Title: [139876] trunk/Source
- Revision
- 139876
- Author
- [email protected]
- Date
- 2013-01-16 05:55:49 -0800 (Wed, 16 Jan 2013)
Log Message
[Qt] Crash in WebCore::CachedFrame::destroy
https://bugs.webkit.org/show_bug.cgi?id=104525
Reviewed by Adam Barth.
Source/WebCore:
Add an assert to increase the chances of catching this crash
early on in the future.
* dom/Document.cpp:
(WebCore::Document::takeDOMWindowFrom):
Source/WebKit/qt:
Remove the call to HistoryController::setCurrentItem which is ultimately
causing the initial empty document of a page to be added to the page cache.
This re-introduce the bug that was fixed by this line, which will be
properly fixed in a follow-up patch.
* Api/qwebhistory.cpp:
(operator>>):
* tests/qwebhistory/tst_qwebhistory.cpp:
(tst_QWebHistory::saveAndRestore_crash_4): Cover the crash.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (139875 => 139876)
--- trunk/Source/WebCore/ChangeLog 2013-01-16 13:50:31 UTC (rev 139875)
+++ trunk/Source/WebCore/ChangeLog 2013-01-16 13:55:49 UTC (rev 139876)
@@ -1,3 +1,16 @@
+2013-01-16 Jocelyn Turcotte <[email protected]>
+
+ [Qt] Crash in WebCore::CachedFrame::destroy
+ https://bugs.webkit.org/show_bug.cgi?id=104525
+
+ Reviewed by Adam Barth.
+
+ Add an assert to increase the chances of catching this crash
+ early on in the future.
+
+ * dom/Document.cpp:
+ (WebCore::Document::takeDOMWindowFrom):
+
2013-01-16 Andrey Lushnikov <[email protected]>
Web Inspector: fix Сlosure warnings in devTools front-end
Modified: trunk/Source/WebCore/dom/Document.cpp (139875 => 139876)
--- trunk/Source/WebCore/dom/Document.cpp 2013-01-16 13:50:31 UTC (rev 139875)
+++ trunk/Source/WebCore/dom/Document.cpp 2013-01-16 13:55:49 UTC (rev 139876)
@@ -3603,6 +3603,8 @@
ASSERT(m_frame);
ASSERT(!m_domWindow);
ASSERT(document->domWindow());
+ // A valid DOMWindow is needed by CachedFrame for its documents.
+ ASSERT(!document->inPageCache());
m_domWindow = document->m_domWindow.release();
m_domWindow->didSecureTransitionTo(this);
Modified: trunk/Source/WebKit/qt/Api/qwebhistory.cpp (139875 => 139876)
--- trunk/Source/WebKit/qt/Api/qwebhistory.cpp 2013-01-16 13:50:31 UTC (rev 139875)
+++ trunk/Source/WebKit/qt/Api/qwebhistory.cpp 2013-01-16 13:55:49 UTC (rev 139876)
@@ -542,8 +542,6 @@
d->lst->addItem(item);
}
d->lst->removeItem(nullItem);
- // Update the HistoryController.
- static_cast<WebCore::BackForwardListImpl*>(history.d->lst)->page()->mainFrame()->loader()->history()->setCurrentItem(history.d->lst->entries()[currentIndex].get());
history.goToItem(history.itemAt(currentIndex));
}
}
Modified: trunk/Source/WebKit/qt/ChangeLog (139875 => 139876)
--- trunk/Source/WebKit/qt/ChangeLog 2013-01-16 13:50:31 UTC (rev 139875)
+++ trunk/Source/WebKit/qt/ChangeLog 2013-01-16 13:55:49 UTC (rev 139876)
@@ -1,3 +1,21 @@
+2013-01-16 Jocelyn Turcotte <[email protected]>
+
+ [Qt] Crash in WebCore::CachedFrame::destroy
+ https://bugs.webkit.org/show_bug.cgi?id=104525
+
+ Reviewed by Adam Barth.
+
+ Remove the call to HistoryController::setCurrentItem which is ultimately
+ causing the initial empty document of a page to be added to the page cache.
+
+ This re-introduce the bug that was fixed by this line, which will be
+ properly fixed in a follow-up patch.
+
+ * Api/qwebhistory.cpp:
+ (operator>>):
+ * tests/qwebhistory/tst_qwebhistory.cpp:
+ (tst_QWebHistory::saveAndRestore_crash_4): Cover the crash.
+
2013-01-11 Huang Dongsung <[email protected]>
[TexMap] Rename current[Transform|Opacity|Filters] in TextureMapperLayer.
Modified: trunk/Source/WebKit/qt/tests/qwebhistory/tst_qwebhistory.cpp (139875 => 139876)
--- trunk/Source/WebKit/qt/tests/qwebhistory/tst_qwebhistory.cpp 2013-01-16 13:50:31 UTC (rev 139875)
+++ trunk/Source/WebKit/qt/tests/qwebhistory/tst_qwebhistory.cpp 2013-01-16 13:55:49 UTC (rev 139876)
@@ -56,9 +56,12 @@
void serialize_1(); //QWebHistory countity
void serialize_2(); //QWebHistory index
void serialize_3(); //QWebHistoryItem
+ // Those tests shouldn't crash
void saveAndRestore_crash_1();
void saveAndRestore_crash_2();
void saveAndRestore_crash_3();
+ void saveAndRestore_crash_4();
+
void popPushState_data();
void popPushState();
void clear();
@@ -308,7 +311,6 @@
load >> *history;
}
-/** The test shouldn't crash */
void tst_QWebHistory::saveAndRestore_crash_1()
{
QByteArray buffer;
@@ -319,7 +321,6 @@
}
}
-/** The test shouldn't crash */
void tst_QWebHistory::saveAndRestore_crash_2()
{
QByteArray buffer;
@@ -333,7 +334,6 @@
delete page2;
}
-/** The test shouldn't crash */
void tst_QWebHistory::saveAndRestore_crash_3()
{
QByteArray buffer;
@@ -353,6 +353,27 @@
delete page2;
}
+void tst_QWebHistory::saveAndRestore_crash_4()
+{
+ QByteArray buffer;
+ saveHistory(hist, &buffer);
+
+ QWebPage* page2 = new QWebPage(this);
+ // The initial crash was in PageCache.
+ page2->settings()->setMaximumPagesInCache(3);
+
+ // Load the history in a new page, waiting for the load to finish.
+ QEventLoop waitForLoadFinished;
+ QObject::connect(page2, SIGNAL(loadFinished(bool)), &waitForLoadFinished, SLOT(quit()), Qt::QueuedConnection);
+ QDataStream load(&buffer, QIODevice::ReadOnly);
+ load >> *page2->history();
+ waitForLoadFinished.exec();
+
+ delete page2;
+ // Give some time for the PageCache cleanup 0-timer to fire.
+ QTest::qWait(50);
+}
+
void tst_QWebHistory::popPushState_data()
{
QTest::addColumn<QString>("script");
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
