Skip to site navigation (Press enter)

[webkit-changes] [167819] trunk/Tools

msaboff Fri, 25 Apr 2014 13:35:26 -0700

Title: [167819] trunk/Tools

Revision: 167819
Author: [email protected]
Date: 2014-04-25 13:34:47 -0700 (Fri, 25 Apr 2014)

Log Message

Crash in platform/mac/accessibility/table-visible-rows.html
https://bugs.webkit.org/show_bug.cgi?id=132146


Reviewed by Mark Lam.

Changed to use a local JSValueRef array temporary instead of a
std::make_unique<JSValueRef[]> when making an array of JSValues so that the temporary
JSValues are visited during garbage collection when the stack is scanned.  Otherwise,
the temporary values could be collected.

* DumpRenderTree/AccessibilityUIElement.cpp:
(convertElementsToObjectArray):
* WebKitTestRunner/InjectedBundle/EventSendingController.cpp:
(WTR::EventSendingController::contextClick):
* WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm:
(WTR::convertElementsToObjectArray):

Modified Paths

trunk/Tools/ChangeLog
trunk/Tools/DumpRenderTree/AccessibilityUIElement.cpp
trunk/Tools/WebKitTestRunner/InjectedBundle/EventSendingController.cpp
trunk/Tools/WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm

Diff

Modified: trunk/Tools/ChangeLog (167818 => 167819)


--- trunk/Tools/ChangeLog	2014-04-25 20:30:07 UTC (rev 167818)
+++ trunk/Tools/ChangeLog	2014-04-25 20:34:47 UTC (rev 167819)
@@ -1,3 +1,22 @@
+2014-04-25  Michael Saboff  <[email protected]>
+
+        Crash in platform/mac/accessibility/table-visible-rows.html
+        https://bugs.webkit.org/show_bug.cgi?id=132146
+
+        Reviewed by Mark Lam.
+
+        Changed to use a local JSValueRef array temporary instead of a
+        std::make_unique<JSValueRef[]> when making an array of JSValues so that the temporary
+        JSValues are visited during garbage collection when the stack is scanned.  Otherwise,
+        the temporary values could be collected.
+
+        * DumpRenderTree/AccessibilityUIElement.cpp:
+        (convertElementsToObjectArray):
+        * WebKitTestRunner/InjectedBundle/EventSendingController.cpp:
+        (WTR::EventSendingController::contextClick):
+        * WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm:
+        (WTR::convertElementsToObjectArray):
+
 2014-04-24  Eduardo Lima Mitev  <[email protected]>
 
         Unreviewed GTK gardening

Modified: trunk/Tools/DumpRenderTree/AccessibilityUIElement.cpp (167818 => 167819)


--- trunk/Tools/DumpRenderTree/AccessibilityUIElement.cpp	2014-04-25 20:30:07 UTC (rev 167818)
+++ trunk/Tools/DumpRenderTree/AccessibilityUIElement.cpp	2014-04-25 20:34:47 UTC (rev 167819)
@@ -519,11 +519,11 @@
 static JSValueRef convertElementsToObjectArray(JSContextRef context, Vector<AccessibilityUIElement>& elements, JSValueRef* exception)
 {
     size_t elementCount = elements.size();
-    auto valueElements = std::make_unique<JSValueRef[]>(elementCount);
+    JSValueRef valueElements[elementCount];
     for (size_t i = 0; i < elementCount; ++i)
         valueElements[i] = AccessibilityUIElement::makeJSAccessibilityUIElement(context, elements[i]);
     
-    return JSObjectMakeArray(context, elementCount, valueElements.get(), exception);
+    return JSObjectMakeArray(context, elementCount, valueElements, exception);
 }
 
 static JSValueRef columnHeadersCallback(JSContextRef context, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)

Modified: trunk/Tools/WebKitTestRunner/InjectedBundle/EventSendingController.cpp (167818 => 167819)


--- trunk/Tools/WebKitTestRunner/InjectedBundle/EventSendingController.cpp	2014-04-25 20:30:07 UTC (rev 167818)
+++ trunk/Tools/WebKitTestRunner/InjectedBundle/EventSendingController.cpp	2014-04-25 20:34:47 UTC (rev 167819)
@@ -438,7 +438,7 @@
 
     WKRetainPtr<WKArrayRef> menuEntries = adoptWK(WKBundlePageCopyContextMenuItems(page));
     size_t entriesSize = WKArrayGetSize(menuEntries.get());
-    auto jsValuesArray = std::make_unique<JSValueRef[]>(entriesSize);
+    JSValueRef jsValuesArray[entriesSize];
     for (size_t i = 0; i < entriesSize; ++i) {
         ASSERT(WKGetTypeID(WKArrayGetItemAtIndex(menuEntries.get(), i)) == WKContextMenuItemGetTypeID());
 
@@ -447,7 +447,7 @@
         jsValuesArray[i] = JSObjectMake(context, getMenuItemClass(), privateData);
     }
 
-    return JSObjectMakeArray(context, entriesSize, jsValuesArray.get(), 0);
+    return JSObjectMakeArray(context, entriesSize, jsValuesArray, 0);
 #else
     return JSValueMakeUndefined(context);
 #endif

Modified: trunk/Tools/WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm (167818 => 167819)


--- trunk/Tools/WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm	2014-04-25 20:30:07 UTC (rev 167818)
+++ trunk/Tools/WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm	2014-04-25 20:34:47 UTC (rev 167819)
@@ -179,11 +179,11 @@
 static JSValueRef convertElementsToObjectArray(JSContextRef context, Vector<RefPtr<AccessibilityUIElement>>& elements)
 {
     size_t elementCount = elements.size();
-    auto valueElements = std::make_unique<JSValueRef[]>(elementCount);
+    JSValueRef valueElements[elementCount];
     for (size_t i = 0; i < elementCount; ++i)
         valueElements[i] = JSObjectMake(context, elements[i]->wrapperClass(), elements[i].get());
     
-    return JSObjectMakeArray(context, elementCount, valueElements.get(), nullptr);
+    return JSObjectMakeArray(context, elementCount, valueElements, nullptr);
 }
 
 static JSStringRef concatenateAttributeAndValue(NSString* attribute, NSString* value)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes