[webkit-changes] [128654] trunk

Fri, 14 Sep 2012 14:33:12 -0700

Title: [128654] trunk
Revision
128654
Author
[email protected]
Date
2012-09-14 14:34:10 -0700 (Fri, 14 Sep 2012)

Log Message

ImageLoader can't be cleared when video element poster attribute removed.
https://bugs.webkit.org/show_bug.cgi?id=96301

Reviewed by Abhishek Arya.

Source/WebCore:

Same problem as in https://bugs.webkit.org/show_bug.cgi?id=90801. We can't
clear the image loader when the src attribute is cleared, because we might be
inside a handler called on top of an image loader event dispatch. Instead we
will rely on the OwnPtr relationship between the Element and the Image Loader
to limit the lifetime of the loader to that of the element.

Test: fast/dom/beforeload/clear-video-poster-in-beforeload-listener.html

* html/HTMLVideoElement.cpp:
(WebCore::HTMLVideoElement::parseAttribute):
Remove permature clearing of m_imageLoader.
* html/HTMLEmbedElement.cpp:
(WebCore::HTMLEmbedElement::parseAttribute):
Remove permature clearing of m_imageLoader.
* html/HTMLObjectElement.cpp:
(WebCore::HTMLObjectElement::parseAttribute):
Remove permature clearing of m_imageLoader.

LayoutTests:

Added test case.

* fast/dom/beforeload/clear-video-poster-in-beforeload-listener-expected.txt: Added.
* fast/dom/beforeload/clear-video-poster-in-beforeload-listener.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (128653 => 128654)


--- trunk/LayoutTests/ChangeLog	2012-09-14 21:30:42 UTC (rev 128653)
+++ trunk/LayoutTests/ChangeLog	2012-09-14 21:34:10 UTC (rev 128654)
@@ -1,3 +1,15 @@
+2012-09-14  Tom Sepez  <[email protected]>
+
+        ImageLoader can't be cleared when video element poster attribute removed.
+        https://bugs.webkit.org/show_bug.cgi?id=96301
+
+        Reviewed by Abhishek Arya.
+
+        Added test case.
+
+        * fast/dom/beforeload/clear-video-poster-in-beforeload-listener-expected.txt: Added.
+        * fast/dom/beforeload/clear-video-poster-in-beforeload-listener.html: Added.
+
 2012-09-14  Jeffrey Pfau  <[email protected]>
 
         Allow third-party storage blocking setting to change while a page is loaded

Added: trunk/LayoutTests/fast/dom/beforeload/clear-video-poster-in-beforeload-listener-expected.txt (0 => 128654)


--- trunk/LayoutTests/fast/dom/beforeload/clear-video-poster-in-beforeload-listener-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/dom/beforeload/clear-video-poster-in-beforeload-listener-expected.txt	2012-09-14 21:34:10 UTC (rev 128654)
@@ -0,0 +1,3 @@
+This page tests that you can correctly clear a video object's poster attribute in a beforeload listener without causing a crash.
+
+PASS: test completed.

Added: trunk/LayoutTests/fast/dom/beforeload/clear-video-poster-in-beforeload-listener.html (0 => 128654)


--- trunk/LayoutTests/fast/dom/beforeload/clear-video-poster-in-beforeload-listener.html	                        (rev 0)
+++ trunk/LayoutTests/fast/dom/beforeload/clear-video-poster-in-beforeload-listener.html	2012-09-14 21:34:10 UTC (rev 128654)
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+<body>
+<p>This page tests that you can correctly clear a video object's poster attribute in a beforeload listener without causing a crash.</p>
+<div id="console">FAIL: test didn't run to completion.</div>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+x = document.createElement('video');
+x.addEventListener('beforeload', function () {
+    x.removeAttribute('poster');
+    document.getElementById('console').textContent = 'PASS: test completed.';
+    if (window.testRunner)
+        testRunner.notifyDone();
+}, false);
+x.poster = 'foobar';
+</script>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (128653 => 128654)


