Title: [114582] releases/WebKitGTK/webkit-1.8/Source/WebCore
Diff
Modified: releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog (114581 => 114582)
--- releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog 2012-04-18 23:34:36 UTC (rev 114581)
+++ releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog 2012-04-18 23:38:07 UTC (rev 114582)
@@ -1,3 +1,28 @@
+2012-04-18 Adam Barth <[email protected]>
+
+ ContainerNode::insertedIntoTree and removedFromTree use weak iteration patterns
+ https://bugs.webkit.org/show_bug.cgi?id=80570
+
+ Reviewed by Ryosuke Niwa.
+
+ These functions use weak iteration patterns, but as far as I can tell,
+ we never execute script below these functions. This patch adds ASSERTs
+ to help us avoid adding events in the future.
+
+ * dom/ContainerNode.cpp:
+ (WebCore::ContainerNode::insertedIntoTree):
+ (WebCore::ContainerNode::removedFromTree):
+ * html/HTMLMediaElement.cpp:
+ (WebCore::HTMLMediaElement::loadInternal):
+ - There's a somewhat complex call chain from insertedIntoTree into
+ HTMLMediaElement, and somewhat complex control flow below
+ loadInternal that eventually leads to the BeforeLoad event being
+ fired. In studying this code, I don't see a way for the
+ BeforeLoad event to be fired during insertedIntoTree, but I've
+ added this assert here to make sure we don't call loadInternal
+ when we're not supposed to dispatch events. This ASSERT should
+ help us catch these BeforeLoad errors more quickly.
+
2012-04-18 Abhishek Arya <[email protected]>
Incorrect beforeChild parent calculation in RenderRubyBase::moveChildren.
Modified: releases/WebKitGTK/webkit-1.8/Source/WebCore/dom/ContainerNode.cpp (114581 => 114582)
--- releases/WebKitGTK/webkit-1.8/Source/WebCore/dom/ContainerNode.cpp 2012-04-18 23:34:36 UTC (rev 114581)
+++ releases/WebKitGTK/webkit-1.8/Source/WebCore/dom/ContainerNode.cpp 2012-04-18 23:38:07 UTC (rev 114582)
@@ -849,16 +849,20 @@
{
if (!deep)
return;
+ forbidEventDispatch();
for (Node* child = m_firstChild; child; child = child->nextSibling())
child->insertedIntoTree(true);
+ allowEventDispatch();
}
void ContainerNode::removedFromTree(bool deep)
{
if (!deep)
return;
+ forbidEventDispatch();
for (Node* child = m_firstChild; child; child = child->nextSibling())
child->removedFromTree(true);
+ allowEventDispatch();
}
void ContainerNode::childrenChanged(bool changedByParser, Node* beforeChange, Node* afterChange, int childCountDelta)
Modified: releases/WebKitGTK/webkit-1.8/Source/WebCore/html/HTMLMediaElement.cpp (114581 => 114582)
--- releases/WebKitGTK/webkit-1.8/Source/WebCore/html/HTMLMediaElement.cpp 2012-04-18 23:34:36 UTC (rev 114581)
+++ releases/WebKitGTK/webkit-1.8/Source/WebCore/html/HTMLMediaElement.cpp 2012-04-18 23:38:07 UTC (rev 114582)
@@ -704,6 +704,11 @@
void HTMLMediaElement::loadInternal()
{
+ // Some of the code paths below this function dispatch the BeforeLoad event. This ASSERT helps
+ // us catch those bugs more quickly without needing all the branches to align to actually
+ // trigger the event.
+ ASSERT(!eventDispatchForbidden());
+
// If we can't start a load right away, start it later.
Page* page = document()->page();
if (pageConsentRequiredForLoad() && page && !page->canStartMedia()) {
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
