Title: [259511] branches/safari-609-branch/Source/WebCore
- Revision
- 259511
- Author
- [email protected]
- Date
- 2020-04-03 13:40:10 -0700 (Fri, 03 Apr 2020)
Log Message
Cherry-pick r259378. rdar://problem/61269720
Crash in WebCore::HTMLDocumentParser::insert
https://bugs.webkit.org/show_bug.cgi?id=209892
Reviewed by Darin Adler.
Speculative fix to check that the parser hasn't been detached before running preload scanner.
No new tests since there is no reproduction and I couldn't come up with one.
* html/parser/HTMLDocumentParser.cpp:
(WebCore::HTMLDocumentParser::pumpTokenizer):
(WebCore::HTMLDocumentParser::insert):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259378 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-609-branch/Source/WebCore/ChangeLog (259510 => 259511)
--- branches/safari-609-branch/Source/WebCore/ChangeLog 2020-04-03 20:40:06 UTC (rev 259510)
+++ branches/safari-609-branch/Source/WebCore/ChangeLog 2020-04-03 20:40:10 UTC (rev 259511)
@@ -1,5 +1,40 @@
2020-04-03 Alan Coon <[email protected]>
+ Cherry-pick r259378. rdar://problem/61269720
+
+ Crash in WebCore::HTMLDocumentParser::insert
+ https://bugs.webkit.org/show_bug.cgi?id=209892
+
+ Reviewed by Darin Adler.
+
+ Speculative fix to check that the parser hasn't been detached before running preload scanner.
+
+ No new tests since there is no reproduction and I couldn't come up with one.
+
+ * html/parser/HTMLDocumentParser.cpp:
+ (WebCore::HTMLDocumentParser::pumpTokenizer):
+ (WebCore::HTMLDocumentParser::insert):
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259378 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-04-01 Ryosuke Niwa <[email protected]>
+
+ Crash in WebCore::HTMLDocumentParser::insert
+ https://bugs.webkit.org/show_bug.cgi?id=209892
+
+ Reviewed by Darin Adler.
+
+ Speculative fix to check that the parser hasn't been detached before running preload scanner.
+
+ No new tests since there is no reproduction and I couldn't come up with one.
+
+ * html/parser/HTMLDocumentParser.cpp:
+ (WebCore::HTMLDocumentParser::pumpTokenizer):
+ (WebCore::HTMLDocumentParser::insert):
+
+2020-04-03 Alan Coon <[email protected]>
+
Cherry-pick r259355. rdar://problem/61269744
Bindings that override getOwnPropertySlotByIndex need to say they MayHaveIndexedAccessors
Modified: branches/safari-609-branch/Source/WebCore/html/parser/HTMLDocumentParser.cpp (259510 => 259511)
--- branches/safari-609-branch/Source/WebCore/html/parser/HTMLDocumentParser.cpp 2020-04-03 20:40:06 UTC (rev 259510)
+++ branches/safari-609-branch/Source/WebCore/html/parser/HTMLDocumentParser.cpp 2020-04-03 20:40:10 UTC (rev 259511)
@@ -314,7 +314,7 @@
if (shouldResume)
m_parserScheduler->scheduleForResume();
- if (isWaitingForScripts()) {
+ if (isWaitingForScripts() && !isDetached()) {
ASSERT(m_tokenizer.isInDataState());
if (!m_preloadScanner) {
m_preloadScanner = makeUnique<HTMLPreloadScanner>(m_options, document()->url(), document()->deviceScaleFactor());
@@ -372,7 +372,7 @@
m_input.insertAtCurrentInsertionPoint(WTFMove(source));
pumpTokenizerIfPossible(ForceSynchronous);
- if (isWaitingForScripts()) {
+ if (isWaitingForScripts() && !isDetached()) {
// Check the document.write() output with a separate preload scanner as
// the main scanner can't deal with insertions.
if (!m_insertionPreloadScanner)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
