2011-05-04 Cris Neckar <cdn@chromium.org>
authorcdn@chromium.org <cdn@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 5 May 2011 02:36:17 +0000 (02:36 +0000)
committercdn@chromium.org <cdn@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 5 May 2011 02:36:17 +0000 (02:36 +0000)
        Reviewed by Adam Barth.

        Tests whether a style media specifier inside an svg image will crash.
        https://bugs.webkit.org/show_bug.cgi?id=49902

        * fast/media/media-svg-crash-expected.txt: Added.
        * fast/media/media-svg-crash.html: Added.
2011-05-04  Cris Neckar  <cdn@chromium.org>

        Reviewed by Adam Barth.

        Expose WebView directly through ChromeClient.
        https://bugs.webkit.org/show_bug.cgi?id=49902

        Test: fast/media/media-svg-crash.html

        * loader/EmptyClients.h:
        (WebCore::EmptyChromeClient::webView):
        * page/ChromeClient.h:
        * page/brew/ChromeClientBrew.h:
        (WebCore::ChromeClientBrew::webView):
2011-05-04  Cris Neckar  <cdn@chromium.org>

        Reviewed by Adam Barth.

        Expose WebView directly through ChromeClient.
        https://bugs.webkit.org/show_bug.cgi?id=49902

        * src/AutoFillPopupMenuClient.cpp:
        (WebKit::AutoFillPopupMenuClient::getWebView):
        * src/ChromeClientImpl.cpp:
        (WebKit::ChromeClientImpl::webView):
        * src/ChromeClientImpl.h:
        * src/GraphicsContext3DChromium.cpp:
        (WebCore::GraphicsContext3DInternal::initialize):
        * src/PlatformBridge.cpp:
        (WebCore::toWebWidgetClient):
        * src/StorageNamespaceProxy.cpp:
        (WebCore::StorageNamespace::sessionStorageNamespace):
        * src/WebViewImpl.cpp:
        (WebKit::WebViewImpl::fromPage):
2011-05-04  Cris Neckar  <cdn@chromium.org>

        Reviewed by Adam Barth.

        Expose WebView directly through ChromeClient.
        https://bugs.webkit.org/show_bug.cgi?id=49902

        * WebCoreSupport/ChromeClientEfl.h:
        (WebCore::ChromeClientEfl::webView):
2011-05-04  Cris Neckar  <cdn@chromium.org>

        Reviewed by Adam Barth.

        Expose WebView directly through ChromeClient.
        https://bugs.webkit.org/show_bug.cgi?id=49902

        * WebCoreSupport/ChromeClientGtk.h:
        (WebKit::ChromeClient::webView):
2011-05-04  Cris Neckar  <cdn@chromium.org>

        Reviewed by Adam Barth.

        Expose WebView directly through ChromeClient.
        https://bugs.webkit.org/show_bug.cgi?id=49902

        * WebCoreSupport/ChromeClientHaiku.h:
        (WebCore::ChromeClientHaiku::webView):
2011-05-04  Cris Neckar  <cdn@chromium.org>

        Reviewed by Adam Barth.

        Expose WebView directly through ChromeClient.
        https://bugs.webkit.org/show_bug.cgi?id=49902

        * WebCoreSupport/WebChromeClient.h:
        (WebChromeClient::webView):
        * WebView/WebFrame.mm:
        (kit):
2011-05-04  Cris Neckar  <cdn@chromium.org>

        Reviewed by Adam Barth.

        Expose WebView directly through ChromeClient.
        https://bugs.webkit.org/show_bug.cgi?id=49902

        * WebCoreSupport/ChromeClientQt.h:
        (WebCore::ChromeClientQt::webView):
2011-05-04  Cris Neckar  <cdn@chromium.org>

        Reviewed by Adam Barth.

        Expose WebView directly through ChromeClient.
        https://bugs.webkit.org/show_bug.cgi?id=49902

        * WebCoreSupport/WebChromeClient.h:
        (WebChromeClient::webView):
2011-05-04  Cris Neckar  <cdn@chromium.org>

        Reviewed by Adam Barth.

