[webkit-changes] [94313] trunk/Source/WebKit2

[commit-queue]

Title: [94313] trunk/Source/WebKit2

Revision

94313

Author

commit-qu...@webkit.org

Date

2011-09-01 10:56:19 -0700 (Thu, 01 Sep 2011)

Log Message

[Qt] TouchWebView crashes with segmentation fault
https://bugs.webkit.org/show_bug.cgi?id=67308

Patch by Gopal Raghavan <gopal.1.ragha...@nokia.com> on 2011-09-01
Reviewed by Benjamin Poulain.

If you instantiate TouchWebView element with height and width in a qml file and
load a url it crashes.
The functions setWidth() and setHeight() are called sequentially therefore it can happen
that computeViewportAttributes was called with a size like (width, 0) breaking the
assumption of the function that the size is valid. The patch makes sure we compute the
viewport when both height and width are valid.

* UIProcess/API/qt/qtouchwebview.cpp:
(QTouchWebViewPrivate::updateViewportConstraints):
* UIProcess/API/qt/tests/qmltests/TouchWebView/tst_load.qml: Added.
* UIProcess/API/qt/tests/qmltests/TouchWebView/tst_loadNegativeSizeView.qml: Added.
* UIProcess/API/qt/tests/qmltests/TouchWebView/tst_loadZeroSizeView.qml: Added.
* UIProcess/API/qt/tests/qmltests/qmltests.pro:

Modified Paths

• trunk/Source/WebKit2/ChangeLog
• trunk/Source/WebKit2/UIProcess/API/qt/qtouchwebview.cpp
• trunk/Source/WebKit2/UIProcess/API/qt/tests/qmltests/qmltests.pro

Added Paths

• trunk/Source/WebKit2/UIProcess/API/qt/tests/qmltests/TouchWebView/tst_load.qml
• trunk/Source/WebKit2/UIProcess/API/qt/tests/qmltests/TouchWebView/tst_loadNegativeSizeView.qml
• trunk/Source/WebKit2/UIProcess/API/qt/tests/qmltests/TouchWebView/tst_loadZeroSizeView.qml

Diff

Modified: trunk/Source/WebKit2/ChangeLog (94312 => 94313)

--- trunk/Source/WebKit2/ChangeLog	2011-09-01 17:54:58 UTC (rev 94312)
+++ trunk/Source/WebKit2/ChangeLog	2011-09-01 17:56:19 UTC (rev 94313)
@@ -1,3 +1,24 @@
+2011-09-01  Gopal Raghavan  <gopal.1.ragha...@nokia.com>
+
+        [Qt] TouchWebView crashes with segmentation fault
+        https://bugs.webkit.org/show_bug.cgi?id=67308
+
+        Reviewed by Benjamin Poulain.
+
+        If you instantiate TouchWebView element with height and width in a qml file and
+        load a url it crashes.
+        The functions setWidth() and setHeight() are called sequentially therefore it can happen
+        that computeViewportAttributes was called with a size like (width, 0) breaking the
+        assumption of the function that the size is valid. The patch makes sure we compute the
+        viewport when both height and width are valid.
+
+        * UIProcess/API/qt/qtouchwebview.cpp:
+        (QTouchWebViewPrivate::updateViewportConstraints):
+        * UIProcess/API/qt/tests/qmltests/TouchWebView/tst_load.qml: Added.
+        * UIProcess/API/qt/tests/qmltests/TouchWebView/tst_loadNegativeSizeView.qml: Added.
+        * UIProcess/API/qt/tests/qmltests/TouchWebView/tst_loadZeroSizeView.qml: Added.
+        * UIProcess/API/qt/tests/qmltests/qmltests.pro:
+
 2011-09-01  Ada Chan  <adac...@apple.com>
 
         Gather _javascript_, FastMalloc, icon, font, and glyph page statistics in WebProcess::getWebCoreStatistics().

Modified: trunk/Source/WebKit2/UIProcess/API/qt/qtouchwebview.cpp (94312 => 94313)

--- trunk/Source/WebKit2/UIProcess/API/qt/qtouchwebview.cpp	2011-09-01 17:54:58 UTC (rev 94312)
+++ trunk/Source/WebKit2/UIProcess/API/qt/qtouchwebview.cpp	2011-09-01 17:56:19 UTC (rev 94313)
@@ -59,6 +59,9 @@
 {
     QSize availableSize = q->boundingRect().size().toSize();
 
+    if (availableSize.isEmpty())
+        return;
+
     WebPageProxy* wkPage = toImpl(page.pageRef());
     WebPreferences* wkPrefs = wkPage->pageGroup()->preferences();
 

