[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677

darin darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:16:48 UTC 2009 

The following commit has been merged in the debian/unstable branch:
commit 7ca1166d5f119dd013b9b5fd202a5fb140d95fff
Author: darin <darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Dec 20 21:52:24 2002 +0000

            Reviewed by John.
    
    	- fixed 3132382 -- crash in khtml::CachedImage
    
    	The source of this bug was my long-ago fix to bug 3079499.
    	I changed the code to copy the clients list. But this doesn't work if
    	one of the clients is removed while iterating because it's deleted.
    	So I made a new class, CachedObjectClientWalker, that does the iterating safely.
    	Now both this new bug and the original are fixed.
    
            * khtml/misc/loader.cpp:
            (CachedCSSStyleSheet::checkNotify): Use CachedObjectClientWalker to walk the list.
            (CachedScript::checkNotify): Ditto.
            (CachedImage::do_notify): Ditto.
            (CachedImage::movieStatus): Ditto.
            (CachedImage::checkNotify): Ditto.
            (CachedObjectClientWalker::next): Walk the list using a list iterator, which is
    	safe against the current item being removed. But go that safety one better by making
    	sure you don't miss the item after one that's removed.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@3155 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog-2003-10-25 b/WebCore/ChangeLog-2003-10-25
index 85c9e44..7f948c8 100644
--- a/WebCore/ChangeLog-2003-10-25
+++ b/WebCore/ChangeLog-2003-10-25
@@ -1,3 +1,25 @@
+2002-12-20  Darin Adler  <darin at apple.com>
+
+        Reviewed by John.
+
+	- fixed 3132382 -- crash in khtml::CachedImage
+
+	The source of this bug was my long-ago fix to bug 3079499.
+	I changed the code to copy the clients list. But this doesn't work if
+	one of the clients is removed while iterating because it's deleted.
+	So I made a new class, CachedObjectClientWalker, that does the iterating safely.
+	Now both this new bug and the original are fixed.
+
+        * khtml/misc/loader.cpp:
+        (CachedCSSStyleSheet::checkNotify): Use CachedObjectClientWalker to walk the list.
+        (CachedScript::checkNotify): Ditto.
+        (CachedImage::do_notify): Ditto.
+        (CachedImage::movieStatus): Ditto.
+        (CachedImage::checkNotify): Ditto.
+        (CachedObjectClientWalker::next): Walk the list using a list iterator, which is
+	safe against the current item being removed. But go that safety one better by making
+	sure you don't miss the item after one that's removed.
+
 2002-12-20  Ken Kocienda  <kocienda at apple.com>
 
         Reviewed by Darin
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index 85c9e44..7f948c8 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,25 @@
+2002-12-20  Darin Adler  <darin at apple.com>
+
+        Reviewed by John.
+
+	- fixed 3132382 -- crash in khtml::CachedImage
+
+	The source of this bug was my long-ago fix to bug 3079499.
+	I changed the code to copy the clients list. But this doesn't work if
+	one of the clients is removed while iterating because it's deleted.
+	So I made a new class, CachedObjectClientWalker, that does the iterating safely.
+	Now both this new bug and the original are fixed.
+
+        * khtml/misc/loader.cpp:
+        (CachedCSSStyleSheet::checkNotify): Use CachedObjectClientWalker to walk the list.
+        (CachedScript::checkNotify): Ditto.
+        (CachedImage::do_notify): Ditto.
+        (CachedImage::movieStatus): Ditto.
+        (CachedImage::checkNotify): Ditto.
+        (CachedObjectClientWalker::next): Walk the list using a list iterator, which is
+	safe against the current item being removed. But go that safety one better by making
+	sure you don't miss the item after one that's removed.
+
 2002-12-20  Ken Kocienda  <kocienda at apple.com>
 
         Reviewed by Darin
diff --git a/WebCore/khtml/misc/loader.cpp b/WebCore/khtml/misc/loader.cpp
index a200bc6..98846cf 100644
--- a/WebCore/khtml/misc/loader.cpp
+++ b/WebCore/khtml/misc/loader.cpp
@@ -69,6 +69,17 @@ using namespace DOM;
 static bool cacheDisabled;
 #endif
 
+// Call this "walker" instead of iterator so people won't expect Qt or STL-style iterator interface.
+// Just keep calling next() on this. It's safe from deletions of the current item
+class CachedObjectClientWalker {
+public:
+    CachedObjectClientWalker(const QPtrList<CachedObjectClient> &clients) : _current(0), _iterator(clients) { }
+    CachedObjectClient *next();
+private:
+    CachedObjectClient *_current;
+    QPtrListIterator<CachedObjectClient> _iterator;
+};
+
 CachedObject::~CachedObject()
 {
     if(m_deleted) abort();
@@ -237,10 +248,9 @@ void CachedCSSStyleSheet::checkNotify()
     kdDebug( 6060 ) << "CachedCSSStyleSheet:: finishedLoading " << m_url.string() << endl;
 #endif
 
-    QPtrList<CachedObjectClient> clients(m_clients);
-    CachedObjectClient *c;
-    for ( c = clients.first(); c != 0; c = clients.next() )
-        c->setStyleSheet( m_url, m_sheet );
+    CachedObjectClientWalker w(m_clients);
+    while (CachedObjectClient *c = w.next())
+        c->setStyleSheet(m_url, m_sheet);
 }
 
 
@@ -312,9 +322,8 @@ void CachedScript::checkNotify()
 {
     if(m_loading) return;
 
-    QPtrList<CachedObjectClient> clients(m_clients);
-    CachedObjectClient *c;
-    for ( c = clients.first(); c != 0; c = clients.next() )
+    CachedObjectClientWalker w(m_clients);
+    while (CachedObjectClient *c = w.next())
         c->notifyFinished(this);
 }
 
@@ -695,10 +704,9 @@ QRect CachedImage::valid_rect() const
 
 void CachedImage::do_notify(const QPixmap& p, const QRect& r)
 {
-    QPtrList<CachedObjectClient> clients(m_clients);
-    CachedObjectClient *c;
-    for ( c = clients.first(); c != 0; c = clients.next() )
-        c->setPixmap( p, r, this);
+    CachedObjectClientWalker w(m_clients);
+    while (CachedObjectClient *c = w.next())
+        c->setPixmap(p, r, this);
 }
 
 #if !APPLE_CHANGES
@@ -779,9 +787,8 @@ void CachedImage::movieStatus(int status)
             }
         }
 
-        QPtrList<CachedObjectClient> clients(m_clients);
-	CachedObjectClient *c;
-        for ( c = clients.first(); c != 0; c = clients.next() )
+        CachedObjectClientWalker w(m_clients);
+        while (CachedObjectClient *c = w.next())
             c->notifyFinished(this);
     }
 
@@ -965,13 +972,11 @@ void CachedImage::checkNotify()
 {
     if(m_loading) return;
 
-    QPtrList<CachedObjectClient> clients(m_clients);
-    CachedObjectClient *c;
-    for ( c = clients.first(); c != 0; c = clients.next() )
+    CachedObjectClientWalker w(m_clients);
+    while (CachedObjectClient *c = w.next())
         c->notifyFinished(this);
 }
 
-
 // ------------------------------------------------------------------------------------------
 
 Request::Request(DocLoader* dl, CachedObject *_object, bool _incremental)
@@ -1944,11 +1949,23 @@ bool Cache::adjustSize(CachedObject *object, int delta)
 
 // --------------------------------------
 
+CachedObjectClient *CachedObjectClientWalker::next()
+{
+    // Only advance if we already returned this item.
+    // This handles cases where the current item is removed, and prevents us from skipping the next item.
+    // The iterator automatically gets advanced to the next item, and we make sure we return it.
+    if (_current == _iterator.current())
+        ++_iterator;
+    _current = _iterator.current();
+    return _current;
+}
+
+// --------------------------------------
+
 void CachedObjectClient::setPixmap(const QPixmap &, const QRect&, CachedImage *) {}
 void CachedObjectClient::setStyleSheet(const DOM::DOMString &/*url*/, const DOM::DOMString &/*sheet*/) {}
 void CachedObjectClient::notifyFinished(CachedObject * /*finishedObj*/) {}
 
-
 #include "loader.moc"
 
 

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list