2010-08-12 Maciej Stachowiak <mjs@apple.com>
authormjs@apple.com <mjs@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 13 Aug 2010 03:21:42 +0000 (03:21 +0000)
committermjs@apple.com <mjs@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 13 Aug 2010 03:21:42 +0000 (03:21 +0000)
        Reviewed by Sam Weinig.

        WebKit2 crashes when WebFrame outlives WebPage
        https://bugs.webkit.org/show_bug.cgi?id=43939

        * WebProcess/WebCoreSupport/WebChromeClient.h:
        (WebKit::WebChromeClient::page): Add this method, to allow
        WebFrame to retrieve its WebPage following WebCore pointers.
        * WebProcess/WebPage/WebFrame.cpp:
        (WebKit::WebFrame::WebFrame): Do not initialize m_page (it's gone).
        (WebKit::WebFrame::page): Don't use the data member, get it from
        WebCore.
        (WebKit::WebFrame::invalidate): Use method to get page() and null check.
        (WebKit::WebFrame::isMainFrame): ditto
        * WebProcess/WebPage/WebFrame.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@65292 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebKit2/ChangeLog
WebKit2/WebProcess/WebCoreSupport/WebChromeClient.h
WebKit2/WebProcess/WebPage/WebFrame.cpp
WebKit2/WebProcess/WebPage/WebFrame.h

index f0d6dde..10fdb6b 100644 (file)
@@ -1,3 +1,21 @@
+2010-08-12  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        WebKit2 crashes when WebFrame outlives WebPage
+        https://bugs.webkit.org/show_bug.cgi?id=43939
+
+        * WebProcess/WebCoreSupport/WebChromeClient.h:
+        (WebKit::WebChromeClient::page): Add this method, to allow
+        WebFrame to retrieve its WebPage following WebCore pointers.
+        * WebProcess/WebPage/WebFrame.cpp:
+        (WebKit::WebFrame::WebFrame): Do not initialize m_page (it's gone).
+        (WebKit::WebFrame::page): Don't use the data member, get it from
+        WebCore.
+        (WebKit::WebFrame::invalidate): Use method to get page() and null check.
+        (WebKit::WebFrame::isMainFrame): ditto
+        * WebProcess/WebPage/WebFrame.h:
+
 2010-08-12  Jon Honeycutt  <jhoneycutt@apple.com>
 
         WebKitTestRunner needs to run tests without using native controls
index cc7a35c..9e85c28 100644 (file)
@@ -41,6 +41,7 @@ public:
     {
     }
     
+    WebPage* page() const { return m_page; }
 private:
     virtual void chromeDestroyed();
     
index 0c872c0..6415a45 100644 (file)
 
 #include "InjectedBundleNodeHandle.h"
 #include "InjectedBundleScriptWorld.h"
+#include "WebChromeClient.h"
 #include "WebPage.h"
 #include <JavaScriptCore/APICast.h>
 #include <JavaScriptCore/JSLock.h>
 #include <WebCore/AnimationController.h>
 #include <WebCore/CSSComputedStyleDeclaration.h>
+#include <WebCore/Chrome.h>
 #include <WebCore/Frame.h>
+#include <WebCore/Page.h>
 #include <WebCore/HTMLFrameOwnerElement.h>
 #include <WebCore/JSCSSStyleDeclaration.h>
 #include <WebCore/JSElement.h>
@@ -84,15 +87,14 @@ PassRefPtr<WebFrame> WebFrame::create(WebPage* page, const String& frameName, HT
 }
 
 WebFrame::WebFrame(WebPage* page, const String& frameName, HTMLFrameOwnerElement* ownerElement)
-    : m_page(page)
-    , m_coreFrame(0)
+    : m_coreFrame(0)
     , m_policyListenerID(0)
     , m_policyFunction(0)
     , m_frameLoaderClient(this)
     , m_loadListener(0)
     , m_frameID(generateFrameID())
 {
-    m_page->addWebFrame(m_frameID, this);
+    page->addWebFrame(m_frameID, this);
 
     RefPtr<Frame> frame = Frame::create(page->corePage(), ownerElement, &m_frameLoaderClient);
     m_coreFrame = frame.get();
@@ -120,9 +122,21 @@ WebFrame::~WebFrame()
 #endif
 }
 
+WebPage* WebFrame::page() const
+{ 
+    if (!m_coreFrame)
+        return 0;
+    
+    if (WebCore::Page* page = m_coreFrame->page())
+        return static_cast<WebChromeClient*>(page->chrome()->client())->page();
+
+    return 0;
+}
+
 void WebFrame::invalidate()
 {
-    m_page->removeWebFrame(m_frameID);
+    if (WebPage* p = page())
+        p->removeWebFrame(m_frameID);
     m_coreFrame = 0;
 }
 
@@ -168,7 +182,10 @@ void WebFrame::didReceivePolicyDecision(uint64_t listenerID, PolicyAction action
 
 bool WebFrame::isMainFrame() const
 {
-    return m_page->mainFrame() == this;
+    if (WebPage* p = page())
+        return p->mainFrame() == this;
+
+    return false;
 }
 
 String WebFrame::name() const
index d78044c..0ac0fc7 100644 (file)
@@ -59,7 +59,7 @@ public:
     // Called when the FrameLoaderClient (and therefore the WebCore::Frame) is being torn down.
     void invalidate();
 
-    WebPage* page() const { return m_page; }
+    WebPage* page() const;
     WebCore::Frame* coreFrame() const { return m_coreFrame; }
 
     uint64_t frameID() const { return m_frameID; }
@@ -105,7 +105,6 @@ private:
 
     virtual Type type() const { return APIType; }
 
-    WebPage* m_page;
     WebCore::Frame* m_coreFrame;
 
     uint64_t m_policyListenerID;