[GTK] WebKitTestRunner tries to remove an already deleted event in EventSenderProxy...
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 10 Jul 2013 08:41:14 +0000 (08:41 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 10 Jul 2013 08:41:14 +0000 (08:41 +0000)
https://bugs.webkit.org/show_bug.cgi?id=118509

Patch by Simon Pena <simon.pena@samsung.com> on 2013-07-10
Reviewed by Martin Robinson.

In EventSenderProxy::replaySavedEvents WebKitTestRunner can crash
when trying to remove an event already removed, if another event is
processed in the middle. By using a Deque's takeFirst, we ensure the
element is removed before we dispatch it.

fast/events/mousedown-inside-dragstart-should-not-cause-crash.html no longer
crashes after this fix is added.

* WebKitTestRunner/EventSenderProxy.h: Use a Deque instead of Vector in GTK
* WebKitTestRunner/gtk/EventSenderProxyGtk.cpp:
(WTR::EventSenderProxy::replaySavedEvents): Use takeFirst to retrieve the event
from the queue.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@152530 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Tools/ChangeLog
Tools/WebKitTestRunner/EventSenderProxy.h
Tools/WebKitTestRunner/gtk/EventSenderProxyGtk.cpp

index 214c5f7..e6119da 100644 (file)
@@ -1,3 +1,23 @@
+2013-07-10  Simon Pena  <simon.pena@samsung.com>
+
+        [GTK] WebKitTestRunner tries to remove an already deleted event in EventSenderProxy::replaySavedEvents
+        https://bugs.webkit.org/show_bug.cgi?id=118509
+
+        Reviewed by Martin Robinson.
+
+        In EventSenderProxy::replaySavedEvents WebKitTestRunner can crash
+        when trying to remove an event already removed, if another event is
+        processed in the middle. By using a Deque's takeFirst, we ensure the
+        element is removed before we dispatch it.
+
+        fast/events/mousedown-inside-dragstart-should-not-cause-crash.html no longer
+        crashes after this fix is added.
+
+        * WebKitTestRunner/EventSenderProxy.h: Use a Deque instead of Vector in GTK
+        * WebKitTestRunner/gtk/EventSenderProxyGtk.cpp:
+        (WTR::EventSenderProxy::replaySavedEvents): Use takeFirst to retrieve the event
+        from the queue.
+
 2013-07-09  Ryuan Choi  <ryuan.choi@samsung.com>
 
         [EFL] Add ewk_view_device_pixel_ratio_set
index 92fe2d0..bb814a8 100644 (file)
@@ -32,7 +32,7 @@
 #include <QTouchEvent>
 #elif PLATFORM(GTK)
 #include <gdk/gdk.h>
-#include <wtf/Vector.h>
+#include <wtf/Deque.h>
 #elif PLATFORM(EFL)
 #include <WebKit2/EWebKit2.h>
 #include <wtf/Deque.h>
@@ -114,7 +114,7 @@ private:
 #if PLATFORM(MAC)
     int eventNumber;
 #elif PLATFORM(GTK)
-    Vector<WTREventQueueItem> m_eventQueue;
+    Deque<WTREventQueueItem> m_eventQueue;
     unsigned m_mouseButtonCurrentlyDown;
 #elif PLATFORM(QT)
     Qt::MouseButtons m_mouseButtons;
index 3dcb03a..295532e 100644 (file)
@@ -155,12 +155,11 @@ static void dispatchEvent(GdkEvent* event)
 void EventSenderProxy::replaySavedEvents()
 {
     while (!m_eventQueue.isEmpty()) {
-        WTREventQueueItem item = m_eventQueue.first();
+        WTREventQueueItem item = m_eventQueue.takeFirst();
         if (item.delay)
             g_usleep(item.delay * 1000);
 
         dispatchEvent(item.event);
-        m_eventQueue.remove(0);
     }
 }