WebCore:
authorbdakin <bdakin@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 25 Jan 2007 04:17:24 +0000 (04:17 +0000)
committerbdakin <bdakin@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 25 Jan 2007 04:17:24 +0000 (04:17 +0000)
        Reviewed by Geoff.

        Fix for <rdar://problem/4948128> REGRESSION: A crash occurs at
        WebCore::Frame::view() after completing a query at mapquest.com
        then switching to Bookmarks view

        This is just a null-check. If you are in strict mode and ask for
        the clientWidth or clientHeight after the document was removed from
        it's parent, we no longer have a frameView, so we have to null-
        check it. I added null checks for the FrameView in some other
        places where it seems like we could potentially run into this
        issue.

LayoutTests:
        Reviewed by Geoff.

        Test for <rdar://problem/4948128> REGRESSION: A crash occurs at
        WebCore::Frame::view() after completing a query at mapquest.com
        then switching to Bookmarks view

        * fast/dom/clientWidthAfterDocumentIsRemoved-expected.checksum: Added.
        * fast/dom/clientWidthAfterDocumentIsRemoved-expected.png: Added.
        * fast/dom/clientWidthAfterDocumentIsRemoved-expected.txt: Added.
        * fast/dom/clientWidthAfterDocumentIsRemoved.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@19100 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/dom/clientWidthAfterDocumentIsRemoved-expected.checksum [new file with mode: 0644]
LayoutTests/fast/dom/clientWidthAfterDocumentIsRemoved-expected.png [new file with mode: 0644]
LayoutTests/fast/dom/clientWidthAfterDocumentIsRemoved-expected.txt [new file with mode: 0644]
LayoutTests/fast/dom/clientWidthAfterDocumentIsRemoved.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/bindings/objc/DOMHTML.mm
WebCore/bridge/mac/WebCoreAXObject.mm
WebCore/dom/ContainerNode.cpp
WebCore/dom/Element.cpp
WebCore/ksvg2/svg/SVGLength.cpp
WebCore/loader/FrameLoader.cpp
WebCore/page/mac/WebCoreFrameBridge.mm
WebCore/rendering/RenderLayer.cpp
WebCore/rendering/RenderListBox.cpp
WebCore/rendering/RenderTable.cpp

index e2f2c69..fa3ed34 100644 (file)
@@ -1,3 +1,16 @@
+2007-01-24  Beth Dakin  <bdakin@apple.com>
+
+        Reviewed by Geoff.
+
+        Test for <rdar://problem/4948128> REGRESSION: A crash occurs at 
+        WebCore::Frame::view() after completing a query at mapquest.com 
+        then switching to Bookmarks view
+
+        * fast/dom/clientWidthAfterDocumentIsRemoved-expected.checksum: Added.
+        * fast/dom/clientWidthAfterDocumentIsRemoved-expected.png: Added.
+        * fast/dom/clientWidthAfterDocumentIsRemoved-expected.txt: Added.
+        * fast/dom/clientWidthAfterDocumentIsRemoved.html: Added.
+
 2007-01-24  Anders Carlsson  <acarlsson@apple.com>
 
         Reviewed by Geoff and Adam.
diff --git a/LayoutTests/fast/dom/clientWidthAfterDocumentIsRemoved-expected.checksum b/LayoutTests/fast/dom/clientWidthAfterDocumentIsRemoved-expected.checksum
new file mode 100644 (file)
index 0000000..7bb0ff9
--- /dev/null
@@ -0,0 +1 @@
+8209202c03a1a3c14187d06b28d16299
\ No newline at end of file
diff --git a/LayoutTests/fast/dom/clientWidthAfterDocumentIsRemoved-expected.png b/LayoutTests/fast/dom/clientWidthAfterDocumentIsRemoved-expected.png
new file mode 100644 (file)
index 0000000..66c723b
Binary files /dev/null and b/LayoutTests/fast/dom/clientWidthAfterDocumentIsRemoved-expected.png differ
diff --git a/LayoutTests/fast/dom/clientWidthAfterDocumentIsRemoved-expected.txt b/LayoutTests/fast/dom/clientWidthAfterDocumentIsRemoved-expected.txt
new file mode 100644 (file)
index 0000000..d70c5f9
--- /dev/null
@@ -0,0 +1,17 @@
+layer at (0,0) size 800x600
+  RenderView at (0,0) size 800x600
+layer at (0,0) size 800x600
+  RenderBlock {HTML} at (0,0) size 800x600
+    RenderBody {BODY} at (8,8) size 784x584
+      RenderBlock {P} at (0,0) size 784x18
+        RenderText {#text} at (0,0) size 212x18
+          text run at (0,0) width 212: "This test passes if it doesn't crash!"
+      RenderBlock (anonymous) at (0,34) size 784x150
+        RenderPartObject {IFRAME} at (0,0) size 300x150
+          layer at (0,0) size 300x150
+            RenderView at (0,0) size 300x150
+          layer at (0,0) size 300x8
+            RenderBlock {HTML} at (0,0) size 300x8
+              RenderBody {BODY} at (8,8) size 284x0
+        RenderText {#text} at (0,0) size 0x0
+        RenderText {#text} at (0,0) size 0x0
diff --git a/LayoutTests/fast/dom/clientWidthAfterDocumentIsRemoved.html b/LayoutTests/fast/dom/clientWidthAfterDocumentIsRemoved.html
new file mode 100644 (file)
index 0000000..b13961f
--- /dev/null
@@ -0,0 +1,16 @@
+<p>This test passes if it doesn't crash!</p>
+
+<iframe id="onlybear" 
+        src="data:text/html, <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.0//EN' 'http://www.w3.org/TR/html4/strict.dtd'><html></html>"
+>
+</iframe>
+
+<script>
+window.onload = function() {
+    var iframe = document.getElementById("onlybear");
+    var doc = iframe.contentDocument;
+    iframe.parentNode.removeChild(iframe);
+    doc.documentElement.clientWidth;
+    doc.documentElement.clientHeight;
+}
+</script>
index 107fce9..6267665 100644 (file)
@@ -1,3 +1,42 @@
+2007-01-24  Beth Dakin  <bdakin@apple.com>
+
+        Reviewed by Geoff.
+
+        Fix for <rdar://problem/4948128> REGRESSION: A crash occurs at 
+        WebCore::Frame::view() after completing a query at mapquest.com 
+        then switching to Bookmarks view
+
+        This is just a null-check. If you are in strict mode and ask for 
+        the clientWidth or clientHeight after the document was removed from 
+        it's parent, we no longer have a frameView, so we have to null-
+        check it. I added null checks for the FrameView in some other 
+        places where it seems like we could potentially run into this 
+        issue.
+
+        * bindings/objc/DOMHTML.mm:
+        (-[DOMHTMLInputElement _rectOnScreen]):
+        * bridge/mac/WebCoreAXObject.mm:
+        (-[WebCoreAXObject accessibilityAttributeValue:]):
+        * dom/ContainerNode.cpp:
+        (WebCore::ContainerNode::getUpperLeftCorner):
+        * dom/Element.cpp:
+        (WebCore::Element::clientWidth): Actual bug fix here!
+        (WebCore::Element::clientHeight): And here!
+        * ksvg2/svg/SVGLength.cpp:
+        (WebCore::SVGLength::PercentageOfViewport):
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::createJavaAppletWidget):
+        * page/mac/WebCoreFrameBridge.mm:
+        (-[WebCoreFrameBridge computePageRectsWithPrintWidthScaleFactor:printHeight:]):
+        * rendering/RenderLayer.cpp:
+        (WebCore::RenderLayer::windowClipRect):
+        (WebCore::RenderLayer::updateOverflowStatus):
+        (WebCore::frameVisibleRect):
+        * rendering/RenderListBox.cpp:
+        (WebCore::RenderListBox::windowClipRect):
+        * rendering/RenderTable.cpp:
+        (WebCore::RenderTable::layout):
+
 2007-01-24  Maciej Stachowiak  <mjs@apple.com>
 
         Not reviewed, just removing accidentally committed file.
index 96cb01d..675f0a9 100644 (file)
 - (NSRect)_rectOnScreen
 {
     // Returns bounding rect of text field, in screen coordinates.
-    NSView* view = [self _HTMLInputElement]->document()->view()->getDocumentView();
     NSRect result = [self boundingBox];
+    if (![self _HTMLInputElement]->document()->view())
+        return result;
+
+    NSView* view = [self _HTMLInputElement]->document()->view()->getDocumentView();
     result = [view convertRect:result toView:nil];
     result.origin = [[view window] convertBaseToScreen:result.origin];
     return result;
index ccbbea7..b3bcf06 100644 (file)
@@ -1094,7 +1094,10 @@ static IntRect boundingBoxRect(RenderObject* obj)
         // Trouble is we need to know which document view to ask.
         Selection selection = [self topView]->frame()->selectionController()->selection();
         if (selection.isNone()) {
-            selection = m_renderer->document()->renderer()->view()->frameView()->frame()->selectionController()->selection();
+            FrameView* view = m_renderer->document()->renderer()->view()->frameView();
+            if (!view)
+                return nil;
+            selection = view->frame()->selectionController()->selection();
             if (selection.isNone())
                 return nil;
         }
index 6a716c8..a8b82dd 100644 (file)
@@ -715,7 +715,7 @@ bool ContainerNode::getUpperLeftCorner(int &xPos, int &yPos) const
     
     // If the target doesn't have any children or siblings that could be used to calculate the scroll position, we must be
     // at the end of the document.  Scroll to the bottom.
-    if (!o) {
+    if (!o && document()->view()) {
         yPos += document()->view()->contentsHeight();
         return true;
     }
index 8e469a4..77998ce 100644 (file)
@@ -251,7 +251,8 @@ int Element::clientWidth()
     // When in strict mode, clientWidth for the document
     // element should return the width of the containing frame.
     if (!document()->inCompatMode() && document()->documentElement() == this)
-        return document()->frame()->view()->visibleWidth();
+        if (FrameView* view = document()->view())
+            return view->visibleWidth();
     
     if (RenderObject* rend = renderer())
         return rend->clientWidth();
@@ -265,7 +266,8 @@ int Element::clientHeight()
     // When in strict mode, clientHeight for the document
     // element should return the height of the containing frame.
     if (!document()->inCompatMode() && document()->documentElement() == this)
-        return document()->frame()->view()->visibleHeight();
+        if (FrameView* view = document()->view())
+            return view->visibleHeight();
     
     if (RenderObject* rend = renderer())
         return rend->clientHeight();
index d21a8be..1c06643 100644 (file)
@@ -280,7 +280,7 @@ float SVGLength::PercentageOfViewport(float value, const SVGStyledElement* conte
     if (doc->documentElement() == context) {
         // We have to ask the canvas for the full "canvas size"...
         RenderView* view = static_cast<RenderView*>(doc->renderer());
-        if (view) {
+        if (view && view->frameView()) {
             width = view->frameView()->visibleWidth(); // TODO: recheck!
             height = view->frameView()->visibleHeight(); // TODO: recheck!
          }
index d4a3148..36cb136 100644 (file)
@@ -4270,7 +4270,7 @@ Widget* FrameLoader::createJavaAppletWidget(const IntSize& size, Element* elemen
     KURL baseURL = completeURL(baseURLString);
 
     Widget* widget = m_client->createJavaAppletWidget(size, element, baseURL, paramNames, paramValues);
-    if(widget)
+    if(widget && m_frame->view())
         m_frame->view()->addChild(widget);
     return widget;
 }
index 651bf84..92eb9b9 100644 (file)
@@ -435,6 +435,9 @@ static inline WebCoreFrameBridge *bridge(Frame *frame)
     if (!root) return pages;
     
     FrameView* view = m_frame->view();
+    if (!view)
+        return pages;
+
     NSView* documentView = view->getDocumentView();
     if (!documentView)
         return pages;
index f7a6145..ad60e5a 100644 (file)
@@ -979,7 +979,10 @@ void RenderLayer::valueChanged(Scrollbar*)
 
 IntRect RenderLayer::windowClipRect() const
 {
-    return renderer()->view()->frameView()->windowClipRectForLayer(this, false);
+    FrameView* frameView = renderer()->view()->frameView();
+    if (!frameView)
+        return IntRect();
+    return frameView->windowClipRectForLayer(this, false);
 }
 
 PassRefPtr<Scrollbar> RenderLayer::createScrollbar(ScrollbarOrientation orientation)
@@ -1160,8 +1163,8 @@ void RenderLayer::updateOverflowStatus(bool horizontalOverflow, bool verticalOve
         m_horizontalOverflow = horizontalOverflow;
         m_verticalOverflow = verticalOverflow;
         
-        m_object->element()->document()->view()->scheduleEvent
-            (new OverflowEvent(horizontalOverflowChanged, horizontalOverflow, verticalOverflowChanged, verticalOverflow),
+        if (FrameView* frameView = m_object->element()->document()->view())
+            frameView->scheduleEvent(new OverflowEvent(horizontalOverflowChanged, horizontalOverflow, verticalOverflowChanged, verticalOverflow),
             EventTargetNodeCast(m_object->element()), true);
     }
 }
@@ -1475,7 +1478,11 @@ RenderLayer::paintLayer(RenderLayer* rootLayer, GraphicsContext* p,
 
 static inline IntRect frameVisibleRect(RenderObject* renderer)
 {
-    return enclosingIntRect(renderer->document()->frame()->view()->visibleContentRect());
+    FrameView* frameView = renderer->document()->view();
+    if (!frameView)
+        return IntRect();
+
+    return enclosingIntRect(frameView->visibleContentRect());
 }
 
 bool RenderLayer::hitTest(const HitTestRequest& request, HitTestResult& result)
index 0f63575..f327672 100644 (file)
@@ -526,7 +526,11 @@ IntRect RenderListBox::controlClipRect(int tx, int ty) const
 
 IntRect RenderListBox::windowClipRect() const
 {
-    return view()->frameView()->windowClipRectForLayer(enclosingLayer(), true);
+    FrameView* frameView = view()->frameView();
+    if (!frameView)
+        return IntRect();
+
+    return frameView->windowClipRectForLayer(enclosingLayer(), true);
 }
 
 } // namespace WebCore
index 40ac346..adbbf54 100644 (file)
@@ -425,7 +425,8 @@ void RenderTable::layout()
         didFullRepaint = repaintAfterLayoutIfNeeded(oldBounds, oldFullBounds);
     if (!didFullRepaint && sectionMoved) {
         IntRect repaintRect(m_overflowLeft, movedSectionTop, m_overflowWidth - m_overflowLeft, m_overflowHeight - movedSectionTop);
-        view()->frameView()->addRepaintInfo(this, repaintRect);
+        if (FrameView* frameView = view()->frameView())
+            frameView->addRepaintInfo(this, repaintRect);
     }
     
     setNeedsLayout(false);