Diff
Modified: trunk/Source/WebCore/ChangeLog (157956 => 157957)
--- trunk/Source/WebCore/ChangeLog 2013-10-24 21:31:11 UTC (rev 157956)
+++ trunk/Source/WebCore/ChangeLog 2013-10-24 21:40:55 UTC (rev 157957)
@@ -1,3 +1,25 @@
+2013-10-24 Daniel Bates <[email protected]>
+
+ Crash in WebCore::NavigationScheduler::startTimer()
+ https://bugs.webkit.org/show_bug.cgi?id=123288
+ <rdar://problem/14055644>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Currently NavigationScheduler::startTimer() synchronously notifies the client
+ before the Web Inspector of a scheduled redirect. If a client cancels this
+ redirect then NavigationScheduler::m_redirect will become null and we'll
+ subsequently crash when informing the Web Inspector of this formerly scheduled
+ redirect. Instead, NavigationScheduler::startTimer() should notify the Web
+ Inspector before it notifies the client of a scheduled redirect.
+
+ As a side benefit of this change, the Web Inspector is notified of a scheduled
+ redirect before being notified of it being canceled when a client chooses to cancel
+ a scheduled redirect.
+
+ * loader/NavigationScheduler.cpp:
+ (WebCore::NavigationScheduler::startTimer):
+
2013-10-24 Antti Koivisto <[email protected]>
Try to fix build without CSS_SHAPES.
Modified: trunk/Source/WebCore/loader/NavigationScheduler.cpp (157956 => 157957)
--- trunk/Source/WebCore/loader/NavigationScheduler.cpp 2013-10-24 21:31:11 UTC (rev 157956)
+++ trunk/Source/WebCore/loader/NavigationScheduler.cpp 2013-10-24 21:40:55 UTC (rev 157957)
@@ -466,9 +466,10 @@
if (!m_redirect->shouldStartTimer(m_frame))
return;
- m_timer.startOneShot(m_redirect->delay());
- m_redirect->didStartTimer(m_frame, &m_timer);
- InspectorInstrumentation::frameScheduledNavigation(m_frame, m_redirect->delay());
+ double delay = m_redirect->delay();
+ m_timer.startOneShot(delay);
+ InspectorInstrumentation::frameScheduledNavigation(m_frame, delay);
+ m_redirect->didStartTimer(m_frame, &m_timer); // m_redirect may be null on return (e.g. the client canceled the load)
}
void NavigationScheduler::cancel(bool newLoadInProgress)
Modified: trunk/Tools/ChangeLog (157956 => 157957)
--- trunk/Tools/ChangeLog 2013-10-24 21:31:11 UTC (rev 157956)
+++ trunk/Tools/ChangeLog 2013-10-24 21:40:55 UTC (rev 157957)
@@ -1,3 +1,17 @@
+2013-10-24 Daniel Bates <[email protected]>
+
+ Crash in WebCore::NavigationScheduler::startTimer()
+ https://bugs.webkit.org/show_bug.cgi?id=123288
+ <rdar://problem/14055644>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Add API test.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/mac/WillPerformClientRedirectToURLCrash.html: Added.
+ * TestWebKitAPI/Tests/mac/WillPerformClientRedirectToURLCrash.mm: Added.
