Title: [95059] trunk
- Revision
- 95059
- Author
- commit-qu...@webkit.org
- Date
- 2011-09-13 17:29:11 -0700 (Tue, 13 Sep 2011)
Log Message
Source/WebCore: Fix crash when an iframe element is removed during a transition to
fullscreen.
https://bugs.webkit.org/show_bug.cgi?id=67960
Patch by Jeremy Apthorp <jere...@google.com> on 2011-09-13
Reviewed by Adam Barth.
Test: fullscreen/full-screen-remove-ancestor-during-transition.html
* dom/Document.cpp:
(WebCore::Document::~Document):
Clear the list of elements to which we need to send a fullscreenchange
event.
LayoutTests: Removing an iframe from the document during a transition to fullscreen
should not crash.
https://bugs.webkit.org/show_bug.cgi?id=67960
Patch by Jeremy Apthorp <jere...@google.com> on 2011-09-13
Reviewed by Adam Barth.
* fullscreen/full-screen-remove-ancestor-during-transition-expected.txt: Added.
* fullscreen/full-screen-remove-ancestor-during-transition.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (95058 => 95059)
--- trunk/LayoutTests/ChangeLog 2011-09-14 00:17:09 UTC (rev 95058)
+++ trunk/LayoutTests/ChangeLog 2011-09-14 00:29:11 UTC (rev 95059)
@@ -1,3 +1,14 @@
+2011-09-13 Jeremy Apthorp <jere...@google.com>
+
+ Removing an iframe from the document during a transition to fullscreen
+ should not crash.
+ https://bugs.webkit.org/show_bug.cgi?id=67960
+
+ Reviewed by Adam Barth.
+
+ * fullscreen/full-screen-remove-ancestor-during-transition-expected.txt: Added.
+ * fullscreen/full-screen-remove-ancestor-during-transition.html: Added.
+
2011-09-13 David Hyatt <hy...@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=68040
Added: trunk/LayoutTests/fullscreen/full-screen-remove-ancestor-during-transition-expected.txt (0 => 95059)
--- trunk/LayoutTests/fullscreen/full-screen-remove-ancestor-during-transition-expected.txt (rev 0)
+++ trunk/LayoutTests/fullscreen/full-screen-remove-ancestor-during-transition-expected.txt 2011-09-14 00:29:11 UTC (rev 95059)
@@ -0,0 +1 @@
+PASS
Added: trunk/LayoutTests/fullscreen/full-screen-remove-ancestor-during-transition.html (0 => 95059)
--- trunk/LayoutTests/fullscreen/full-screen-remove-ancestor-during-transition.html (rev 0)
+++ trunk/LayoutTests/fullscreen/full-screen-remove-ancestor-during-transition.html 2011-09-14 00:29:11 UTC (rev 95059)
@@ -0,0 +1,43 @@
+<script src=""
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function runWithKeyDown(fn)
+{
+ document.addEventListener('mousedown', function() { fn(); }, false);
+ if (window.layoutTestController) {
+ eventSender.mouseDown();
+ }
+}
+
+function init() {
+ // Bail out early if the full screen API is not enabled or is missing:
+ if (Element.prototype.webkitRequestFullScreen == undefined) {
+ alert("Fullscreen API not available.");
+ } else {
+ runWithKeyDown(goFullScreen);
+ }
+}
+
+function goFullScreen() {
+ var iframe = document.getElementById('block1');
+ var element = iframe.contentDocument.documentElement;
+ setTimeout(function () {
+ iframe.parentNode.removeChild(iframe);
+ gc();
+ setTimeout(function () {
+ if (window.layoutTestController) {
+ layoutTestController.notifyDone();
+ }
+ }, 0);
+ }, 0);
+ element.webkitRequestFullScreen();
+}
+</script>
+<body _onload_="init()">
+ <iframe webkitallowfullscreen src="" id="block1"></iframe>
+ PASS
+</body>
Modified: trunk/Source/WebCore/ChangeLog (95058 => 95059)
--- trunk/Source/WebCore/ChangeLog 2011-09-14 00:17:09 UTC (rev 95058)
+++ trunk/Source/WebCore/ChangeLog 2011-09-14 00:29:11 UTC (rev 95059)
@@ -1,3 +1,18 @@
+2011-09-13 Jeremy Apthorp <jere...@google.com>
+
+ Fix crash when an iframe element is removed during a transition to
+ fullscreen.
+ https://bugs.webkit.org/show_bug.cgi?id=67960
+
+ Reviewed by Adam Barth.
+
+ Test: fullscreen/full-screen-remove-ancestor-during-transition.html
+
+ * dom/Document.cpp:
+ (WebCore::Document::~Document):
+ Clear the list of elements to which we need to send a fullscreenchange
+ event.
+
2011-09-13 David Hyatt <hy...@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=68040
Modified: trunk/Source/WebCore/dom/Document.cpp (95058 => 95059)
--- trunk/Source/WebCore/dom/Document.cpp 2011-09-14 00:17:09 UTC (rev 95058)
+++ trunk/Source/WebCore/dom/Document.cpp 2011-09-14 00:29:11 UTC (rev 95059)
@@ -574,6 +574,10 @@
(*m_userSheets)[i]->clearOwnerNode();
}
+#if ENABLE(FULLSCREEN_API)
+ m_fullScreenChangeEventTargetQueue.clear();
+#endif
+
deleteRetiredCustomFonts();
m_weakReference->clear();
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes