Title: [113229] trunk
- Revision
- 113229
- Author
- jp...@apple.com
- Date
- 2012-04-04 13:06:35 -0700 (Wed, 04 Apr 2012)
Log Message
Source/WebCore: Move pending sheet removal from ~HTMLLinkElement to removal from document.
https://bugs.webkit.org/show_bug.cgi?id=69184
Reviewed by Adam Barth.
Test: fast/html/pending-stylesheet-crash.html
* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::~HTMLLinkElement):
(WebCore::HTMLLinkElement::removedFromDocument):
LayoutTests: Move pending sheet removal from ~HTMLLinkElement to removal from document.
https://bugs.webkit.org/show_bug.cgi?id=69184
Reviewed by Adam Barth.
* fast/html/pending-stylesheet-crash-expected.txt: Added.
* fast/html/pending-stylesheet-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (113228 => 113229)
--- trunk/LayoutTests/ChangeLog 2012-04-04 19:50:00 UTC (rev 113228)
+++ trunk/LayoutTests/ChangeLog 2012-04-04 20:06:35 UTC (rev 113229)
@@ -1,3 +1,13 @@
+2012-04-04 Jeffrey Pfau <jp...@apple.com>
+
+ Move pending sheet removal from ~HTMLLinkElement to removal from document.
+ https://bugs.webkit.org/show_bug.cgi?id=69184
+
+ Reviewed by Adam Barth.
+
+ * fast/html/pending-stylesheet-crash-expected.txt: Added.
+ * fast/html/pending-stylesheet-crash.html: Added.
+
2012-04-04 Jon Lee <jon...@apple.com>
Unskip Mac filter pixel tests which changed because of color space adjustment
Added: trunk/LayoutTests/fast/html/pending-stylesheet-crash-expected.txt (0 => 113229)
--- trunk/LayoutTests/fast/html/pending-stylesheet-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/html/pending-stylesheet-crash-expected.txt 2012-04-04 20:06:35 UTC (rev 113229)
@@ -0,0 +1 @@
+This test passes if it doesn't crash
Added: trunk/LayoutTests/fast/html/pending-stylesheet-crash.html (0 => 113229)
--- trunk/LayoutTests/fast/html/pending-stylesheet-crash.html (rev 0)
+++ trunk/LayoutTests/fast/html/pending-stylesheet-crash.html 2012-04-04 20:06:35 UTC (rev 113229)
@@ -0,0 +1,33 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head id="h">
+</head>
+<body>
+<script>
+if (window.layoutTestController)
+ window.layoutTestController.dumpAsText();
+
+var link = document.createElement('link');
+link.setAttribute('type', 'text/css');
+link.setAttribute('rel', 'stylesheet');
+link.setAttribute('href', 'really-does-not-exist.css');
+document.getElementById('h').appendChild(link);
+link.parentNode.removeChild(link);
+link = null;
+</script>
+<script>
+function gc() {
+ if (window.GCController)
+ GCController.collect();
+ else {
+ // Allocate a sufficient number of objects to force a GC.
+ for (var i = 0; i < 10000; i++)
+ new Object;
+ }
+}
+
+gc();
+</script>
+<p>This test passes if it doesn't crash</p>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (113228 => 113229)
--- trunk/Source/WebCore/ChangeLog 2012-04-04 19:50:00 UTC (rev 113228)
+++ trunk/Source/WebCore/ChangeLog 2012-04-04 20:06:35 UTC (rev 113229)
@@ -1,3 +1,16 @@
+2012-04-04 Jeffrey Pfau <jp...@apple.com>
+
+ Move pending sheet removal from ~HTMLLinkElement to removal from document.
+ https://bugs.webkit.org/show_bug.cgi?id=69184
+
+ Reviewed by Adam Barth.
+
+ Test: fast/html/pending-stylesheet-crash.html
+
+ * html/HTMLLinkElement.cpp:
+ (WebCore::HTMLLinkElement::~HTMLLinkElement):
+ (WebCore::HTMLLinkElement::removedFromDocument):
+
2012-04-04 Mark Pilgrim <pilg...@chromium.org>
Call histogramCustomCounts directly
Modified: trunk/Source/WebCore/html/HTMLLinkElement.cpp (113228 => 113229)
--- trunk/Source/WebCore/html/HTMLLinkElement.cpp 2012-04-04 19:50:00 UTC (rev 113228)
+++ trunk/Source/WebCore/html/HTMLLinkElement.cpp 2012-04-04 20:06:35 UTC (rev 113229)
@@ -82,10 +82,8 @@
if (m_sheet)
m_sheet->clearOwnerNode();
- if (m_cachedSheet) {
+ if (m_cachedSheet)
m_cachedSheet->removeClient(this);
- removePendingSheet();
- }
if (inDocument())
document()->removeStyleSheetCandidateNode(this);
@@ -266,6 +264,9 @@
m_sheet = 0;
}
+ if (styleSheetIsLoading())
+ removePendingSheet();
+
if (document()->renderer())
document()->styleSelectorChanged(DeferRecalcStyle);
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
