Title: [214702] trunk/Source/WebCore
- Revision
- 214702
- Author
- [email protected]
- Date
- 2017-03-31 17:10:59 -0700 (Fri, 31 Mar 2017)
Log Message
When destroying a Node, assert that it's been removed from all the touch handler maps
https://bugs.webkit.org/show_bug.cgi?id=170363
rdar://problem/31377469
Reviewed by Tim Horton.
Assert that the Node has been removed from the touch handler maps in all documents on destruction.
* dom/Document.h:
(WebCore::Document::hasTouchEventHandlers):
(WebCore::Document::touchEventTargetsContain):
* dom/Node.cpp:
(WebCore::Node::~Node):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (214701 => 214702)
--- trunk/Source/WebCore/ChangeLog 2017-04-01 00:00:52 UTC (rev 214701)
+++ trunk/Source/WebCore/ChangeLog 2017-04-01 00:10:59 UTC (rev 214702)
@@ -1,3 +1,19 @@
+2017-03-31 Simon Fraser <[email protected]>
+
+ When destroying a Node, assert that it's been removed from all the touch handler maps
+ https://bugs.webkit.org/show_bug.cgi?id=170363
+ rdar://problem/31377469
+
+ Reviewed by Tim Horton.
+
+ Assert that the Node has been removed from the touch handler maps in all documents on destruction.
+
+ * dom/Document.h:
+ (WebCore::Document::hasTouchEventHandlers):
+ (WebCore::Document::touchEventTargetsContain):
+ * dom/Node.cpp:
+ (WebCore::Node::~Node):
+
2017-03-31 Alexey Proskuryakov <[email protected]>
Rolling back https://trac.webkit.org/r214689, as it caused many crashes.
Modified: trunk/Source/WebCore/dom/Document.h (214701 => 214702)
--- trunk/Source/WebCore/dom/Document.h 2017-04-01 00:00:52 UTC (rev 214701)
+++ trunk/Source/WebCore/dom/Document.h 2017-04-01 00:10:59 UTC (rev 214702)
@@ -1145,12 +1145,6 @@
double lastHandledUserGestureTimestamp() const { return m_lastHandledUserGestureTimestamp; }
void updateLastHandledUserGestureTimestamp();
-#if ENABLE(TOUCH_EVENTS)
- bool hasTouchEventHandlers() const { return (m_touchEventTargets.get()) ? m_touchEventTargets->size() : false; }
-#else
- bool hasTouchEventHandlers() const { return false; }
-#endif
-
// Used for testing. Count handlers in the main document, and one per frame which contains handlers.
WEBCORE_EXPORT unsigned wheelEventHandlerCount() const;
WEBCORE_EXPORT unsigned touchEventHandlerCount() const;
@@ -1158,6 +1152,14 @@
WEBCORE_EXPORT void startTrackingStyleRecalcs();
WEBCORE_EXPORT unsigned styleRecalcCount() const;
+#if ENABLE(TOUCH_EVENTS)
+ bool hasTouchEventHandlers() const { return (m_touchEventTargets.get()) ? m_touchEventTargets->size() : false; }
+ bool touchEventTargetsContain(Node& node) const { return m_touchEventTargets ? m_touchEventTargets->contains(&node) : false; }
+#else
+ bool hasTouchEventHandlers() const { return false; }
+ bool touchEventTargetsContain(Node&) const { return false; }
+#endif
+
void didAddTouchEventHandler(Node&);
void didRemoveTouchEventHandler(Node&, EventHandlerRemoval = EventHandlerRemoval::One);
Modified: trunk/Source/WebCore/dom/Node.cpp (214701 => 214702)
--- trunk/Source/WebCore/dom/Node.cpp 2017-04-01 00:00:52 UTC (rev 214701)
+++ trunk/Source/WebCore/dom/Node.cpp 2017-04-01 00:10:59 UTC (rev 214702)
@@ -301,6 +301,14 @@
clearEventTargetData();
document().decrementReferencingNodeCount();
+
+#if ENABLE(TOUCH_EVENTS) && PLATFORM(IOS) && (!ASSERT_DISABLED || ENABLE(SECURITY_ASSERTIONS))
+ for (auto* document : Document::allDocuments()) {
+ ASSERT_WITH_SECURITY_IMPLICATION(!document->touchEventListenersContain(*this));
+ ASSERT_WITH_SECURITY_IMPLICATION(!document->touchEventHandlersContain(*this));
+ ASSERT_WITH_SECURITY_IMPLICATION(!document->touchEventTargetsContain(*this));
+ }
+#endif
}
void Node::willBeDeletedFrom(Document& document)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
