[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677

sullivan sullivan at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 08:19:23 UTC 2009 

The following commit has been merged in the debian/unstable branch:
commit 851f79ccfdc29c571244019335f4e638349cd2bf
Author: sullivan <sullivan at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Dec 16 19:33:46 2003 +0000

            fixed <rdar://problem/3482852>: oft-seen, non-repro, nil-deref in
            HTMLTokenizer::notifyFinished (snapfish.com, etc.)
    
            At least one of the dupes of this bug is a separate (still reproducible) issue;
            I'll clone it back to life and test the others.
    
            Reviewed by Darin.
    
            * khtml/html/htmltokenizer.cpp:
            (HTMLTokenizer::notifyFinished):
            Move check of cachedScript.isEmpty() until after scriptExecution()
            call, because cachedScript.isEmpty() value can be changed by that call.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@5805 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index 4b51a7f..3206ffd 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,18 @@
+2003-12-16  John Sullivan  <sullivan at apple.com>
+
+        fixed <rdar://problem/3482852>: oft-seen, non-repro, nil-deref in 
+        HTMLTokenizer::notifyFinished (snapfish.com, etc.)
+        
+        At least one of the dupes of this bug is a separate (still reproducible) issue;
+        I'll clone it back to life and test the others.
+
+        Reviewed by Darin.
+
+        * khtml/html/htmltokenizer.cpp:
+        (HTMLTokenizer::notifyFinished):
+        Move check of cachedScript.isEmpty() until after scriptExecution()
+        call, because cachedScript.isEmpty() value can be changed by that call.
+
 2003-12-15  David Hyatt  <hyatt at apple.com>
 
 	Fix for 3508807, positions/sizes wrong for text elts and multi-line elts for accessibility.
diff --git a/WebCore/khtml/html/htmltokenizer.cpp b/WebCore/khtml/html/htmltokenizer.cpp
index 9c222d4..7891436 100644
--- a/WebCore/khtml/html/htmltokenizer.cpp
+++ b/WebCore/khtml/html/htmltokenizer.cpp
@@ -1809,8 +1809,6 @@ void HTMLTokenizer::notifyFinished(CachedObject */*finishedObj*/)
         kdDebug( 6036 ) << "Finished loading an external script" << endl;
 #endif
         CachedScript* cs = cachedScript.dequeue();
-        finished = cachedScript.isEmpty();
-        if (finished) loadingExtScript = false;
         DOMString scriptSource = cs->script();
 #ifdef TOKEN_DEBUG
         kdDebug( 6036 ) << "External script is:" << endl << scriptSource.string() << endl;
@@ -1823,6 +1821,10 @@ void HTMLTokenizer::notifyFinished(CachedObject */*finishedObj*/)
         cs->deref(this);
 
 	scriptExecution( scriptSource.string(), cachedScriptUrl );
+        // cachedScript.isEmpty() can change inside the scriptExecution() call above,
+        // so don't test it until afterwards.
+        finished = cachedScript.isEmpty();
+        if (finished) loadingExtScript = false;
 
         // 'script' is true when we are called synchronously from
         // parseScript(). In that case parseScript() will take care

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list