+
2013-10-24 Gyuyoung Kim <[email protected]>
[GTK] Disable css-image-orientation
Modified: trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (157956 => 157957)
--- trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2013-10-24 21:31:11 UTC (rev 157956)
+++ trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2013-10-24 21:40:55 UTC (rev 157957)
@@ -218,6 +218,8 @@
CD5393C81757BA9700C07123 /* MD5.cpp in Sources */ = {isa = PBXBuildFile; fileRef = CD5393C71757BA9700C07123 /* MD5.cpp */; };
CD5393CA1757BAC400C07123 /* SHA1.cpp in Sources */ = {isa = PBXBuildFile; fileRef = CD5393C91757BAC400C07123 /* SHA1.cpp */; };
CD5497B415857F0C00B5BC30 /* MediaTime.cpp in Sources */ = {isa = PBXBuildFile; fileRef = CD5497B315857F0C00B5BC30 /* MediaTime.cpp */; };
+ CE14F1A4181873B0001C2705 /* WillPerformClientRedirectToURLCrash.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = CE14F1A2181873B0001C2705 /* WillPerformClientRedirectToURLCrash.html */; };
+ CE32C7C818184C4900CD8C28 /* WillPerformClientRedirectToURLCrash.mm in Sources */ = {isa = PBXBuildFile; fileRef = CE32C7C718184C4900CD8C28 /* WillPerformClientRedirectToURLCrash.mm */; };
E1220DA0155B25480013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.mm in Sources */ = {isa = PBXBuildFile; fileRef = E1220D9F155B25480013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.mm */; };
E1220DCA155B28AA0013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = E1220DC9155B287D0013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.html */; };
E194E1BB177E5145009C4D4E /* StopLoadingFromDidReceiveResponse.mm in Sources */ = {isa = PBXBuildFile; fileRef = E194E1BA177E5145009C4D4E /* StopLoadingFromDidReceiveResponse.mm */; };
@@ -288,6 +290,7 @@
1A02C870125D4CFD00E3F4BD /* find.html in Copy Resources */,
9B4F8FA7159D52DD002D9F94 /* HTMLCollectionNamedItem.html in Copy Resources */,
9B26FCCA159D16DE00CC3765 /* HTMLFormCollectionNamedItem.html in Copy Resources */,
+ CE14F1A4181873B0001C2705 /* WillPerformClientRedirectToURLCrash.html in Copy Resources */,
BCBD3737125ABBEB00D2C29F /* icon.png in Copy Resources */,
378E64791632707400B6C676 /* link-with-title.html in Copy Resources */,
9361002914DC95A70061379D /* lots-of-iframes.html in Copy Resources */,
@@ -549,6 +552,8 @@
CD5393C71757BA9700C07123 /* MD5.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MD5.cpp; sourceTree = "<group>"; };
CD5393C91757BAC400C07123 /* SHA1.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SHA1.cpp; sourceTree = "<group>"; };
CD5497B315857F0C00B5BC30 /* MediaTime.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MediaTime.cpp; sourceTree = "<group>"; };
+ CE14F1A2181873B0001C2705 /* WillPerformClientRedirectToURLCrash.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = WillPerformClientRedirectToURLCrash.html; sourceTree = "<group>"; };
+ CE32C7C718184C4900CD8C28 /* WillPerformClientRedirectToURLCrash.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WillPerformClientRedirectToURLCrash.mm; sourceTree = "<group>"; };
E1220D9F155B25480013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = MemoryCacheDisableWithinResourceLoadDelegate.mm; sourceTree = "<group>"; };
E1220DC9155B287D0013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = MemoryCacheDisableWithinResourceLoadDelegate.html; sourceTree = "<group>"; };
E194E1BA177E5145009C4D4E /* StopLoadingFromDidReceiveResponse.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = StopLoadingFromDidReceiveResponse.mm; sourceTree = "<group>"; };
@@ -935,6 +940,7 @@
C540F775152E4DA000A40C8C /* SimplifyMarkup.mm */,
291861FD17BD4DC700D4E41E /* StopLoadingFromDidFinishLoading.mm */,
E194E1BA177E5145009C4D4E /* StopLoadingFromDidReceiveResponse.mm */,
+ CE32C7C718184C4900CD8C28 /* WillPerformClientRedirectToURLCrash.mm */,
3799AD3914120A43005EB0C6 /* StringByEvaluatingJavaScriptFromString.mm */,
37A6895D148A9B50005100FA /* SubresourceErrorCrash.mm */,
E490296714E2E3A4002BEDD1 /* TypingStyleCrash.mm */,
@@ -962,6 +968,7 @@
1A7E8B351812093600AEB74A /* FragmentNavigation.html */,
9B4F8FA6159D52CA002D9F94 /* HTMLCollectionNamedItem.html */,
9B26FCB4159D15E700CC3765 /* HTMLFormCollectionNamedItem.html */,
+ CE14F1A2181873B0001C2705 /* WillPerformClientRedirectToURLCrash.html */,
C2CF975816CEC69E0054E99D /* JSContextBackForwardCache1.html */,
C2CF975916CEC69E0054E99D /* JSContextBackForwardCache2.html */,
E1220DC9155B287D0013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.html */,
@@ -1139,6 +1146,7 @@
1ADBEFAE130C689C00D61D19 /* ForceRepaint.cpp in Sources */,
BCBD3710125AA2EB00D2C29F /* FrameMIMETypeHTML.cpp in Sources */,
BCBD3761125ABCFE00D2C29F /* FrameMIMETypePNG.cpp in Sources */,
+ CE32C7C818184C4900CD8C28 /* WillPerformClientRedirectToURLCrash.mm in Sources */,
290F427B172A23A500939FF0 /* TestProtocol.mm in Sources */,
1AA9E55914980A9900001A8A /* Functional.cpp in Sources */,
C0C5D3BE14598B6F00A802A6 /* GetBackingScaleFactor.mm in Sources */,
Added: trunk/Tools/TestWebKitAPI/Tests/mac/WillPerformClientRedirectToURLCrash.html (0 => 157957)
--- trunk/Tools/TestWebKitAPI/Tests/mac/WillPerformClientRedirectToURLCrash.html (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/mac/WillPerformClientRedirectToURLCrash.html 2013-10-24 21:40:55 UTC (rev 157957)
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<body>
+<iframe id="frame" src=""
+<script>
+var query = window.location.search;
+if (!query)
+ document.getElementById("frame").src = ""
+else if (query == "?PASS")
+ alert("PASS");
+else
+ alert("FAIL");
+</script>
+</body>
+</html>
Added: trunk/Tools/TestWebKitAPI/Tests/mac/WillPerformClientRedirectToURLCrash.mm (0 => 157957)
--- trunk/Tools/TestWebKitAPI/Tests/mac/WillPerformClientRedirectToURLCrash.mm (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/mac/WillPerformClientRedirectToURLCrash.mm 2013-10-24 21:40:55 UTC (rev 157957)
@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+#import "PlatformUtilities.h"
+#import "WTFStringUtilities.h"
+
+#import <wtf/RetainPtr.h>
+
+static bool testFinished;
+
+static NSURL *testURL()
+{
+ static RetainPtr<NSURL> url = "" mainBundle] URLForResource:@"WillPerformClientRedirectToURLCrash" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+ return url.get();
+}
+
+@interface WebKit1TestDelegate : NSObject
+
++ (WebKit1TestDelegate *)shared;
+
+@end
+
+@implementation WebKit1TestDelegate
+
++ (WebKit1TestDelegate *)shared
+{
+ static WebKit1TestDelegate *sharedTestDelegate = [[WebKit1TestDelegate alloc] init];
+ return sharedTestDelegate;
+}
+
+// MARK: WebFrameLoadDelegate callbacks
+
+- (void)webView:(WebView *)webView willPerformClientRedirectToURL:(NSURL *)URL delay:(NSTimeInterval)seconds fireDate:(NSDate *)date forFrame:(WebFrame *)frame
+{
+ // Start a new load; canceling the scheduled redirect. Should not cause a crash.
+ NSString *url = "" stringWithFormat:@"%@?PASS", testURL()];
+ [frame loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:url]]];
+}
+
+// MARK: WebUIDelegate callbacks
+
+-(void)webView:(WebView *)webView runJavaScriptAlertPanelWithMessage:(NSString *)message initiatedByFrame:(WebFrame *)frame
+{
+ EXPECT_EQ(String("PASS"), String(message));
+ testFinished = true;
+}
+
+@end
+
+namespace TestWebKitAPI {
+
+TEST(WebKit1, WillPerformClientRedirectToURLCrash)
+{
+ @autoreleasepool {
+ RetainPtr<WebView> webView = adoptNS([[WebView alloc] initWithFrame:NSMakeRect(0, 0, 120, 200) frameName:nil groupName:nil]);
+ [webView setFrameLoadDelegate: [WebKit1TestDelegate shared]];
+ [webView setUIDelegate:[WebKit1TestDelegate shared]];
+ [[webView mainFrame] loadRequest:[NSURLRequest requestWithURL:testURL()]];
+ Util::run(&testFinished);
+ }
+}
+
+} // namespace TestWebKitAPI