--- trunk/Source/WebCore/ChangeLog	2012-09-14 21:30:42 UTC (rev 128653)
+++ trunk/Source/WebCore/ChangeLog	2012-09-14 21:34:10 UTC (rev 128654)
@@ -1,3 +1,28 @@
+2012-09-14  Tom Sepez  <[email protected]>
+
+        ImageLoader can't be cleared when video element poster attribute removed.
+        https://bugs.webkit.org/show_bug.cgi?id=96301
+
+        Reviewed by Abhishek Arya.
+
+        Same problem as in https://bugs.webkit.org/show_bug.cgi?id=90801. We can't
+        clear the image loader when the src attribute is cleared, because we might be
+        inside a handler called on top of an image loader event dispatch. Instead we
+        will rely on the OwnPtr relationship between the Element and the Image Loader
+        to limit the lifetime of the loader to that of the element.
+
+        Test: fast/dom/beforeload/clear-video-poster-in-beforeload-listener.html
+
+        * html/HTMLVideoElement.cpp:
+        (WebCore::HTMLVideoElement::parseAttribute):
+        Remove permature clearing of m_imageLoader.
+        * html/HTMLEmbedElement.cpp:
+        (WebCore::HTMLEmbedElement::parseAttribute):
+        Remove permature clearing of m_imageLoader.
+        * html/HTMLObjectElement.cpp:
+        (WebCore::HTMLObjectElement::parseAttribute):
+        Remove permature clearing of m_imageLoader.
+
 2012-09-14  Jeffrey Pfau  <[email protected]>
 
         Allow third-party storage blocking setting to change while a page is loaded

Modified: trunk/Source/WebCore/html/HTMLEmbedElement.cpp (128653 => 128654)


--- trunk/Source/WebCore/html/HTMLEmbedElement.cpp	2012-09-14 21:30:42 UTC (rev 128653)
+++ trunk/Source/WebCore/html/HTMLEmbedElement.cpp	2012-09-14 21:34:10 UTC (rev 128654)
@@ -99,8 +99,6 @@
         size_t pos = m_serviceType.find(";");
         if (pos != notFound)
             m_serviceType = m_serviceType.left(pos);
-        if (!isImageType() && m_imageLoader)
-            m_imageLoader.clear();
     } else if (attribute.name() == codeAttr)
         m_url = stripLeadingAndTrailingHTMLSpaces(attribute.value());
     else if (attribute.name() == srcAttr) {

Modified: trunk/Source/WebCore/html/HTMLObjectElement.cpp (128653 => 128654)


--- trunk/Source/WebCore/html/HTMLObjectElement.cpp	2012-09-14 21:30:42 UTC (rev 128653)
+++ trunk/Source/WebCore/html/HTMLObjectElement.cpp	2012-09-14 21:34:10 UTC (rev 128654)
@@ -105,8 +105,6 @@
             m_serviceType = m_serviceType.left(pos);
         if (renderer())
             setNeedsWidgetUpdate(true);
-        if (!isImageType() && m_imageLoader)
-            m_imageLoader.clear();
     } else if (attribute.name() == dataAttr) {
         m_url = stripLeadingAndTrailingHTMLSpaces(attribute.value());
         if (renderer()) {

Modified: trunk/Source/WebCore/html/HTMLVideoElement.cpp (128653 => 128654)


--- trunk/Source/WebCore/html/HTMLVideoElement.cpp	2012-09-14 21:30:42 UTC (rev 128653)
+++ trunk/Source/WebCore/html/HTMLVideoElement.cpp	2012-09-14 21:34:10 UTC (rev 128654)
@@ -116,8 +116,6 @@
                 m_imageLoader = adoptPtr(new HTMLImageLoader(this));
             m_imageLoader->updateFromElementIgnoringPreviousError();
         } else {
-            if (m_imageLoader)
-                m_imageLoader.clear();
             if (renderer())
                 toRenderImage(renderer())->imageResource()->setCachedImage(0); 
         }

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to