Title: [236446] trunk/Source/WebCore
- Revision
- 236446
- Author
- [email protected]
- Date
- 2018-09-24 17:28:42 -0700 (Mon, 24 Sep 2018)
Log Message
Don't cause a crash even when some IDL attribute is missing CEReactions
https://bugs.webkit.org/show_bug.cgi?id=189937
Reviewed by Simon Fraser.
Replaced release assertions in ElementQueue::add and ElementQueue::invokeAll by debug assertions
since a missing CEReactions resulting in a crash is a terrible user experience.
Also made the iteration in invokeAll safe when more elements were added to m_elements.
No new tests since we would still hit debug assertions, and this behavior should only come up
when some IDL attribute is erroneously missing CEReactions.
* dom/CustomElementReactionQueue.cpp:
(WebCore::CustomElementReactionQueue::ElementQueue::add):
(WebCore::CustomElementReactionQueue::ElementQueue::invokeAll):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (236445 => 236446)
--- trunk/Source/WebCore/ChangeLog 2018-09-25 00:17:29 UTC (rev 236445)
+++ trunk/Source/WebCore/ChangeLog 2018-09-25 00:28:42 UTC (rev 236446)
@@ -1,3 +1,22 @@
+2018-09-24 Ryosuke Niwa <[email protected]>
+
+ Don't cause a crash even when some IDL attribute is missing CEReactions
+ https://bugs.webkit.org/show_bug.cgi?id=189937
+
+ Reviewed by Simon Fraser.
+
+ Replaced release assertions in ElementQueue::add and ElementQueue::invokeAll by debug assertions
+ since a missing CEReactions resulting in a crash is a terrible user experience.
+
+ Also made the iteration in invokeAll safe when more elements were added to m_elements.
+
+ No new tests since we would still hit debug assertions, and this behavior should only come up
+ when some IDL attribute is erroneously missing CEReactions.
+
+ * dom/CustomElementReactionQueue.cpp:
+ (WebCore::CustomElementReactionQueue::ElementQueue::add):
+ (WebCore::CustomElementReactionQueue::ElementQueue::invokeAll):
+
2018-09-24 Wenson Hsieh <[email protected]>
Refactor Editor::fontAttributesForSelectionStart to be platform-agnostic
Modified: trunk/Source/WebCore/dom/CustomElementReactionQueue.cpp (236445 => 236446)
--- trunk/Source/WebCore/dom/CustomElementReactionQueue.cpp 2018-09-25 00:17:29 UTC (rev 236445)
+++ trunk/Source/WebCore/dom/CustomElementReactionQueue.cpp 2018-09-25 00:28:42 UTC (rev 236446)
@@ -225,7 +225,7 @@
inline void CustomElementReactionQueue::ElementQueue::add(Element& element)
{
- RELEASE_ASSERT(!m_invoking);
+ ASSERT(!m_invoking);
// FIXME: Avoid inserting the same element multiple times.
m_elements.append(element);
}
@@ -234,13 +234,16 @@
{
RELEASE_ASSERT(!m_invoking);
SetForScope<bool> invoking(m_invoking, true);
- auto originalSize = m_elements.size();
- for (auto& element : m_elements) {
- auto* queue = element->reactionQueue();
+ unsigned originalSize = m_elements.size();
+ // It's possible for more elements to be enqueued if some IDL attributes were missing CEReactions.
+ // Invoke callbacks slightly later here instead of crashing / ignoring those cases.
+ for (unsigned i = 0; i < m_elements.size(); ++i) {
+ auto& element = m_elements[i].get();
+ auto* queue = element.reactionQueue();
ASSERT(queue);
- queue->invokeAll(element.get());
+ queue->invokeAll(element);
}
- RELEASE_ASSERT(m_elements.size() == originalSize);
+ ASSERT_UNUSED(originalSize, m_elements.size() == originalSize);
m_elements.clear();
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
