[webkit-changes] [101939] trunk

Sat, 03 Dec 2011 17:01:45 -0800

Title: [101939] trunk
Revision
101939
Author
m...@apple.com
Date
2011-12-03 17:01:36 -0800 (Sat, 03 Dec 2011)

Log Message

Source/WebKit/mac: <rdar://problem/10523721> Crash at WebCore::SubresourceLoader::releaseResources
Reviewed by Darin Adler.

* WebView/WebView.mm:
(-[WebView _removeObjectForIdentifier:]): Changed the CFRelease(self) into
a WebCFAutorelease(self). This prevents re-entry into this method due to
the WebView closing and canceling all subresource loads, including the
one we have just removed.

Tools: Added a test for <rdar://problem/10523721> Crash at WebCore::SubresourceLoader::releaseResources

Reviewed by Darin Adler.

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/mac/SubresourceErrorCrash.mm: Added.
(TestWebKitAPI::TEST):

Modified Paths

Added Paths

Diff

Modified: trunk/Source/WebKit/mac/ChangeLog (101938 => 101939)


--- trunk/Source/WebKit/mac/ChangeLog	2011-12-03 23:55:10 UTC (rev 101938)
+++ trunk/Source/WebKit/mac/ChangeLog	2011-12-04 01:01:36 UTC (rev 101939)
@@ -1,3 +1,14 @@
+2011-12-03  Dan Bernstein  <m...@apple.com>
+
+        <rdar://problem/10523721> Crash at WebCore::SubresourceLoader::releaseResources
+        Reviewed by Darin Adler.
+
+        * WebView/WebView.mm:
+        (-[WebView _removeObjectForIdentifier:]): Changed the CFRelease(self) into
+        a WebCFAutorelease(self). This prevents re-entry into this method due to
+        the WebView closing and canceling all subresource loads, including the
+        one we have just removed.
+
 2011-12-02  David Levin  <le...@chromium.org>
 
         Rename WTF class from TemporarilyChange to TemporaryChange.

Modified: trunk/Source/WebKit/mac/WebView/WebView.mm (101938 => 101939)


--- trunk/Source/WebKit/mac/WebView/WebView.mm	2011-12-03 23:55:10 UTC (rev 101938)
+++ trunk/Source/WebKit/mac/WebView/WebView.mm	2011-12-04 01:01:36 UTC (rev 101939)
@@ -6062,9 +6062,10 @@
     _private->identifierMap.remove(identifier);
     
     // If the identifier map is now empty it means we're no longer loading anything
-    // and we should release the web view.
+    // and we should release the web view. Autorelease rather than release in order to
+    // avoid re-entering this method beneath -dealloc with the same identifier. <rdar://problem/10523721>
     if (_private->identifierMap.isEmpty())
-        CFRelease(self);
+        WebCFAutorelease(self);
 }
 
 - (void)_retrieveKeyboardUIModeFromPreferences:(NSNotification *)notification

Modified: trunk/Tools/ChangeLog (101938 => 101939)


--- trunk/Tools/ChangeLog	2011-12-03 23:55:10 UTC (rev 101938)
+++ trunk/Tools/ChangeLog	2011-12-04 01:01:36 UTC (rev 101939)
@@ -1,3 +1,13 @@
+2011-12-03  Dan Bernstein  <m...@apple.com>
+
+        Added a test for <rdar://problem/10523721> Crash at WebCore::SubresourceLoader::releaseResources
+
+        Reviewed by Darin Adler.
+
+        * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+        * TestWebKitAPI/Tests/mac/SubresourceErrorCrash.mm: Added.
+        (TestWebKitAPI::TEST):
+
 2011-12-03  Philippe Normand  <pnorm...@igalia.com>
 
         Another GTK build fix after r101922.

Modified: trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (101938 => 101939)


--- trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj	2011-12-03 23:55:10 UTC (rev 101938)
+++ trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj	2011-12-04 01:01:36 UTC (rev 101939)
@@ -27,6 +27,7 @@
 		37200B9213A16230007A4FAD /* VectorReverse.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 37200B9113A16230007A4FAD /* VectorReverse.cpp */; };
 		3722C8691461E03E00C45D00 /* RenderedImageFromDOMRange.mm in Sources */ = {isa = PBXBuildFile; fileRef = 3722C8681461E03E00C45D00 /* RenderedImageFromDOMRange.mm */; };
 		3799AD3A14120A43005EB0C6 /* StringByEvaluatingJavaScriptFromString.mm in Sources */ = {isa = PBXBuildFile; fileRef = 3799AD3914120A43005EB0C6 /* StringByEvaluatingJavaScriptFromString.mm */; };
+		37A6895F148A9B50005100FA /* SubresourceErrorCrash.mm in Sources */ = {isa = PBXBuildFile; fileRef = 37A6895D148A9B50005100FA /* SubresourceErrorCrash.mm */; };
 		37DC678D140D7C5000ABCCDB /* DOMRangeOfString.mm in Sources */ = {isa = PBXBuildFile; fileRef = 37DC678B140D7C5000ABCCDB /* DOMRangeOfString.mm */; };
 		37DC6791140D7D7600ABCCDB /* DOMRangeOfString.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 37DC678F140D7D3A00ABCCDB /* DOMRangeOfString.html */; };
 		4BFDFFA71314776C0061F24B /* HitTestResultNodeHandle_Bundle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4BFDFFA61314776C0061F24B /* HitTestResultNodeHandle_Bundle.cpp */; };
@@ -165,6 +166,7 @@
 		37200B9113A16230007A4FAD /* VectorReverse.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = VectorReverse.cpp; path = WTF/VectorReverse.cpp; sourceTree = "<group>"; };
 		3722C8681461E03E00C45D00 /* RenderedImageFromDOMRange.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = RenderedImageFromDOMRange.mm; sourceTree = "<group>"; };
 		3799AD3914120A43005EB0C6 /* StringByEvaluatingJavaScriptFromString.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = StringByEvaluatingJavaScriptFromString.mm; sourceTree = "<group>"; };
+		37A6895D148A9B50005100FA /* SubresourceErrorCrash.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = SubresourceErrorCrash.mm; sourceTree = "<group>"; };
 		37DC678B140D7C5000ABCCDB /* DOMRangeOfString.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = DOMRangeOfString.mm; sourceTree = "<group>"; };
 		37DC678F140D7D3A00ABCCDB /* DOMRangeOfString.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = DOMRangeOfString.html; sourceTree = "<group>"; };
 		4BFDFFA61314776C0061F24B /* HitTestResultNodeHandle_Bundle.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HitTestResultNodeHandle_Bundle.cpp; sourceTree = "<group>"; };
@@ -482,6 +484,7 @@
 				939BA91614103412001A01BD /* DeviceScaleFactorOnBack.mm */,
 				3722C8681461E03E00C45D00 /* RenderedImageFromDOMRange.mm */,
 				3799AD3914120A43005EB0C6 /* StringByEvaluatingJavaScriptFromString.mm */,
+				37A6895D148A9B50005100FA /* SubresourceErrorCrash.mm */,
 			);
 			path = mac;
 			sourceTree = "<group>";
@@ -664,6 +667,7 @@
 				C0C5D3BE14598B6F00A802A6 /* GetBackingScaleFactor.mm in Sources */,
 				3722C8691461E03E00C45D00 /* RenderedImageFromDOMRange.mm in Sources */,
 				0BCD856A1485C98B00EA2003 /* TemporaryChange.cpp in Sources */,
+				37A6895F148A9B50005100FA /* SubresourceErrorCrash.mm in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};

Added: trunk/Tools/TestWebKitAPI/Tests/mac/SubresourceErrorCrash.mm (0 => 101939)


--- trunk/Tools/TestWebKitAPI/Tests/mac/SubresourceErrorCrash.mm	                        (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/mac/SubresourceErrorCrash.mm	2011-12-04 01:01:36 UTC (rev 101939)
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2011 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+namespace TestWebKitAPI {
+
+TEST(WebKit1, SubresourceErrorCrash)
+{
+    WebView *webView = [[WebView alloc] initWithFrame:NSZeroRect frameName:@"" groupName:@""];
+    [webView.mainFrame loadHTMLString:@"<link rel=stylesheet href=''>" baseURL:nil];
+    [webView release];
+}
+
+} // namespace TestWebKitAPI

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to