        Expose WebView directly through ChromeClient.
        https://bugs.webkit.org/show_bug.cgi?id=49902

        * WebCoreSupport/ChromeClientWinCE.h:
        (WebKit::ChromeClientWinCE::webView):
2011-05-04  Cris Neckar  <cdn@chromium.org>

        Reviewed by Adam Barth.

        Expose WebView directly through ChromeClient.
        https://bugs.webkit.org/show_bug.cgi?id=49902

        * WebKitSupport/ChromeClientWx.h:
        (WebCore::ChromeClientWx::webView):
2011-05-04  Cris Neckar  <cdn@chromium.org>

        Reviewed by Adam Barth.

        Expose WebView directly through ChromeClient.
        https://bugs.webkit.org/show_bug.cgi?id=49902

        * WebProcess/WebCoreSupport/WebChromeClient.h:
        (WebKit::WebChromeClient::webView):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@85823 268f45cc-cd09-0410-ab3c-d52691b4dbfc

34 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/media/media-svg-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/media/media-svg-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/loader/EmptyClients.h
Source/WebCore/page/ChromeClient.h
Source/WebCore/page/brew/ChromeClientBrew.h
Source/WebKit/chromium/ChangeLog
Source/WebKit/chromium/src/AutoFillPopupMenuClient.cpp
Source/WebKit/chromium/src/ChromeClientImpl.cpp
Source/WebKit/chromium/src/ChromeClientImpl.h
Source/WebKit/chromium/src/GraphicsContext3DChromium.cpp
Source/WebKit/chromium/src/PlatformBridge.cpp
Source/WebKit/chromium/src/StorageNamespaceProxy.cpp
Source/WebKit/chromium/src/WebViewImpl.cpp
Source/WebKit/efl/ChangeLog
Source/WebKit/efl/WebCoreSupport/ChromeClientEfl.h
Source/WebKit/gtk/ChangeLog
Source/WebKit/gtk/WebCoreSupport/ChromeClientGtk.h
Source/WebKit/haiku/ChangeLog
Source/WebKit/haiku/WebCoreSupport/ChromeClientHaiku.h
Source/WebKit/mac/ChangeLog
Source/WebKit/mac/WebCoreSupport/WebChromeClient.h
Source/WebKit/mac/WebView/WebFrame.mm
Source/WebKit/qt/ChangeLog
Source/WebKit/qt/WebCoreSupport/ChromeClientQt.h
Source/WebKit/win/ChangeLog
Source/WebKit/win/WebCoreSupport/WebChromeClient.h
Source/WebKit/wince/ChangeLog
Source/WebKit/wince/WebCoreSupport/ChromeClientWinCE.h
Source/WebKit/wx/ChangeLog
Source/WebKit/wx/WebKitSupport/ChromeClientWx.h
Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/WebCoreSupport/WebChromeClient.h

index 5320880..90f2c1f 100644 (file)
@@ -1,3 +1,13 @@
+2011-05-04  Cris Neckar  <cdn@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Tests whether a style media specifier inside an svg image will crash.
+        https://bugs.webkit.org/show_bug.cgi?id=49902
+
+        * fast/media/media-svg-crash-expected.txt: Added.
+        * fast/media/media-svg-crash.html: Added.
+
 2011-05-04  MORITA Hajime  <morrita@google.com>
 
         Unreviewed skipping text-block-child-crash.xhtml
diff --git a/LayoutTests/fast/media/media-svg-crash-expected.txt b/LayoutTests/fast/media/media-svg-crash-expected.txt
new file mode 100644 (file)
index 0000000..e5ffb00
--- /dev/null
@@ -0,0 +1 @@
+ PASS - SVG image with media type does not crash.
diff --git a/LayoutTests/fast/media/media-svg-crash.html b/LayoutTests/fast/media/media-svg-crash.html
new file mode 100644 (file)
index 0000000..1ef08ca
--- /dev/null
@@ -0,0 +1,8 @@
+<html>
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+</script>
+<img src='data:image/svg+xml,<!DOCTYPEg PUBLIC "" "/"><g xmlns="http://www.w3.org/2000/svg"><style>@media(max-color:5){*{</style>'>
+PASS - SVG image with media type does not crash.
+</html>
index 795a2b7..dde32ac 100644 (file)
@@ -1,3 +1,18 @@
+2011-05-04  Cris Neckar  <cdn@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Expose WebView directly through ChromeClient.
+        https://bugs.webkit.org/show_bug.cgi?id=49902
+
+        Test: fast/media/media-svg-crash.html
+
+        * loader/EmptyClients.h:
+        (WebCore::EmptyChromeClient::webView):
+        * page/ChromeClient.h:
+        * page/brew/ChromeClientBrew.h:
+        (WebCore::ChromeClientBrew::webView):
+
 2011-05-04  Joseph Pecoraro  <joepeck@webkit.org>
 
         Reviewed by Darin Adler.
index d11fd62..0dde68e 100644 (file)
@@ -89,6 +89,7 @@ public:
     virtual ~EmptyChromeClient() { }
     virtual void chromeDestroyed() { }
 
+    virtual void* webView() const { return 0; }
     virtual void setWindowRect(const FloatRect&) { }
     virtual FloatRect windowRect() { return FloatRect(); }
 
index 24f34fc..880caf6 100644 (file)
@@ -132,6 +132,8 @@ namespace WebCore {
         virtual bool shouldInterruptJavaScript() = 0;
         virtual KeyboardUIMode keyboardUIMode() = 0;
 
+        virtual void* webView() const = 0;
+
 #if ENABLE(REGISTER_PROTOCOL_HANDLER)
         virtual void registerProtocolHandler(const String& scheme, const String& baseURL, const String& url, const String& title) = 0;
 #endif
index d1fac2d..2d27a73 100644 (file)
@@ -42,6 +42,7 @@ class PopupMenuClient;
 // things here that don't make sense for other ports.
 class ChromeClientBrew : public ChromeClient {
 public:
+    virtual void* webView() const { return 0; }
     virtual void createSelectPopup(PopupMenuClient*, int selected, const IntRect& rect) = 0;
     virtual bool destroySelectPopup() = 0;
 };
index 3ca088d..7d769c2 100644 (file)
@@ -1,3 +1,24 @@
+2011-05-04  Cris Neckar  <cdn@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Expose WebView directly through ChromeClient.
+        https://bugs.webkit.org/show_bug.cgi?id=49902
+
+        * src/AutoFillPopupMenuClient.cpp:
+        (WebKit::AutoFillPopupMenuClient::getWebView):
+        * src/ChromeClientImpl.cpp:
+        (WebKit::ChromeClientImpl::webView):
+        * src/ChromeClientImpl.h:
+        * src/GraphicsContext3DChromium.cpp:
+        (WebCore::GraphicsContext3DInternal::initialize):
+        * src/PlatformBridge.cpp:
+        (WebCore::toWebWidgetClient):
+        * src/StorageNamespaceProxy.cpp:
+        (WebCore::StorageNamespace::sessionStorageNamespace):
+        * src/WebViewImpl.cpp:
+        (WebKit::WebViewImpl::fromPage):
+
 2011-05-04  Nate Chapin  <japhet@chromium.org>
 
         Reviewed by Mihai Parparita.
index a4d89fd..fc3f98b 100644 (file)
@@ -356,7 +356,7 @@ WebViewImpl* AutoFillPopupMenuClient::getWebView() const
     if (!page)
         return 0;
 
-    return static_cast<ChromeClientImpl*>(page->chrome()->client())->webView();
+    return static_cast<WebViewImpl*>(page->chrome()->client()->webView());
 }
 
 RenderStyle* AutoFillPopupMenuClient::textFieldStyle() const
index f12bf03..eee6934 100644 (file)
@@ -162,6 +162,11 @@ ChromeClientImpl::~ChromeClientImpl()
 {
 }
 
+void* ChromeClientImpl::webView() const
+{
+    return static_cast<void*>(m_webView);
+}
+
 void ChromeClientImpl::chromeDestroyed()
 {
     // Our lifetime is bound to the WebViewImpl.
index 6a65522..1fd545b 100644 (file)
@@ -58,7 +58,7 @@ public:
     explicit ChromeClientImpl(WebViewImpl* webView);
     virtual ~ChromeClientImpl();
 
-    WebViewImpl* webView() const { return m_webView; }
+    virtual void* webView() const;
 
     // ChromeClient methods:
     virtual void chromeDestroyed();
index 7a87cb2..21828ea 100644 (file)
@@ -114,9 +114,7 @@ bool GraphicsContext3DInternal::initialize(GraphicsContext3D::Attributes attrs,
         return false;
 
     Chrome* chrome = static_cast<Chrome*>(hostWindow);
-    WebKit::ChromeClientImpl* chromeClientImpl = static_cast<WebKit::ChromeClientImpl*>(chrome->client());
-
-    m_webViewImpl = chromeClientImpl->webView();
+    m_webViewImpl = static_cast<WebKit::WebViewImpl*>(chrome->client()->webView());
 
     if (!m_webViewImpl)
         return false;
index 6dcc9d3..da87d5b 100644 (file)
@@ -102,7 +102,7 @@ using namespace WebKit;
 
 namespace WebCore {
 
-static ChromeClientImpl* toChromeClientImpl(Widget* widget)
+static WebWidgetClient* toWebWidgetClient(Widget* widget)
 {
     if (!widget)
         return 0;
@@ -119,15 +119,11 @@ static ChromeClientImpl* toChromeClientImpl(Widget* widget)
     if (!page)
         return 0;
 
-    return static_cast<ChromeClientImpl*>(page->chrome()->client());
-}
-
-static WebWidgetClient* toWebWidgetClient(Widget* widget)
-{
-    ChromeClientImpl* chromeClientImpl = toChromeClientImpl(widget);
-    if (!chromeClientImpl || !chromeClientImpl->webView())
+    void* webView = page->chrome()->client()->webView();
+    if (!webView)
         return 0;
-    return chromeClientImpl->webView()->client();
+
+    return static_cast<WebViewImpl*>(webView)->client();
 }
 
 static WebCookieJar* getCookieJar(const Document* document)
index bb90af5..e9127dd 100644 (file)
@@ -53,8 +53,7 @@ PassRefPtr<StorageNamespace> StorageNamespace::localStorageNamespace(const Strin
 
 PassRefPtr<StorageNamespace> StorageNamespace::sessionStorageNamespace(Page* page, unsigned quota)
 {
-    WebKit::ChromeClientImpl* chromeClientImpl = static_cast<WebKit::ChromeClientImpl*>(page->chrome()->client());
-    WebKit::WebViewClient* webViewClient = chromeClientImpl->webView()->client();
+    WebKit::WebViewClient* webViewClient = static_cast<WebKit::WebViewImpl*>(page->chrome()->client()->webView())->client();
     return adoptRef(new StorageNamespaceProxy(webViewClient->createSessionStorageNamespace(quota), SessionStorage));
 }
 
index cb02466..b2a7aed 100644 (file)
@@ -936,7 +936,8 @@ WebViewImpl* WebViewImpl::fromPage(Page* page)
     if (!page)
         return 0;
 
-    return static_cast<ChromeClientImpl*>(page->chrome()->client())->webView();
+    ChromeClientImpl* chromeClient = static_cast<ChromeClientImpl*>(page->chrome()->client());
+    return static_cast<WebViewImpl*>(chromeClient->webView());
 }
 
 // WebWidget ------------------------------------------------------------------
index 50693d9..3fd7d31 100755 (executable)
@@ -1,3 +1,13 @@
+2011-05-04  Cris Neckar  <cdn@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Expose WebView directly through ChromeClient.
+        https://bugs.webkit.org/show_bug.cgi?id=49902
+
+        * WebCoreSupport/ChromeClientEfl.h:
+        (WebCore::ChromeClientEfl::webView):
+
 2011-05-04  Tomasz Morawski  <t.morawski@samsung.com>
 
         Reviewed by Kenneth Rohde Christiansen.
index 3d276e5..aa17974 100644 (file)
@@ -39,6 +39,7 @@ public:
 
     virtual void chromeDestroyed();
 
+    virtual void* webView() const { return 0; }
     virtual void setWindowRect(const FloatRect&);
     virtual FloatRect windowRect();
 
index 524ed64..ab07878 100644 (file)
@@ -1,3 +1,13 @@
+2011-05-04  Cris Neckar  <cdn@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Expose WebView directly through ChromeClient.
+        https://bugs.webkit.org/show_bug.cgi?id=49902
+
+        * WebCoreSupport/ChromeClientGtk.h:
+        (WebKit::ChromeClient::webView):
+
 2011-05-04  Tao Bai  <michaelbai@chromium.org>
 
         Reviewed by David Kilzer.
index 2bf81eb..333da55 100644 (file)
@@ -41,6 +41,7 @@ namespace WebKit {
 
         virtual void chromeDestroyed();
 
+        virtual void* webView() const { return 0; }
         virtual void setWindowRect(const WebCore::FloatRect&);
         virtual WebCore::FloatRect windowRect();
 
index 0f7767b..821dae2 100644 (file)
@@ -1,3 +1,13 @@
+2011-05-04  Cris Neckar  <cdn@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Expose WebView directly through ChromeClient.
+        https://bugs.webkit.org/show_bug.cgi?id=49902
+
+        * WebCoreSupport/ChromeClientHaiku.h:
+        (WebCore::ChromeClientHaiku::webView):
+
 2011-04-21  Ryosuke Niwa  <rniwa@webkit.org>
 
         Reviewed by Sam Weinig.
index 19fee81..8a097a0 100644 (file)
@@ -45,6 +45,7 @@ namespace WebCore {
         virtual ~ChromeClientHaiku();
         virtual void chromeDestroyed();
 
+        virtual void* webView() const { return 0; }
         virtual void setWindowRect(const FloatRect&);
         virtual FloatRect windowRect();
 
index 2d67449..cc040a2 100644 (file)
@@ -1,3 +1,15 @@
+2011-05-04  Cris Neckar  <cdn@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Expose WebView directly through ChromeClient.
+        https://bugs.webkit.org/show_bug.cgi?id=49902
+
+        * WebCoreSupport/WebChromeClient.h:
+        (WebChromeClient::webView):
+        * WebView/WebFrame.mm:
+        (kit):
+
 2011-05-04  Tao Bai  <michaelbai@chromium.org>
 
         Reviewed by David Kilzer.
index 004d49b..0ecb9f2 100644 (file)
@@ -35,8 +35,8 @@
 
 class WebChromeClient : public WebCore::ChromeClient {
 public:
-    WebChromeClient(WebView *webView);
-    WebView *webView() const { return m_webView; }
+    WebChromeClient(WebView*);
+    virtual void* webView() const { return static_cast<void*>(m_webView); }
     
     virtual void chromeDestroyed();
     
index f932738..9869c28 100644 (file)
@@ -247,7 +247,7 @@ Page* core(WebView *webView)
 
 WebView *kit(Page* page)
 {
-    return page ? static_cast<WebChromeClient*>(page->chrome()->client())->webView() : nil;
+    return page ? static_cast<WebView*>(page->chrome()->client()->webView()) : nil;
 }
 
 WebView *getWebView(WebFrame *webFrame)
index d8bc587..160a029 100644 (file)
@@ -1,3 +1,13 @@
+2011-05-04  Cris Neckar  <cdn@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Expose WebView directly through ChromeClient.
+        https://bugs.webkit.org/show_bug.cgi?id=49902
+
+        * WebCoreSupport/ChromeClientQt.h:
+        (WebCore::ChromeClientQt::webView):
+
 2011-05-04  Alexis Menard  <alexis.menard@openbossa.org>
 
         Unreviewed warning fix.
index c69daf5..814a192 100644 (file)
@@ -60,6 +60,7 @@ public:
     virtual ~ChromeClientQt();
     virtual void chromeDestroyed();
 
+    virtual void* webView() const { return 0; }
     virtual void setWindowRect(const FloatRect&);
     virtual FloatRect windowRect();
 
index b14b6b2..5b06041 100644 (file)
@@ -1,3 +1,13 @@
+2011-05-04  Cris Neckar  <cdn@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Expose WebView directly through ChromeClient.
+        https://bugs.webkit.org/show_bug.cgi?id=49902
+
+        * WebCoreSupport/WebChromeClient.h:
+        (WebChromeClient::webView):
+
 2011-05-04  Tao Bai  <michaelbai@chromium.org>
 
         Reviewed by David Kilzer.
index f147d2d..094dc9b 100644 (file)
@@ -43,6 +43,7 @@ public:
 
     virtual void chromeDestroyed();
 
+    virtual void* webView() const { return 0; }
     virtual void setWindowRect(const WebCore::FloatRect&);
     virtual WebCore::FloatRect windowRect();
     
index dcc8283..d7d8bf3 100644 (file)
@@ -1,3 +1,13 @@
+2011-05-04  Cris Neckar  <cdn@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Expose WebView directly through ChromeClient.
+        https://bugs.webkit.org/show_bug.cgi?id=49902
+
+        * WebCoreSupport/ChromeClientWinCE.h:
+        (WebKit::ChromeClientWinCE::webView):
+
 2011-05-04  Tao Bai  <michaelbai@chromium.org>
 
         Reviewed by David Kilzer.
index 06307ad..95709ae 100644 (file)
@@ -37,6 +37,7 @@ public:
 
     virtual void chromeDestroyed();
 
+    virtual void* webView() const { return 0; }
     virtual void setWindowRect(const WebCore::FloatRect&);
     virtual WebCore::FloatRect windowRect();
 
index f7f7f49..96b03a3 100644 (file)
@@ -1,3 +1,13 @@
+2011-05-04  Cris Neckar  <cdn@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Expose WebView directly through ChromeClient.
+        https://bugs.webkit.org/show_bug.cgi?id=49902
+
+        * WebKitSupport/ChromeClientWx.h:
+        (WebCore::ChromeClientWx::webView):
+
 2011-05-04  Tao Bai  <michaelbai@chromium.org>
 
         Reviewed by David Kilzer.
index b0a42ab..0d8149c 100644 (file)
@@ -42,6 +42,7 @@ public:
     virtual ~ChromeClientWx();
     virtual void chromeDestroyed();
 
+    virtual void* webView() const { return 0; }
     virtual void setWindowRect(const FloatRect&);
     virtual FloatRect windowRect();
 
index 9b51065..1b4e925 100644 (file)
@@ -1,3 +1,13 @@
+2011-05-04  Cris Neckar  <cdn@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Expose WebView directly through ChromeClient.
+        https://bugs.webkit.org/show_bug.cgi?id=49902
+
+        * WebProcess/WebCoreSupport/WebChromeClient.h:
+        (WebKit::WebChromeClient::webView):
+
 2011-05-04  Jeff Miller  <jeffm@apple.com>
 
         Reviewed by Darin Adler.
index b113fcc..9038eaf 100644 (file)
@@ -47,6 +47,8 @@ public:
     
     WebPage* page() const { return m_page; }
 
+    virtual void* webView() const { return 0; }
+
 private:
     virtual void chromeDestroyed();