Skip to site navigation (Press enter)

[webkit-changes] [203597] trunk

pvollan Fri, 22 Jul 2016 05:41:31 -0700

Title: [203597] trunk

Revision: 203597
Author: [email protected]
Date: 2016-07-22 05:40:26 -0700 (Fri, 22 Jul 2016)

Log Message

IWebView::mainFrame crashes if called after IWebView::close
https://bugs.webkit.org/show_bug.cgi?id=32868


Reviewed by Brent Fulgham.

Source/WebKit/win:

After deleting the page in WebView::close the mainframe object may be deleted. 
         
Test: Tools/TestWebKitAPI/Tests/WebKit/win/WebViewDestruction.cpp (CloseThenGetMainFrame).

* WebView.cpp:
(WebView::close): set mainframe pointer member to null. 

Tools:

* TestWebKitAPI/Tests/WebKit/win/WebViewDestruction.cpp:
(TestWebKitAPI::TEST_F): Added test.

Modified Paths

trunk/Source/WebKit/win/ChangeLog
trunk/Source/WebKit/win/WebView.cpp
trunk/Tools/ChangeLog
trunk/Tools/TestWebKitAPI/Tests/WebKit/win/WebViewDestruction.cpp

Diff

Modified: trunk/Source/WebKit/win/ChangeLog (203596 => 203597)


--- trunk/Source/WebKit/win/ChangeLog	2016-07-22 10:24:03 UTC (rev 203596)
+++ trunk/Source/WebKit/win/ChangeLog	2016-07-22 12:40:26 UTC (rev 203597)
@@ -1,3 +1,17 @@
+2016-07-22  Per Arne Vollan  <[email protected]>
+
+        IWebView::mainFrame crashes if called after IWebView::close
+        https://bugs.webkit.org/show_bug.cgi?id=32868
+
+        Reviewed by Brent Fulgham.
+
+        After deleting the page in WebView::close the mainframe object may be deleted. 
+         
+        Test: Tools/TestWebKitAPI/Tests/WebKit/win/WebViewDestruction.cpp (CloseThenGetMainFrame).
+
+        * WebView.cpp:
+        (WebView::close): set mainframe pointer member to null. 
+
 2016-07-19  Per Arne Vollan  <[email protected]>
 
         [Win] The test fast/scrolling/overflow-scroll-past-max.html is timing out.

Modified: trunk/Source/WebKit/win/WebView.cpp (203596 => 203597)


--- trunk/Source/WebKit/win/WebView.cpp	2016-07-22 10:24:03 UTC (rev 203596)
+++ trunk/Source/WebKit/win/WebView.cpp	2016-07-22 12:40:26 UTC (rev 203597)
@@ -769,8 +769,10 @@
         m_webInspector->inspectedWebViewClosed();
 
     delete m_page;
-    m_page = 0;
+    m_page = nullptr;
 
+    m_mainFrame = nullptr;
+
     registerForIconNotification(false);
     IWebNotificationCenter* notifyCenter = WebNotificationCenter::defaultCenterInternal();
     notifyCenter->removeObserver(this, WebPreferences::webPreferencesChangedNotification(), static_cast<IWebPreferences*>(m_preferences.get()));

Modified: trunk/Tools/ChangeLog (203596 => 203597)


--- trunk/Tools/ChangeLog	2016-07-22 10:24:03 UTC (rev 203596)
+++ trunk/Tools/ChangeLog	2016-07-22 12:40:26 UTC (rev 203597)
@@ -1,3 +1,13 @@
+2016-07-22  Per Arne Vollan  <[email protected]>
+
+        IWebView::mainFrame crashes if called after IWebView::close
+        https://bugs.webkit.org/show_bug.cgi?id=32868
+
+        Reviewed by Brent Fulgham.
+
+        * TestWebKitAPI/Tests/WebKit/win/WebViewDestruction.cpp:
+        (TestWebKitAPI::TEST_F): Added test.
+
 2016-07-22  Carlos Garcia Campos  <[email protected]>
 
         [GTK] Enable threaded compositor by default

Modified: trunk/Tools/TestWebKitAPI/Tests/WebKit/win/WebViewDestruction.cpp (203596 => 203597)


--- trunk/Tools/TestWebKitAPI/Tests/WebKit/win/WebViewDestruction.cpp	2016-07-22 10:24:03 UTC (rev 203596)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit/win/WebViewDestruction.cpp	2016-07-22 12:40:26 UTC (rev 203597)
@@ -154,6 +154,15 @@
     EXPECT_HRESULT_SUCCEEDED(m_webView->close());
 }
 
+// Tests that calling IWebView::close followed by IWebView::mainFrame does not crash.
+TEST_F(WebViewDestructionWithHostWindow, CloseThenGetMainFrame)
+{
+    EXPECT_HRESULT_SUCCEEDED(m_webView->close());
+
+    COMPtr<IWebFrame> frame;
+    EXPECT_HRESULT_FAILED(m_webView->mainFrame(&frame));
+}
+
 TEST_F(WebViewDestructionWithHostWindow, DestroyViewWindowWithoutClose)
 {
     ::DestroyWindow(m_viewWindow);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes