Source/WebKit/mac: <rdar://problem/10523721> Crash at WebCore::SubresourceLoader...
authormitz@apple.com <mitz@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 4 Dec 2011 01:01:36 +0000 (01:01 +0000)
committermitz@apple.com <mitz@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 4 Dec 2011 01:01:36 +0000 (01:01 +0000)
Reviewed by Darin Adler.

* WebView/WebView.mm:
(-[WebView _removeObjectForIdentifier:]): Changed the CFRelease(self) into
a WebCFAutorelease(self). This prevents re-entry into this method due to
the WebView closing and canceling all subresource loads, including the
one we have just removed.

Tools: Added a test for <rdar://problem/10523721> Crash at WebCore::SubresourceLoader::releaseResources

Reviewed by Darin Adler.

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/mac/SubresourceErrorCrash.mm: Added.
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@101939 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/mac/ChangeLog
Source/WebKit/mac/WebView/WebView.mm
Tools/ChangeLog
Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
Tools/TestWebKitAPI/Tests/mac/SubresourceErrorCrash.mm [new file with mode: 0644]

index 3e007e1..181099d 100644 (file)
@@ -1,3 +1,14 @@
+2011-12-03  Dan Bernstein  <mitz@apple.com>
+
+        <rdar://problem/10523721> Crash at WebCore::SubresourceLoader::releaseResources
+        Reviewed by Darin Adler.
+
+        * WebView/WebView.mm:
+        (-[WebView _removeObjectForIdentifier:]): Changed the CFRelease(self) into
+        a WebCFAutorelease(self). This prevents re-entry into this method due to
+        the WebView closing and canceling all subresource loads, including the
+        one we have just removed.
+
 2011-12-02  David Levin  <levin@chromium.org>
 
         Rename WTF class from TemporarilyChange to TemporaryChange.
index 0f684a5..eeb4420 100644 (file)
@@ -6062,9 +6062,10 @@ static inline uint64_t roundUpToPowerOf2(uint64_t num)
     _private->identifierMap.remove(identifier);
     
     // If the identifier map is now empty it means we're no longer loading anything
-    // and we should release the web view.
+    // and we should release the web view. Autorelease rather than release in order to
+    // avoid re-entering this method beneath -dealloc with the same identifier. <rdar://problem/10523721>
     if (_private->identifierMap.isEmpty())
-        CFRelease(self);
+        WebCFAutorelease(self);
 }
 
 - (void)_retrieveKeyboardUIModeFromPreferences:(NSNotification *)notification
index 8112f51..2ffee52 100644 (file)
@@ -1,3 +1,13 @@
+2011-12-03  Dan Bernstein  <mitz@apple.com>
+
+        Added a test for <rdar://problem/10523721> Crash at WebCore::SubresourceLoader::releaseResources
+
+        Reviewed by Darin Adler.
+
+        * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+        * TestWebKitAPI/Tests/mac/SubresourceErrorCrash.mm: Added.
+        (TestWebKitAPI::TEST):
+
 2011-12-03  Philippe Normand  <pnormand@igalia.com>
 
         Another GTK build fix after r101922.
index 144de36..bfefe3f 100644 (file)
@@ -27,6 +27,7 @@
                37200B9213A16230007A4FAD /* VectorReverse.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 37200B9113A16230007A4FAD /* VectorReverse.cpp */; };
                3722C8691461E03E00C45D00 /* RenderedImageFromDOMRange.mm in Sources */ = {isa = PBXBuildFile; fileRef = 3722C8681461E03E00C45D00 /* RenderedImageFromDOMRange.mm */; };
                3799AD3A14120A43005EB0C6 /* StringByEvaluatingJavaScriptFromString.mm in Sources */ = {isa = PBXBuildFile; fileRef = 3799AD3914120A43005EB0C6 /* StringByEvaluatingJavaScriptFromString.mm */; };
+               37A6895F148A9B50005100FA /* SubresourceErrorCrash.mm in Sources */ = {isa = PBXBuildFile; fileRef = 37A6895D148A9B50005100FA /* SubresourceErrorCrash.mm */; };
                37DC678D140D7C5000ABCCDB /* DOMRangeOfString.mm in Sources */ = {isa = PBXBuildFile; fileRef = 37DC678B140D7C5000ABCCDB /* DOMRangeOfString.mm */; };
                37DC6791140D7D7600ABCCDB /* DOMRangeOfString.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 37DC678F140D7D3A00ABCCDB /* DOMRangeOfString.html */; };
                4BFDFFA71314776C0061F24B /* HitTestResultNodeHandle_Bundle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4BFDFFA61314776C0061F24B /* HitTestResultNodeHandle_Bundle.cpp */; };
                37200B9113A16230007A4FAD /* VectorReverse.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = VectorReverse.cpp; path = WTF/VectorReverse.cpp; sourceTree = "<group>"; };
                3722C8681461E03E00C45D00 /* RenderedImageFromDOMRange.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = RenderedImageFromDOMRange.mm; sourceTree = "<group>"; };
                3799AD3914120A43005EB0C6 /* StringByEvaluatingJavaScriptFromString.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = StringByEvaluatingJavaScriptFromString.mm; sourceTree = "<group>"; };
+               37A6895D148A9B50005100FA /* SubresourceErrorCrash.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = SubresourceErrorCrash.mm; sourceTree = "<group>"; };
                37DC678B140D7C5000ABCCDB /* DOMRangeOfString.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = DOMRangeOfString.mm; sourceTree = "<group>"; };
                37DC678F140D7D3A00ABCCDB /* DOMRangeOfString.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = DOMRangeOfString.html; sourceTree = "<group>"; };
                4BFDFFA61314776C0061F24B /* HitTestResultNodeHandle_Bundle.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HitTestResultNodeHandle_Bundle.cpp; sourceTree = "<group>"; };
                                939BA91614103412001A01BD /* DeviceScaleFactorOnBack.mm */,
                                3722C8681461E03E00C45D00 /* RenderedImageFromDOMRange.mm */,
                                3799AD3914120A43005EB0C6 /* StringByEvaluatingJavaScriptFromString.mm */,
+                               37A6895D148A9B50005100FA /* SubresourceErrorCrash.mm */,
                        );
                        path = mac;
                        sourceTree = "<group>";
                                C0C5D3BE14598B6F00A802A6 /* GetBackingScaleFactor.mm in Sources */,
                                3722C8691461E03E00C45D00 /* RenderedImageFromDOMRange.mm in Sources */,
                                0BCD856A1485C98B00EA2003 /* TemporaryChange.cpp in Sources */,
+                               37A6895F148A9B50005100FA /* SubresourceErrorCrash.mm in Sources */,
                        );
                        runOnlyForDeploymentPostprocessing = 0;
                };
diff --git a/Tools/TestWebKitAPI/Tests/mac/SubresourceErrorCrash.mm b/Tools/TestWebKitAPI/Tests/mac/SubresourceErrorCrash.mm
new file mode 100644 (file)
index 0000000..870a489
--- /dev/null
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2011 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+namespace TestWebKitAPI {
+
+TEST(WebKit1, SubresourceErrorCrash)
+{
+    WebView *webView = [[WebView alloc] initWithFrame:NSZeroRect frameName:@"" groupName:@""];
+    [webView.mainFrame loadHTMLString:@"<link rel=stylesheet href='x-error:error'>" baseURL:nil];
+    [webView release];
+}
+
+} // namespace TestWebKitAPI