChangeEvent):
+
2012-11-26 Hurnjoo Lee <hurnjoo....@samsung.com>
[Cairo] fillRectWithColor with Color::transparent doesn't perform anything
Modified: trunk/Source/WebCore/page/Frame.cpp (135739 => 135740)
--- trunk/Source/WebCore/page/Frame.cpp 2012-11-26 18:56:22 UTC (rev 135739)
+++ trunk/Source/WebCore/page/Frame.cpp 2012-11-26 18:58:27 UTC (rev 135740)
@@ -657,8 +657,13 @@
{
if (m_doc)
m_doc->dispatchVisibilityStateChangeEvent();
+
+ Vector<RefPtr<Frame> > childFrames;
for (Frame* child = tree()->firstChild(); child; child = child->tree()->nextSibling())
- child->dispatchVisibilityStateChangeEvent();
+ childFrames.append(child);
+
+ for (size_t i = 0; i < childFrames.size(); ++i)
+ childFrames[i]->dispatchVisibilityStateChangeEvent();
}
#endif
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes