Title: [123536] trunk/Source/WebCore
- Revision
- 123536
- Author
- k...@webkit.org
- Date
- 2012-07-24 15:12:54 -0700 (Tue, 24 Jul 2012)
Log Message
Clear the external characters pointer of an AtomicHTMLToken before the raw token is cleared.
https://bugs.webkit.org/show_bug.cgi?id=92056
Reviewed by Adam Barth.
AtomicHTMLToken keeps a pointer to the HTMLToken's buffer instead of copying the
characters for performance. Clear the external characters pointer before the raw token
is cleared to make sure that we won't have a dangling pointer.
No new tests - no functional changes.
* html/parser/HTMLTreeBuilder.cpp:
(WebCore::HTMLTreeBuilder::constructTreeFromToken):
* xml/parser/MarkupTokenBase.h:
(WebCore::AtomicMarkupTokenBase::clearExternalCharacters):
(AtomicMarkupTokenBase):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (123535 => 123536)
--- trunk/Source/WebCore/ChangeLog 2012-07-24 22:08:52 UTC (rev 123535)
+++ trunk/Source/WebCore/ChangeLog 2012-07-24 22:12:54 UTC (rev 123536)
@@ -1,3 +1,22 @@
+2012-07-23 Kwang Yul Seo <sk...@company100.net>
+
+ Clear the external characters pointer of an AtomicHTMLToken before the raw token is cleared.
+ https://bugs.webkit.org/show_bug.cgi?id=92056
+
+ Reviewed by Adam Barth.
+
+ AtomicHTMLToken keeps a pointer to the HTMLToken's buffer instead of copying the
+ characters for performance. Clear the external characters pointer before the raw token
+ is cleared to make sure that we won't have a dangling pointer.
+
+ No new tests - no functional changes.
+
+ * html/parser/HTMLTreeBuilder.cpp:
+ (WebCore::HTMLTreeBuilder::constructTreeFromToken):
+ * xml/parser/MarkupTokenBase.h:
+ (WebCore::AtomicMarkupTokenBase::clearExternalCharacters):
+ (AtomicMarkupTokenBase):
+
2012-07-24 Jian Li <jia...@chromium.org>
Add per-context setting for html notifications
Modified: trunk/Source/WebCore/html/parser/HTMLTreeBuilder.cpp (123535 => 123536)
--- trunk/Source/WebCore/html/parser/HTMLTreeBuilder.cpp 2012-07-24 22:08:52 UTC (rev 123535)
+++ trunk/Source/WebCore/html/parser/HTMLTreeBuilder.cpp 2012-07-24 22:12:54 UTC (rev 123536)
@@ -451,6 +451,12 @@
constructTreeFromAtomicToken(token.get());
+ // AtomicHTMLToken keeps a pointer to the HTMLToken's buffer instead
+ // of copying the characters for performance.
+ // Clear the external characters pointer before the raw token is cleared
+ // to make sure that we won't have a dangling pointer.
+ token->clearExternalCharacters();
+
if (!rawToken.isUninitialized()) {
ASSERT(rawToken.type() == HTMLTokenTypes::Character);
rawToken.clear();
Modified: trunk/Source/WebCore/xml/parser/MarkupTokenBase.h (123535 => 123536)
--- trunk/Source/WebCore/xml/parser/MarkupTokenBase.h 2012-07-24 22:08:52 UTC (rev 123535)
+++ trunk/Source/WebCore/xml/parser/MarkupTokenBase.h 2012-07-24 22:12:54 UTC (rev 123536)
@@ -482,6 +482,12 @@
return m_doctypeData->m_systemIdentifier;
}
+ void clearExternalCharacters()
+ {
+ ASSERT(m_type == Token::Type::Character);
+ m_externalCharacters = 0;
+ }
+
protected:
typename Token::Type::Type m_type;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes
