Title: [106329] tags/Safari-535.18.5
Diff
Modified: tags/Safari-535.18.5/LayoutTests/ChangeLog (106328 => 106329)
--- tags/Safari-535.18.5/LayoutTests/ChangeLog 2012-01-31 04:52:36 UTC (rev 106328)
+++ tags/Safari-535.18.5/LayoutTests/ChangeLog 2012-01-31 04:59:29 UTC (rev 106329)
@@ -1,3 +1,17 @@
+2012-01-30 Mark Rowe <[email protected]>
+
+ Merge r106305.
+
+ 2012-01-30 Brady Eidson <[email protected]>
+
+ <rdar://problem/10707072>
+ Crashes in WebProcess at WebCore::Node::rendererIsNeeded
+
+ Reviewed by Darin Adler.
+
+ * plugins/crash-restoring-pluging-page-from-page-cache-expected.txt: Added.
+ * plugins/crash-restoring-pluging-page-from-page-cache.html: Added.
+
2012-01-18 Sheriff Bot <[email protected]>
Unreviewed, rolling out r105376.
Added: tags/Safari-535.18.5/LayoutTests/plugins/crash-restoring-pluging-page-from-page-cache-expected.txt (0 => 106329)
--- tags/Safari-535.18.5/LayoutTests/plugins/crash-restoring-pluging-page-from-page-cache-expected.txt (rev 0)
+++ tags/Safari-535.18.5/LayoutTests/plugins/crash-restoring-pluging-page-from-page-cache-expected.txt 2012-01-31 04:59:29 UTC (rev 106329)
@@ -0,0 +1,11 @@
+ALERT: Made it back!
+This test - assuming it will pass - does the following:
+1 - Has nested plugin elements
+2 - Leaves the page, and the page enters the page cache
+3 - Returns, pulling the page from the page cache
+4 - Doesn't crash
+
+If you're not running under DRT, you'll need to leave the page then return to it yourself.
+Some fallback text to force a renderer.
+
+(Yes, the extreme number of object elements are necessary to more reliably reproduce the crash. Leave them.)
Added: tags/Safari-535.18.5/LayoutTests/plugins/crash-restoring-pluging-page-from-page-cache.html (0 => 106329)
--- tags/Safari-535.18.5/LayoutTests/plugins/crash-restoring-pluging-page-from-page-cache.html (rev 0)
+++ tags/Safari-535.18.5/LayoutTests/plugins/crash-restoring-pluging-page-from-page-cache.html 2012-01-31 04:59:29 UTC (rev 106329)
@@ -0,0 +1,94 @@
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+ layoutTestController.overridePreference("WebKitUsesPageCachePreferenceKey", 1);
+ layoutTestController.overridePreference("WebKitPageCacheSupportsPluginsPreferenceKey", 1);
+}
+
+function pageShown() {
+ if (event.persisted)
+ setTimeout("testComplete()", 0);
+ else
+ setTimeout("startTest()", 0);
+}
+
+function testComplete() {
+ alert("Made it back!");
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+
+function startTest() {
+ document.getElementById("ExamplePlugin").setAttribute("style", "display:none");
+ window.location.href = '';
+}
+
+</script>
+
+<style>
+ object { border-color: red; border-width: 2px; border-style:solid; }
+</style>
+</head>
+
+<body _onpageshow_="pageShown();">
+
+This test - assuming it will pass - does the following:<br>
+1 - Has nested plugin elements<br>
+2 - Leaves the page, and the page enters the page cache<br>
+3 - Returns, pulling the page from the page cache<br>
+4 - Doesn't crash<br>
+<br>
+If you're not running under DRT, you'll need to leave the page then return to it yourself.
+<br>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+
+<object type="application/x-shockwave-flash" width="500" height="375" id="ExamplePlugin">
+ <img src=""
+</object>
+
+Some fallback text to force a renderer.
+
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object><br><br>
+
+(Yes, the extreme number of object elements are necessary to more reliably reproduce the crash. Leave them.)
+</body>
Modified: tags/Safari-535.18.5/Source/WebCore/ChangeLog (106328 => 106329)
--- tags/Safari-535.18.5/Source/WebCore/ChangeLog 2012-01-31 04:52:36 UTC (rev 106328)
+++ tags/Safari-535.18.5/Source/WebCore/ChangeLog 2012-01-31 04:59:29 UTC (rev 106329)
@@ -1,3 +1,31 @@
+2012-01-30 Mark Rowe <[email protected]>
+
+ Merge r106305.
+
+ 2012-01-30 Brady Eidson <[email protected]>
+
+ <rdar://problem/10707072>
+ Crashes in WebProcess at WebCore::Node::rendererIsNeeded
+
+ Reviewed by Darin Adler.
+
+ In specific circumstances a plugin element can be without a render style at the point in time where
+ the page navigated and enters the page cache.
+
+ When this is the cash, the element should not enter into the "custom style for renderer" mode and should
+ instead use the default render style machinery.
+
+ Test: plugins/crash-restoring-pluging-page-from-page-cache.html
+
+ * html/HTMLPlugInImageElement.cpp:
+ (WebCore::HTMLPlugInImageElement::documentWillSuspendForPageCache): Only setHasCustomStyleForRenderer and
+ forceRecalc if there actually is a custom style to be used.
+ (WebCore::HTMLPlugInImageElement::documentDidResumeFromPageCache): Only clearHasCustomStyleForRenderer if there
+ actually was a custom style to be cleared.
+ (WebCore::HTMLPlugInImageElement::customStyleForRenderer): This should only be called if there actually is a
+ custom style to be used. Otherwise the element would have to fallback to the "normal" RenderStyle which might
+ not exist.
+
2012-01-18 Sheriff Bot <[email protected]>
Unreviewed, rolling out r105376.
Modified: tags/Safari-535.18.5/Source/WebCore/html/HTMLPlugInImageElement.cpp (106328 => 106329)
--- tags/Safari-535.18.5/Source/WebCore/html/HTMLPlugInImageElement.cpp 2012-01-31 04:52:36 UTC (rev 106328)
+++ tags/Safari-535.18.5/Source/WebCore/html/HTMLPlugInImageElement.cpp 2012-01-31 04:59:29 UTC (rev 106329)
@@ -217,25 +217,23 @@
void HTMLPlugInImageElement::documentWillSuspendForPageCache()
{
- if (RenderStyle* rs = renderStyle()) {
- m_customStyleForPageCache = RenderStyle::clone(rs);
+ if (RenderStyle* renderStyle = this->renderStyle()) {
+ m_customStyleForPageCache = RenderStyle::clone(renderStyle);
m_customStyleForPageCache->setDisplay(NONE);
- }
+ setHasCustomStyleForRenderer();
- setHasCustomStyleForRenderer();
-
- if (m_customStyleForPageCache)
recalcStyle(Force);
-
+ }
+
HTMLPlugInElement::documentWillSuspendForPageCache();
}
void HTMLPlugInImageElement::documentDidResumeFromPageCache()
{
- clearHasCustomStyleForRenderer();
-
if (m_customStyleForPageCache) {
m_customStyleForPageCache = 0;
+ clearHasCustomStyleForRenderer();
+
recalcStyle(Force);
}
@@ -244,9 +242,7 @@
PassRefPtr<RenderStyle> HTMLPlugInImageElement::customStyleForRenderer()
{
- if (!m_customStyleForPageCache)
- return renderStyle();
-
+ ASSERT(m_customStyleForPageCache);
return m_customStyleForPageCache;
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
