Title: [183729] trunk/Source/WebCore
- Revision
- 183729
- Author
- [email protected]
- Date
- 2015-05-03 02:54:35 -0700 (Sun, 03 May 2015)
Log Message
[GTK] API tests crashing on debug builds due to extra unref
https://bugs.webkit.org/show_bug.cgi?id=144508
Reviewed by Mario Sanchez Prada.
The problem is that we were assuming that when a new DOMWindow is
created, the DOM object cache was notified about the previous
DOMWindow being destroyed before objects for the new DOMWindow are
added to the cache. However, that's not always the case and we
only create a DOMWindowObserver for the first DOMWindow. We need
to keep a pointer to the DOMWindow being observed to clear() the
cache and create a new DOMWindowObserver when it changes in the
Frame.
Fixes crashes in several unit tests in debug builds.
* bindings/gobject/DOMObjectCache.cpp:
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (183728 => 183729)
--- trunk/Source/WebCore/ChangeLog 2015-05-03 07:48:58 UTC (rev 183728)
+++ trunk/Source/WebCore/ChangeLog 2015-05-03 09:54:35 UTC (rev 183729)
@@ -1,3 +1,23 @@
+2015-05-03 Carlos Garcia Campos <[email protected]>
+
+ [GTK] API tests crashing on debug builds due to extra unref
+ https://bugs.webkit.org/show_bug.cgi?id=144508
+
+ Reviewed by Mario Sanchez Prada.
+
+ The problem is that we were assuming that when a new DOMWindow is
+ created, the DOM object cache was notified about the previous
+ DOMWindow being destroyed before objects for the new DOMWindow are
+ added to the cache. However, that's not always the case and we
+ only create a DOMWindowObserver for the first DOMWindow. We need
+ to keep a pointer to the DOMWindow being observed to clear() the
+ cache and create a new DOMWindowObserver when it changes in the
+ Frame.
+
+ Fixes crashes in several unit tests in debug builds.
+
+ * bindings/gobject/DOMObjectCache.cpp:
+
2015-05-03 Alexey Proskuryakov <[email protected]>
Remove timer alignment logging that I added earler today.
Modified: trunk/Source/WebCore/bindings/gobject/DOMObjectCache.cpp (183728 => 183729)
--- trunk/Source/WebCore/bindings/gobject/DOMObjectCache.cpp 2015-05-03 07:48:58 UTC (rev 183728)
+++ trunk/Source/WebCore/bindings/gobject/DOMObjectCache.cpp 2015-05-03 09:54:35 UTC (rev 183729)
@@ -100,8 +100,12 @@
{
ASSERT(!m_objects.contains(&data));
- if (!m_domWindowObserver && m_frame->document()->domWindow())
- m_domWindowObserver = std::make_unique<DOMWindowObserver>(*m_frame, *this);
+ WebCore::DOMWindow* domWindow = m_frame->document()->domWindow();
+ if (domWindow && (!m_domWindowObserver || m_domWindowObserver->domWindow() != domWindow)) {
+ // New DOMWindow, clear the cache and create a new DOMWindowObserver.
+ clear();
+ m_domWindowObserver = std::make_unique<DOMWindowObserver>(*m_frame, *this, domWindow);
+ }
m_objects.append(&data);
g_object_weak_ref(data.object, DOMObjectCacheFrameObserver::objectFinalizedCallback, this);
@@ -111,16 +115,20 @@
class DOMWindowObserver final: public WebCore::DOMWindowProperty {
WTF_MAKE_FAST_ALLOCATED;
public:
- DOMWindowObserver(WebCore::Frame& frame, DOMObjectCacheFrameObserver& frameObserver)
+ DOMWindowObserver(WebCore::Frame& frame, DOMObjectCacheFrameObserver& frameObserver, WebCore::DOMWindow* window)
: DOMWindowProperty(&frame)
, m_frameObserver(frameObserver)
+ , m_domWindow(window)
{
+ ASSERT(m_domWindow);
}
virtual ~DOMWindowObserver()
{
}
+ WebCore::DOMWindow* domWindow() const { return m_domWindow; }
+
private:
virtual void willDetachGlobalObjectFromFrame() override
{
@@ -130,6 +138,7 @@
}
DOMObjectCacheFrameObserver& m_frameObserver;
+ WebCore::DOMWindow* m_domWindow;
};
static void objectFinalizedCallback(gpointer userData, GObject* finalizedObject)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
