[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
trey
trey at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:11:32 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit 266af2d5e41c760a0e628c9c1f88f0e388fb17c8
Author: trey <trey at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Dec 5 00:19:07 2002 +0000
3097585 - Crash in -[WebFrame(WebPrivate) _isLoadComplete] at result of google image search
The root of this problem was that we would detach child frames by calling detach
on them all, then clearing the whole array. This would fail because detaching a
frame might have to stop a load, which calls checkLoadComplete, which visits the
entire frame tree. But if a previously detached child is still sitting in that
tree, we end up with an assertion failure. The solution is to remove the kids as
they are detached.
Reviewed by: Darin Adler
* WebView.subproj/WebFramePrivate.m:
(-[WebFrame _createItem]): Method rename (a nit I missed from an earlier change)
(-[WebFrame _createItemTreeWithTargetFrame:clippedAtTarget:]): Method rename
(-[WebFrame _detachChildren]): new method to do detaching right
(-[WebFrame _detachFromParent]): call new method
(-[WebFrame _setDataSource:]): call new method
(-[WebFrame _transitionToCommitted:]): Method rename
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@2936 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebKit/ChangeLog b/WebKit/ChangeLog
index deedbed..0f5ac0d 100644
--- a/WebKit/ChangeLog
+++ b/WebKit/ChangeLog
@@ -1,3 +1,24 @@
+2002-12-04 Trey Matteson <trey at apple.com>
+
+ 3097585 - Crash in -[WebFrame(WebPrivate) _isLoadComplete] at result of google image search
+
+ The root of this problem was that we would detach child frames by calling detach
+ on them all, then clearing the whole array. This would fail because detaching a
+ frame might have to stop a load, which calls checkLoadComplete, which visits the
+ entire frame tree. But if a previously detached child is still sitting in that
+ tree, we end up with an assertion failure. The solution is to remove the kids as
+ they are detached.
+
+ Reviewed by: Darin Adler
+
+ * WebView.subproj/WebFramePrivate.m:
+ (-[WebFrame _createItem]): Method rename (a nit I missed from an earlier change)
+ (-[WebFrame _createItemTreeWithTargetFrame:clippedAtTarget:]): Method rename
+ (-[WebFrame _detachChildren]): new method to do detaching right
+ (-[WebFrame _detachFromParent]): call new method
+ (-[WebFrame _setDataSource:]): call new method
+ (-[WebFrame _transitionToCommitted:]): Method rename
+
2002-12-04 Darin Adler <darin at apple.com>
Reviewed by Trey and Maciej.
diff --git a/WebKit/WebView.subproj/WebFramePrivate.m b/WebKit/WebView.subproj/WebFramePrivate.m
index 92bbc34..083c00f 100644
--- a/WebKit/WebView.subproj/WebFramePrivate.m
+++ b/WebKit/WebView.subproj/WebFramePrivate.m
@@ -121,7 +121,7 @@ static const char * const loadTypeNames[] = {
- (WebController *)controller { return controller; }
- (void)setController: (WebController *)c
-{
+{
controller = c; // not retained (yet)
}
@@ -176,7 +176,7 @@ static const char * const loadTypeNames[] = {
return bfItem;
}
-- (WebHistoryItem *)_createOrUpdateItem
+- (WebHistoryItem *)_createItem
{
WebDataSource *dataSrc = [self dataSource];
NSURL *url = [[dataSrc request] URL];
@@ -198,7 +198,7 @@ static const char * const loadTypeNames[] = {
*/
- (WebHistoryItem *)_createItemTreeWithTargetFrame:(WebFrame *)targetFrame clippedAtTarget:(BOOL)doClip
{
- WebHistoryItem *bfItem = [self _createOrUpdateItem];
+ WebHistoryItem *bfItem = [self _createItem];
[self _saveScrollPositionToItem:[_private previousItem]];
if (!(doClip && self == targetFrame)) {
@@ -258,6 +258,22 @@ static const char * const loadTypeNames[] = {
[self _detachFromParent];
}
+- (void)_detachChildren
+{
+ // Note we have to be careful to remove the kids as we detach each one,
+ // since detaching stops loading, which checks loadComplete, which runs the whole
+ // frame tree, at which point we don't want to trip on already detached kids.
+ if (_private->children) {
+ int i;
+ for (i = [_private->children count]-1; i >=0; i--) {
+ [[_private->children objectAtIndex:i] _detachFromParent];
+ [_private->children removeObjectAtIndex:i];
+ }
+ [_private->children release];
+ _private->children = nil;
+ }
+}
+
- (void)_detachFromParent
{
WebBridge *bridge = _private->bridge;
@@ -268,8 +284,8 @@ static const char * const loadTypeNames[] = {
[bridge closeURL];
- [[self children] makeObjectsPerformSelector:@selector(_detachFromParent)];
-
+ [self _detachChildren];
+
[_private setController:nil];
[_private->webView _setController:nil];
[_private->dataSource _setController:nil];
@@ -298,9 +314,7 @@ static const char * const loadTypeNames[] = {
[_private->bridge removeFromFrame];
}
- [[self children] makeObjectsPerformSelector:@selector(_detachFromParent)];
- [_private->children release];
- _private->children = nil;
+ [self _detachChildren];
[_private setDataSource:ds];
[ds _setController:[self controller]];
@@ -498,7 +512,7 @@ static const char * const loadTypeNames[] = {
case WebFrameLoadTypeInternal:
{ // braces because the silly compiler lets you declare vars everywhere but here?!
// Add an item to the item tree for this frame
- WebHistoryItem *item = [self _createOrUpdateItem];
+ WebHistoryItem *item = [self _createItem];
ASSERT([[self parent]->_private currentItem]);
[[[self parent]->_private currentItem] addChildItem:item];
[[self webView] _makeDocumentViewForDataSource:ds];
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list