Title: [171563] branches/safari-600.1-branch/Source/WebCore
- Revision
- 171563
- Author
- lforsch...@apple.com
- Date
- 2014-07-24 17:57:39 -0700 (Thu, 24 Jul 2014)
Log Message
Merged r171505. <rdar://problem/17713033>
Modified Paths
Diff
Modified: branches/safari-600.1-branch/Source/WebCore/ChangeLog (171562 => 171563)
--- branches/safari-600.1-branch/Source/WebCore/ChangeLog 2014-07-25 00:53:50 UTC (rev 171562)
+++ branches/safari-600.1-branch/Source/WebCore/ChangeLog 2014-07-25 00:57:39 UTC (rev 171563)
@@ -1,5 +1,33 @@
2014-07-24 Lucas Forschler <lforsch...@apple.com>
+ Merge r171505
+
+ 2014-07-23 Joseph Pecoraro <pecor...@apple.com>
+
+ ScriptController::updateDocument ASSERT mutating map while iterating map
+ https://bugs.webkit.org/show_bug.cgi?id=135211
+
+ Reviewed by Oliver Hunt.
+
+ Avoid iterating over m_windowShells in more places. This prevents
+ the possibility of a collection during JSC allocation which might
+ cause a mutation to m_windowShells (HTMLMediaElement destruction).
+
+ Have ScriptController defriend ScriptCachedFrameData by providing
+ a getter for the list of window shells.
+
+ * bindings/js/ScriptCachedFrameData.cpp:
+ (WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
+ (WebCore::ScriptCachedFrameData::restore):
+ * bindings/js/ScriptController.cpp:
+ (WebCore::ScriptController::windowShells):
+ (WebCore::ScriptController::clearWindowShell):
+ (WebCore::ScriptController::attachDebugger):
+ (WebCore::ScriptController::updateDocument):
+ * bindings/js/ScriptController.h:
+
+2014-07-24 Lucas Forschler <lforsch...@apple.com>
+
Merge r171554
2014-07-24 Dan Bernstein <m...@apple.com>
Modified: branches/safari-600.1-branch/Source/WebCore/bindings/js/ScriptCachedFrameData.cpp (171562 => 171563)
--- branches/safari-600.1-branch/Source/WebCore/bindings/js/ScriptCachedFrameData.cpp 2014-07-25 00:53:50 UTC (rev 171562)
+++ branches/safari-600.1-branch/Source/WebCore/bindings/js/ScriptCachedFrameData.cpp 2014-07-25 00:57:39 UTC (rev 171563)
@@ -51,12 +51,12 @@
JSLockHolder lock(JSDOMWindowBase::commonVM());
ScriptController& scriptController = frame.script();
- ScriptController::ShellMap& windowShells = scriptController.m_windowShells;
+ Vector<JSC::Strong<JSDOMWindowShell>> windowShells = scriptController.windowShells();
- ScriptController::ShellMap::iterator windowShellsEnd = windowShells.end();
- for (ScriptController::ShellMap::iterator iter = windowShells.begin(); iter != windowShellsEnd; ++iter) {
- JSDOMWindow* window = iter->value->window();
- m_windows.add(iter->key.get(), Strong<JSDOMWindow>(window->vm(), window));
+ for (size_t i = 0; i < windowShells.size(); ++i) {
+ JSDOMWindowShell* windowShell = windowShells[i].get();
+ JSDOMWindow* window = windowShell->window();
+ m_windows.add(&windowShell->world(), Strong<JSDOMWindow>(window->vm(), window));
window->setConsoleClient(nullptr);
}
@@ -74,11 +74,11 @@
Page* page = frame.page();
ScriptController& scriptController = frame.script();
- ScriptController::ShellMap& windowShells = scriptController.m_windowShells;
+ Vector<JSC::Strong<JSDOMWindowShell>> windowShells = scriptController.windowShells();
- for (auto it = windowShells.begin(), end = windowShells.end(); it != end; ++it) {
- DOMWrapperWorld* world = it->key.get();
- JSDOMWindowShell* windowShell = it->value.get();
+ for (size_t i = 0; i < windowShells.size(); ++i) {
+ JSDOMWindowShell* windowShell = windowShells[i].get();
+ DOMWrapperWorld* world = &windowShell->world();
if (JSDOMWindow* window = m_windows.get(world).get())
windowShell->setWindow(window->vm(), window);
Modified: branches/safari-600.1-branch/Source/WebCore/bindings/js/ScriptController.cpp (171562 => 171563)
--- branches/safari-600.1-branch/Source/WebCore/bindings/js/ScriptController.cpp 2014-07-25 00:53:50 UTC (rev 171562)
+++ branches/safari-600.1-branch/Source/WebCore/bindings/js/ScriptController.cpp 2014-07-25 00:57:39 UTC (rev 171563)
@@ -170,6 +170,13 @@
return DOMWrapperWorld::create(JSDOMWindow::commonVM());
}
+Vector<JSC::Strong<JSDOMWindowShell>> ScriptController::windowShells()
+{
+ Vector<JSC::Strong<JSDOMWindowShell>> windowShells;
+ copyValuesToVector(m_windowShells, windowShells);
+ return windowShells;
+}
+
void ScriptController::getAllWorlds(Vector<Ref<DOMWrapperWorld>>& worlds)
{
static_cast<WebCoreJSClientData*>(JSDOMWindow::commonVM().clientData)->getAllWorlds(worlds);
@@ -182,9 +189,7 @@
JSLockHolder lock(JSDOMWindowBase::commonVM());
- Vector<JSC::Strong<JSDOMWindowShell>> windowShells;
- copyValuesToVector(m_windowShells, windowShells);
-
+ Vector<JSC::Strong<JSDOMWindowShell>> windowShells = this->windowShells();
for (size_t i = 0; i < windowShells.size(); ++i) {
JSDOMWindowShell* windowShell = windowShells[i].get();
@@ -288,8 +293,9 @@
void ScriptController::attachDebugger(JSC::Debugger* debugger)
{
- for (ShellMap::iterator iter = m_windowShells.begin(); iter != m_windowShells.end(); ++iter)
- attachDebugger(iter->value.get(), debugger);
+ Vector<JSC::Strong<JSDOMWindowShell>> windowShells = this->windowShells();
+ for (size_t i = 0; i < windowShells.size(); ++i)
+ attachDebugger(windowShells[i].get(), debugger);
}
void ScriptController::attachDebugger(JSDOMWindowShell* shell, JSC::Debugger* debugger)
@@ -306,9 +312,11 @@
void ScriptController::updateDocument()
{
- for (ShellMap::iterator iter = m_windowShells.begin(); iter != m_windowShells.end(); ++iter) {
- JSLockHolder lock(iter->key->vm());
- iter->value->window()->updateDocument();
+ Vector<JSC::Strong<JSDOMWindowShell>> windowShells = this->windowShells();
+ for (size_t i = 0; i < windowShells.size(); ++i) {
+ JSDOMWindowShell* windowShell = windowShells[i].get();
+ JSLockHolder lock(windowShell->world().vm());
+ windowShell->window()->updateDocument();
}
}
Modified: branches/safari-600.1-branch/Source/WebCore/bindings/js/ScriptController.h (171562 => 171563)
--- branches/safari-600.1-branch/Source/WebCore/bindings/js/ScriptController.h 2014-07-25 00:53:50 UTC (rev 171562)
+++ branches/safari-600.1-branch/Source/WebCore/bindings/js/ScriptController.h 2014-07-25 00:57:39 UTC (rev 171563)
@@ -71,7 +71,6 @@
class ScriptController {
WTF_MAKE_FAST_ALLOCATED;
- friend class ScriptCachedFrameData;
typedef HashMap<RefPtr<DOMWrapperWorld>, JSC::Strong<JSDOMWindowShell>> ShellMap;
public:
@@ -83,6 +82,8 @@
JSDOMWindowShell* createWindowShell(DOMWrapperWorld&);
void destroyWindowShell(DOMWrapperWorld&);
+ Vector<JSC::Strong<JSDOMWindowShell>> windowShells();
+
JSDOMWindowShell* windowShell(DOMWrapperWorld& world)
{
ShellMap::iterator iter = m_windowShells.find(&world);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
