Crash applying editing commands from iframe onload event
authorjhoneycutt@apple.com <jhoneycutt@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 25 Apr 2014 20:30:07 +0000 (20:30 +0000)
committerjhoneycutt@apple.com <jhoneycutt@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 25 Apr 2014 20:30:07 +0000 (20:30 +0000)
commit692dc74ff4c9175e630035a5e5ead763c3a7b313
tree181aa6aac4f3f01beae5f351e6eb04f387673871
parent9bcb72bdb26eec2068e72561c86f19749c92ba3a
Crash applying editing commands from iframe onload event

<https://bugs.webkit.org/show_bug.cgi?id=132103>
<rdar://problem/15696351>

Source/WebCore:
This patch merges the Chromium bug workaround from
<http://src.chromium.org/viewvc/blink?revision=162080&view=revision>,
which prevents reentrancy in CompositeEditCommand::apply().

Reviewed by Darin Adler.

Test: editing/apply-style-iframe-crash.html

* editing/CompositeEditCommand.cpp:
(WebCore::HTMLNames::ReentrancyGuard::isRecursiveCall):
(WebCore::HTMLNames::ReentrancyGuard::Scope::Scope):
(WebCore::HTMLNames::ReentrancyGuard::Scope::~Scope):
(WebCore::CompositeEditCommand::apply):
If this is a recursive call, return early.

LayoutTests:
Reviewed by Darin Adler.

* editing/apply-style-iframe-crash-expected.txt: Added.
* editing/apply-style-iframe-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167818 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/editing/apply-style-iframe-crash-expected.txt [new file with mode: 0644]
LayoutTests/editing/apply-style-iframe-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/editing/CompositeEditCommand.cpp