Fix crash by calendar picker or suggestion picker
authortkent@chromium.org <tkent@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 30 Oct 2012 12:07:38 +0000 (12:07 +0000)
committertkent@chromium.org <tkent@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 30 Oct 2012 12:07:38 +0000 (12:07 +0000)
https://bugs.webkit.org/show_bug.cgi?id=100728

Reviewed by Hajime Morita.

Source/WebCore:

Change DateTimeChooser so that it is ref-coutned.

Test: platform/chromium/fast/forms/calendar-picker/calendar-picker-type-change-onchange.html

* platform/DateTimeChooser.h: Made DateTimeChooser RefCounted.
* page/ChromeClient.h:
(ChromeClient): openDateTimeChooser should return PassRefPtr<DateTimeChooser>.
* loader/EmptyClients.h:
(EmptyChromeClient): Follow the above change.
* loader/EmptyClients.cpp:
(WebCore::EmptyChromeClient::openDateTimeChooser): Ditto.

* html/shadow/PickerIndicatorElement.h:
(PickerIndicatorElement): Hold DateTimeChooser in RefPtr<DateTimeChooser>.
* html/shadow/PickerIndicatorElement.cpp:
(WebCore::PickerIndicatorElement::PickerIndicatorElement):
Remove unnecessary initialization.

Source/WebKit/chromium:

* src/DateTimeChooserImpl.h:
(DateTimeChooserImpl): Add a factory function, and made the constructor private.
* src/DateTimeChooserImpl.cpp:
(WebKit::DateTimeChooserImpl::create): Added.
(WebKit::DateTimeChooserImpl::setValueAndClosePopup):
Protect this because JavaScript code might run during didChooseValue.

* src/ChromeClientImpl.h:
(ChromeClientImpl): Follow the ChromeClient change.
* src/ChromeClientImpl.cpp:
(WebKit::ChromeClientImpl::openDateTimeChooser):
Use DateTimeChooserImpl::create.

LayoutTests:

* platform/chromium/fast/forms/calendar-picker/calendar-picker-type-change-onchange-expected.txt: Added.
* platform/chromium/fast/forms/calendar-picker/calendar-picker-type-change-onchange.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@132895 268f45cc-cd09-0410-ab3c-d52691b4dbfc

15 files changed:
LayoutTests/ChangeLog
LayoutTests/platform/chromium/fast/forms/calendar-picker/calendar-picker-type-change-onchange-expected.txt [new file with mode: 0644]
LayoutTests/platform/chromium/fast/forms/calendar-picker/calendar-picker-type-change-onchange.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/html/shadow/PickerIndicatorElement.cpp
Source/WebCore/html/shadow/PickerIndicatorElement.h
Source/WebCore/loader/EmptyClients.cpp
Source/WebCore/loader/EmptyClients.h
Source/WebCore/page/ChromeClient.h
Source/WebCore/platform/DateTimeChooser.h
Source/WebKit/chromium/ChangeLog
Source/WebKit/chromium/src/ChromeClientImpl.cpp
Source/WebKit/chromium/src/ChromeClientImpl.h
Source/WebKit/chromium/src/DateTimeChooserImpl.cpp
Source/WebKit/chromium/src/DateTimeChooserImpl.h

index 504615a..02bcce7 100644 (file)
@@ -1,3 +1,13 @@
+2012-10-30  Kent Tamura  <tkent@chromium.org>
+
+        Fix crash by calendar picker or suggestion picker
+        https://bugs.webkit.org/show_bug.cgi?id=100728
+
+        Reviewed by Hajime Morita.
+
+        * platform/chromium/fast/forms/calendar-picker/calendar-picker-type-change-onchange-expected.txt: Added.
+        * platform/chromium/fast/forms/calendar-picker/calendar-picker-type-change-onchange.html: Added.
+
 2012-10-30  Michelangelo De Simone  <michelangelo@webkit.org>
 
         [CSS Shaders] Change the default compositing mode and the default CSS value for <fragmentShader>
diff --git a/LayoutTests/platform/chromium/fast/forms/calendar-picker/calendar-picker-type-change-onchange-expected.txt b/LayoutTests/platform/chromium/fast/forms/calendar-picker/calendar-picker-type-change-onchange-expected.txt
new file mode 100644 (file)
index 0000000..7e58095
--- /dev/null
@@ -0,0 +1,10 @@
+Check if we have no crash in a case that the input type is changed by selecting a day in the calendar picker.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS unless crash
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/platform/chromium/fast/forms/calendar-picker/calendar-picker-type-change-onchange.html b/LayoutTests/platform/chromium/fast/forms/calendar-picker/calendar-picker-type-change-onchange.html
new file mode 100644 (file)
index 0000000..7690728
--- /dev/null
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<body>
+<script src="../../../../../fast/js/resources/js-test-pre.js"></script>
+<script src="../../../../../fast/forms/resources/picker-common.js"></script>
+<input type="date" id="date1" onchange="changeType(this)" value="2000-01-01">
+<script>
+description('Check if we have no crash in a case that the input type is changed by selecting a day in the calendar picker.');
+
+openPicker(document.getElementById('date1'), selectToday);
+
+function selectToday() {
+    eventSender.keyDown('t');
+    eventSender.keyDown('\n');
+}
+
+function changeType(input) {
+    input.type = 'text';
+    testPassed('unless crash');
+    finishJSTest();
+}
+</script>
+<script src="../../../../../fast/js/resources/js-test-post.js"></script>
+</body>
index 1655e0b..c11ab3e 100644 (file)
@@ -1,3 +1,28 @@
+2012-10-30  Kent Tamura  <tkent@chromium.org>
+
+        Fix crash by calendar picker or suggestion picker
+        https://bugs.webkit.org/show_bug.cgi?id=100728
+
+        Reviewed by Hajime Morita.
+
+        Change DateTimeChooser so that it is ref-coutned.
+
+        Test: platform/chromium/fast/forms/calendar-picker/calendar-picker-type-change-onchange.html
+
+        * platform/DateTimeChooser.h: Made DateTimeChooser RefCounted.
+        * page/ChromeClient.h:
+        (ChromeClient): openDateTimeChooser should return PassRefPtr<DateTimeChooser>.
+        * loader/EmptyClients.h:
+        (EmptyChromeClient): Follow the above change.
+        * loader/EmptyClients.cpp:
+        (WebCore::EmptyChromeClient::openDateTimeChooser): Ditto.
+
+        * html/shadow/PickerIndicatorElement.h:
+        (PickerIndicatorElement): Hold DateTimeChooser in RefPtr<DateTimeChooser>.
+        * html/shadow/PickerIndicatorElement.cpp:
+        (WebCore::PickerIndicatorElement::PickerIndicatorElement):
+        Remove unnecessary initialization.
+
 2012-10-30  Eugene Klyuchnikov  <eustas.bug@gmail.com>
 
         Web Inspector: Timeline: promote "cpu activity" out of experiment
index fa25bd6..4f4a822 100644 (file)
@@ -51,7 +51,6 @@ using namespace HTMLNames;
 
 inline PickerIndicatorElement::PickerIndicatorElement(Document* document)
     : HTMLDivElement(divTag, document)
-    , m_chooser(nullptr)
 {
     setShadowPseudoId("-webkit-calendar-picker-indicator");
 }
index 1d891c2..295918a 100644 (file)
@@ -63,7 +63,7 @@ private:
 
     HTMLInputElement* hostInput();
 
-    OwnPtr<DateTimeChooser> m_chooser;
+    RefPtr<DateTimeChooser> m_chooser;
 };
 
 }
index c9b3f3a..d60bd30 100644 (file)
@@ -105,9 +105,9 @@ PassOwnPtr<ColorChooser> EmptyChromeClient::createColorChooser(ColorChooserClien
 #endif
 
 #if ENABLE(CALENDAR_PICKER)
-PassOwnPtr<DateTimeChooser> EmptyChromeClient::openDateTimeChooser(DateTimeChooserClient*, const DateTimeChooserParameters&)
+PassRefPtr<DateTimeChooser> EmptyChromeClient::openDateTimeChooser(DateTimeChooserClient*, const DateTimeChooserParameters&)
 {
-    return nullptr;
+    return PassRefPtr<DateTimeChooser>();
 }
 #endif
 
index 9c2c23d..62606bb 100644 (file)
@@ -174,7 +174,7 @@ public:
 #endif
 
 #if ENABLE(CALENDAR_PICKER)
-    virtual PassOwnPtr<DateTimeChooser> openDateTimeChooser(DateTimeChooserClient*, const DateTimeChooserParameters&) OVERRIDE;
+    virtual PassRefPtr<DateTimeChooser> openDateTimeChooser(DateTimeChooserClient*, const DateTimeChooserParameters&) OVERRIDE;
 #endif
 
     virtual void runOpenPanel(Frame*, PassRefPtr<FileChooser>) OVERRIDE;
index 7a505de..4b044da 100644 (file)
@@ -227,7 +227,7 @@ namespace WebCore {
 #endif
 
 #if ENABLE(CALENDAR_PICKER)
-        virtual PassOwnPtr<DateTimeChooser> openDateTimeChooser(DateTimeChooserClient*, const DateTimeChooserParameters&) = 0;
+        virtual PassRefPtr<DateTimeChooser> openDateTimeChooser(DateTimeChooserClient*, const DateTimeChooserParameters&) = 0;
 #endif
 
         virtual void runOpenPanel(Frame*, PassRefPtr<FileChooser>) = 0;
index 86ab13c..7a3a5e9 100644 (file)
@@ -32,6 +32,7 @@
 #define DateTimeChooser_h
 
 #include "IntRect.h"
+#include <wtf/RefCounted.h>
 #include <wtf/text/WTFString.h>
 
 namespace WebCore {
@@ -52,7 +53,7 @@ struct DateTimeChooserParameters {
 };
 
 // For pickers like color pickers and date pickers.
-class DateTimeChooser {
+class DateTimeChooser : public RefCounted<DateTimeChooser> {
 public:
     virtual ~DateTimeChooser() { }
 
index 3ddd810..c12828d 100644 (file)
@@ -1,3 +1,24 @@
+2012-10-30  Kent Tamura  <tkent@chromium.org>
+
+        Fix crash by calendar picker or suggestion picker
+        https://bugs.webkit.org/show_bug.cgi?id=100728
+
+        Reviewed by Hajime Morita.
+
+        * src/DateTimeChooserImpl.h:
+        (DateTimeChooserImpl): Add a factory function, and made the constructor private.
+        * src/DateTimeChooserImpl.cpp:
+        (WebKit::DateTimeChooserImpl::create): Added.
+        (WebKit::DateTimeChooserImpl::setValueAndClosePopup):
+        Protect this because JavaScript code might run during didChooseValue.
+
+        * src/ChromeClientImpl.h:
+        (ChromeClientImpl): Follow the ChromeClient change.
+        * src/ChromeClientImpl.cpp:
+        (WebKit::ChromeClientImpl::openDateTimeChooser):
+        Use DateTimeChooserImpl::create.
+
+
 2012-10-29  James Robinson  <jamesr@chromium.org>
 
         [chromium] Null-check WebViewImpl::m_client before calling invalidateRect() on it
index f71d677..d781e8a 100644 (file)
@@ -693,9 +693,9 @@ PassOwnPtr<WebColorChooser> ChromeClientImpl::createWebColorChooser(WebColorChoo
 #endif
 
 #if ENABLE(CALENDAR_PICKER)
-PassOwnPtr<WebCore::DateTimeChooser> ChromeClientImpl::openDateTimeChooser(WebCore::DateTimeChooserClient* pickerClient, const WebCore::DateTimeChooserParameters& parameters)
+PassRefPtr<DateTimeChooser> ChromeClientImpl::openDateTimeChooser(DateTimeChooserClient* pickerClient, const DateTimeChooserParameters& parameters)
 {
-    return adoptPtr(new DateTimeChooserImpl(this, pickerClient, parameters));
+    return DateTimeChooserImpl::create(this, pickerClient, parameters);
 }
 #endif
 
index 84dbfc9..fe2d177 100644 (file)
@@ -148,7 +148,7 @@ public:
     PassOwnPtr<WebColorChooser> createWebColorChooser(WebColorChooserClient*, const WebColor&);
 #endif
 #if ENABLE(CALENDAR_PICKER)
-    virtual PassOwnPtr<WebCore::DateTimeChooser> openDateTimeChooser(WebCore::DateTimeChooserClient*, const WebCore::DateTimeChooserParameters&) OVERRIDE;
+    virtual PassRefPtr<WebCore::DateTimeChooser> openDateTimeChooser(WebCore::DateTimeChooserClient*, const WebCore::DateTimeChooserParameters&) OVERRIDE;
 #endif
     virtual void runOpenPanel(WebCore::Frame*, PassRefPtr<WebCore::FileChooser>);
     virtual void loadIconForFiles(const Vector<WTF::String>&, WebCore::FileIconLoader*);
index 0f67c5e..129d6b0 100644 (file)
@@ -64,6 +64,11 @@ DateTimeChooserImpl::DateTimeChooserImpl(ChromeClientImpl* chromeClient, WebCore
     m_popup = m_chromeClient->openPagePopup(this, m_parameters.anchorRectInRootView);
 }
 
+PassRefPtr<DateTimeChooserImpl> DateTimeChooserImpl::create(ChromeClientImpl* chromeClient, WebCore::DateTimeChooserClient* client, const WebCore::DateTimeChooserParameters& parameters)
+{
+    return adoptRef(new DateTimeChooserImpl(chromeClient, client, parameters));
+}
+
 DateTimeChooserImpl::~DateTimeChooserImpl()
 {
 }
@@ -149,6 +154,7 @@ WebCore::Locale& DateTimeChooserImpl::locale()
 
 void DateTimeChooserImpl::setValueAndClosePopup(int numValue, const String& stringValue)
 {
+    RefPtr<DateTimeChooserImpl> protector(this);
     if (numValue >= 0)
         m_client->didChooseValue(stringValue);
     endChooser();
index c4d514a..17db435 100644 (file)
@@ -47,13 +47,14 @@ class ChromeClientImpl;
 
 class DateTimeChooserImpl : public WebCore::DateTimeChooser, public WebCore::PagePopupClient {
 public:
-    DateTimeChooserImpl(ChromeClientImpl*, WebCore::DateTimeChooserClient*, const WebCore::DateTimeChooserParameters&);
+    static PassRefPtr<DateTimeChooserImpl> create(ChromeClientImpl*, WebCore::DateTimeChooserClient*, const WebCore::DateTimeChooserParameters&);
     virtual ~DateTimeChooserImpl();
 
     // DateTimeChooser functions:
     virtual void endChooser() OVERRIDE;
 
 private:
+    DateTimeChooserImpl(ChromeClientImpl*, WebCore::DateTimeChooserClient*, const WebCore::DateTimeChooserParameters&);
     // PagePopupClient functions:
     virtual WebCore::IntSize contentSize() OVERRIDE;
     virtual void writeDocument(WebCore::DocumentWriter&) OVERRIDE;