Added: trunk/Source/WebKit2/UIProcess/API/qt/tests/qmltests/TouchWebView/tst_load.qml (0 => 94313)

--- trunk/Source/WebKit2/UIProcess/API/qt/tests/qmltests/TouchWebView/tst_load.qml	                        (rev 0)
+++ trunk/Source/WebKit2/UIProcess/API/qt/tests/qmltests/TouchWebView/tst_load.qml	2011-09-01 17:56:19 UTC (rev 94313)
@@ -0,0 +1,28 @@
+import QtQuick 2.0
+import QtTest 1.0
+import QtWebKit.experimental 5.0
+
+TouchWebView {
+    id: webView
+    height: 600
+    width: 400
+
+    SignalSpy {
+        id: spy
+        target: webView.page
+        signalName: "loadSucceeded"
+    }
+
+    TestCase {
+        name: "TouchWebViewLoad"
+
+        function test_load() {
+            compare(spy.count, 0)
+            webView.page.load(Qt.resolvedUrl("../common/test1.html"))
+            spy.wait()
+            compare(webView.page.title, "Test page 1")
+            compare(webView.width, 400)
+            compare(webView.height, 600)
+        }
+    }
+}

Added: trunk/Source/WebKit2/UIProcess/API/qt/tests/qmltests/TouchWebView/tst_loadNegativeSizeView.qml (0 => 94313)

--- trunk/Source/WebKit2/UIProcess/API/qt/tests/qmltests/TouchWebView/tst_loadNegativeSizeView.qml	                        (rev 0)
+++ trunk/Source/WebKit2/UIProcess/API/qt/tests/qmltests/TouchWebView/tst_loadNegativeSizeView.qml	2011-09-01 17:56:19 UTC (rev 94313)
@@ -0,0 +1,28 @@
+import QtQuick 2.0
+import QtTest 1.0
+import QtWebKit.experimental 5.0
+
+TouchWebView {
+    id: webView
+    height: -600
+    width: -400
+
+    SignalSpy {
+        id: spy
+        target: webView.page
+        signalName: "loadSucceeded"
+    }
+
+    TestCase {
+        name: "TouchWebViewLoad"
+
+        function test_loadNegativeSizeView() {
+            compare(spy.count, 0)
+            webView.page.load(Qt.resolvedUrl("../common/test1.html"))
+            spy.wait()
+            compare(webView.page.title, "Test page 1")
+            compare(webView.width, -400)
+            compare(webView.height, -600)
+        }
+    }
+}

Added: trunk/Source/WebKit2/UIProcess/API/qt/tests/qmltests/TouchWebView/tst_loadZeroSizeView.qml (0 => 94313)

--- trunk/Source/WebKit2/UIProcess/API/qt/tests/qmltests/TouchWebView/tst_loadZeroSizeView.qml	                        (rev 0)
+++ trunk/Source/WebKit2/UIProcess/API/qt/tests/qmltests/TouchWebView/tst_loadZeroSizeView.qml	2011-09-01 17:56:19 UTC (rev 94313)
@@ -0,0 +1,28 @@
+import QtQuick 2.0
+import QtTest 1.0
+import QtWebKit.experimental 5.0
+
+TouchWebView {
+    id: webView
+    height: 0
+    width: 0
+
+    SignalSpy {
+        id: spy
+        target: webView.page
+        signalName: "loadSucceeded"
+    }
+
+    TestCase {
+        name: "TouchWebViewLoad"
+
+        function test_loadZeroSizeView() {
+            compare(spy.count, 0)
+            webView.page.load(Qt.resolvedUrl("../common/test1.html"))
+            spy.wait()
+            compare(webView.page.title, "Test page 1")
+            compare(webView.width, 0)
+            compare(webView.height, 0)
+        }
+    }
+}

Modified: trunk/Source/WebKit2/UIProcess/API/qt/tests/qmltests/qmltests.pro (94312 => 94313)

--- trunk/Source/WebKit2/UIProcess/API/qt/tests/qmltests/qmltests.pro	2011-09-01 17:54:58 UTC (rev 94312)
+++ trunk/Source/WebKit2/UIProcess/API/qt/tests/qmltests/qmltests.pro	2011-09-01 17:56:19 UTC (rev 94313)
@@ -13,5 +13,7 @@
 OTHER_FILES += \
     DesktopWebView/tst_properties.qml \
     DesktopWebView/tst_navigationPolicyForUrl.qml \
-    TouchWebView/tst_properties.qml
+    TouchWebView/tst_properties.qml \
+    TouchWebView/tst_loadZeroSizeView.qml \
+    TouchWebView/tst_loadNegativeSizeView.qml
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes