[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
sullivan
sullivan at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 08:19:23 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit 851f79ccfdc29c571244019335f4e638349cd2bf
Author: sullivan <sullivan at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Dec 16 19:33:46 2003 +0000
fixed <rdar://problem/3482852>: oft-seen, non-repro, nil-deref in
HTMLTokenizer::notifyFinished (snapfish.com, etc.)
At least one of the dupes of this bug is a separate (still reproducible) issue;
I'll clone it back to life and test the others.
Reviewed by Darin.
* khtml/html/htmltokenizer.cpp:
(HTMLTokenizer::notifyFinished):
Move check of cachedScript.isEmpty() until after scriptExecution()
call, because cachedScript.isEmpty() value can be changed by that call.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@5805 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index 4b51a7f..3206ffd 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,18 @@
+2003-12-16 John Sullivan <sullivan at apple.com>
+
+ fixed <rdar://problem/3482852>: oft-seen, non-repro, nil-deref in
+ HTMLTokenizer::notifyFinished (snapfish.com, etc.)
+
+ At least one of the dupes of this bug is a separate (still reproducible) issue;
+ I'll clone it back to life and test the others.
+
+ Reviewed by Darin.
+
+ * khtml/html/htmltokenizer.cpp:
+ (HTMLTokenizer::notifyFinished):
+ Move check of cachedScript.isEmpty() until after scriptExecution()
+ call, because cachedScript.isEmpty() value can be changed by that call.
+
2003-12-15 David Hyatt <hyatt at apple.com>
Fix for 3508807, positions/sizes wrong for text elts and multi-line elts for accessibility.
diff --git a/WebCore/khtml/html/htmltokenizer.cpp b/WebCore/khtml/html/htmltokenizer.cpp
index 9c222d4..7891436 100644
--- a/WebCore/khtml/html/htmltokenizer.cpp
+++ b/WebCore/khtml/html/htmltokenizer.cpp
@@ -1809,8 +1809,6 @@ void HTMLTokenizer::notifyFinished(CachedObject */*finishedObj*/)
kdDebug( 6036 ) << "Finished loading an external script" << endl;
#endif
CachedScript* cs = cachedScript.dequeue();
- finished = cachedScript.isEmpty();
- if (finished) loadingExtScript = false;
DOMString scriptSource = cs->script();
#ifdef TOKEN_DEBUG
kdDebug( 6036 ) << "External script is:" << endl << scriptSource.string() << endl;
@@ -1823,6 +1821,10 @@ void HTMLTokenizer::notifyFinished(CachedObject */*finishedObj*/)
cs->deref(this);
scriptExecution( scriptSource.string(), cachedScriptUrl );
+ // cachedScript.isEmpty() can change inside the scriptExecution() call above,
+ // so don't test it until afterwards.
+ finished = cachedScript.isEmpty();
+ if (finished) loadingExtScript = false;
// 'script' is true when we are called synchronously from
// parseScript(). In that case parseScript() will take care
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list