Diff
Modified: branches/safari-613-branch/Source/WebCore/ChangeLog (293065 => 293066)
--- branches/safari-613-branch/Source/WebCore/ChangeLog 2022-04-20 05:37:51 UTC (rev 293065)
+++ branches/safari-613-branch/Source/WebCore/ChangeLog 2022-04-20 05:37:55 UTC (rev 293066)
@@ -1,3 +1,31 @@
+2022-04-19 Russell Epstein <[email protected]>
+
+ Apply patch. rdar://problem/90968659
+
+ 2022-04-04 Gabriel Nava Marino <[email protected]>
+
+ Cherry-pick r292361. rdar://90968659
+
+ Use Ref and RefPtr pattern when handling document close calls
+ https://bugs.webkit.org/show_bug.cgi?id=238747
+
+ Reviewed by Sam Weinig.
+
+ Ensure document object remains for the scope of the call.
+
+ * inspector/DOMPatchSupport.cpp:
+ (WebCore::DOMPatchSupport::patchDocument):
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::stopLoading):
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::init):
+ (WebCore::FrameLoader::clear):
+ * loader/cache/CachedSVGDocument.cpp:
+ (WebCore::CachedSVGDocument::finishLoading):
+ * loader/cache/CachedSVGFont.cpp:
+ (WebCore::CachedSVGFont::ensureCustomFontData):
+ * xml/XMLHttpRequest.cpp:
+
2022-04-19 Alan Coon <[email protected]>
Cherry-pick r291808. rdar://problem/91446363
Modified: branches/safari-613-branch/Source/WebCore/inspector/DOMPatchSupport.cpp (293065 => 293066)
--- branches/safari-613-branch/Source/WebCore/inspector/DOMPatchSupport.cpp 2022-04-20 05:37:51 UTC (rev 293065)
+++ branches/safari-613-branch/Source/WebCore/inspector/DOMPatchSupport.cpp 2022-04-20 05:37:55 UTC (rev 293066)
@@ -102,9 +102,10 @@
std::unique_ptr<Digest> newInfo = createDigest(*newDocument->documentElement(), &m_unusedNodesMap);
if (innerPatchNode(*oldInfo, *newInfo).hasException()) {
+ Ref document { m_document };
// Fall back to rewrite.
- m_document.write(nullptr, markup);
- m_document.close();
+ document->write(nullptr, markup);
+ document->close();
}
}
Modified: branches/safari-613-branch/Source/WebCore/loader/DocumentLoader.cpp (293065 => 293066)
--- branches/safari-613-branch/Source/WebCore/loader/DocumentLoader.cpp 2022-04-20 05:37:51 UTC (rev 293065)
+++ branches/safari-613-branch/Source/WebCore/loader/DocumentLoader.cpp 2022-04-20 05:37:55 UTC (rev 293066)
@@ -388,7 +388,7 @@
// We always need to explicitly cancel the Document's parser when stopping the load.
// Otherwise cancelling the parser while starting the next page load might result
// in unexpected side effects such as erroneous event dispatch. ( http://webkit.org/b/117112 )
- if (Document* document = this->document())
+ if (RefPtr document = this->document())
document->cancelParsing();
stopLoadingSubresources();
Modified: branches/safari-613-branch/Source/WebCore/loader/FrameLoader.cpp (293065 => 293066)
--- branches/safari-613-branch/Source/WebCore/loader/FrameLoader.cpp 2022-04-20 05:37:51 UTC (rev 293065)
+++ branches/safari-613-branch/Source/WebCore/loader/FrameLoader.cpp 2022-04-20 05:37:55 UTC (rev 293066)
@@ -345,7 +345,8 @@
m_provisionalDocumentLoader->startLoadingMainResource();
Ref<Frame> protect(m_frame);
- m_frame.document()->cancelParsing();
+ Ref document { *m_frame.document() };
+ document->cancelParsing();
m_stateMachine.advanceTo(FrameLoaderStateMachine::DisplayingInitialEmptyDocument);
m_networkingContext = m_client->createNetworkingContext();
@@ -626,12 +627,13 @@
m_needsClear = false;
if (neededClear && m_frame.document()->backForwardCacheState() != Document::InBackForwardCache) {
- m_frame.document()->cancelParsing();
- m_frame.document()->stopActiveDOMObjects();
- bool hadLivingRenderTree = m_frame.document()->hasLivingRenderTree();
- m_frame.document()->willBeRemovedFromFrame();
+ Ref document { *m_frame.document() };
+ document->cancelParsing();
+ document->stopActiveDOMObjects();
+ bool hadLivingRenderTree = document->hasLivingRenderTree();
+ document->willBeRemovedFromFrame();
if (hadLivingRenderTree)
- m_frame.document()->adjustFocusedNodeOnNodeRemoval(*m_frame.document());
+ document->adjustFocusedNodeOnNodeRemoval(document);
}
if (handleDOMWindowCreation)
Modified: branches/safari-613-branch/Source/WebCore/loader/cache/CachedSVGDocument.cpp (293065 => 293066)
--- branches/safari-613-branch/Source/WebCore/loader/cache/CachedSVGDocument.cpp 2022-04-20 05:37:51 UTC (rev 293065)
+++ branches/safari-613-branch/Source/WebCore/loader/cache/CachedSVGDocument.cpp 2022-04-20 05:37:55 UTC (rev 293066)
@@ -56,8 +56,9 @@
{
if (data) {
// We don't need to create a new frame because the new document belongs to the parent UseElement.
- m_document = SVGDocument::create(nullptr, m_settings, response().url());
- m_document->setContent(m_decoder->decodeAndFlush(data->makeContiguous()->data(), data->size()));
+ auto document = SVGDocument::create(nullptr, m_settings, response().url());
+ document->setContent(m_decoder->decodeAndFlush(data->makeContiguous()->data(), data->size()));
+ m_document = WTFMove(document);
}
CachedResource::finishLoading(data, metrics);
}
Modified: branches/safari-613-branch/Source/WebCore/loader/cache/CachedSVGFont.cpp (293065 => 293066)
--- branches/safari-613-branch/Source/WebCore/loader/cache/CachedSVGFont.cpp 2022-04-20 05:37:51 UTC (rev 293065)
+++ branches/safari-613-branch/Source/WebCore/loader/cache/CachedSVGFont.cpp 2022-04-20 05:37:55 UTC (rev 293066)
@@ -75,13 +75,14 @@
{
// We may get here during render tree updates when events are forbidden.
// Frameless document can't run scripts or call back to the client so this is safe.
- m_externalSVGDocument = SVGDocument::create(nullptr, m_settings, URL());
+ auto externalSVGDocument = SVGDocument::create(nullptr, m_settings, URL());
auto decoder = TextResourceDecoder::create("application/xml");
ScriptDisallowedScope::DisableAssertionsInScope disabledScope;
- m_externalSVGDocument->setContent(decoder->decodeAndFlush(m_data->makeContiguous()->data(), m_data->size()));
+ externalSVGDocument->setContent(decoder->decodeAndFlush(m_data->makeContiguous()->data(), m_data->size()));
sawError = decoder->sawError();
+ m_externalSVGDocument = WTFMove(externalSVGDocument);
}
if (sawError)
Modified: branches/safari-613-branch/Source/WebCore/xml/XMLHttpRequest.cpp (293065 => 293066)
--- branches/safari-613-branch/Source/WebCore/xml/XMLHttpRequest.cpp 2022-04-20 05:37:51 UTC (rev 293065)
+++ branches/safari-613-branch/Source/WebCore/xml/XMLHttpRequest.cpp 2022-04-20 05:37:55 UTC (rev 293066)
@@ -180,18 +180,21 @@
|| (isHTML && responseType() == ResponseType::EmptyString)) {
m_responseDocument = nullptr;
} else {
+ RefPtr<Document> responseDocument;
if (isHTML)
- m_responseDocument = HTMLDocument::create(nullptr, context.settings(), m_response.url());
+ responseDocument = HTMLDocument::create(nullptr, context.settings(), m_response.url());
else
- m_responseDocument = XMLDocument::create(nullptr, context.settings(), m_response.url());
- m_responseDocument->overrideLastModified(m_response.lastModified());
- m_responseDocument->setContextDocument(context);
- m_responseDocument->setSecurityOriginPolicy(context.securityOriginPolicy());
- m_responseDocument->overrideMIMEType(mimeType);
- m_responseDocument->setContent(m_responseBuilder.toStringPreserveCapacity());
+ responseDocument = XMLDocument::create(nullptr, context.settings(), m_response.url());
+ responseDocument->overrideLastModified(m_response.lastModified());
+ responseDocument->setContextDocument(context);
+ responseDocument->setSecurityOriginPolicy(context.securityOriginPolicy());
+ responseDocument->overrideMIMEType(mimeType);
+ responseDocument->setContent(m_responseBuilder.toStringPreserveCapacity());
- if (!m_responseDocument->wellFormed())
+ if (!responseDocument->wellFormed())
m_responseDocument = nullptr;
+ else
+ m_responseDocument = WTFMove(responseDocument);
}
m_createdDocument = true;
}
Modified: branches/safari-613-branch/Source/WebKitLegacy/win/ChangeLog (293065 => 293066)
--- branches/safari-613-branch/Source/WebKitLegacy/win/ChangeLog 2022-04-20 05:37:51 UTC (rev 293065)
+++ branches/safari-613-branch/Source/WebKitLegacy/win/ChangeLog 2022-04-20 05:37:55 UTC (rev 293066)
@@ -1,3 +1,21 @@
+2022-04-19 Russell Epstein <[email protected]>
+
+ Apply patch. rdar://problem/90968659
+
+ 2022-04-04 Gabriel Nava Marino <[email protected]>
+
+ Cherry-pick r292361. rdar://90968659
+
+ Use Ref and RefPtr pattern when handling document close calls
+ https://bugs.webkit.org/show_bug.cgi?id=238747
+
+ Reviewed by Sam Weinig.
+
+ Ensure document object remains for the scope of the call.
+
+ * DOMHTMLClasses.cpp:
+ (DOMHTMLDocument::close):
+
2022-02-07 Russell Epstein <[email protected]>
Cherry-pick r288590. rdar://problem/87984277
Modified: branches/safari-613-branch/Source/WebKitLegacy/win/DOMHTMLClasses.cpp (293065 => 293066)
--- branches/safari-613-branch/Source/WebKitLegacy/win/DOMHTMLClasses.cpp 2022-04-20 05:37:51 UTC (rev 293065)
+++ branches/safari-613-branch/Source/WebKitLegacy/win/DOMHTMLClasses.cpp 2022-04-20 05:37:55 UTC (rev 293066)
@@ -362,8 +362,8 @@
{
if (!m_document)
return E_FAIL;
-
- m_document->close();
+ Ref document { *m_document };
+ document->close();
return S_OK;
}
