There are a few of wrong removeAllChildren() call
authormorrita@google.com <morrita@google.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 24 Jan 2013 08:23:16 +0000 (08:23 +0000)
committermorrita@google.com <morrita@google.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 24 Jan 2013 08:23:16 +0000 (08:23 +0000)
https://bugs.webkit.org/show_bug.cgi?id=107790

Reviewed by Ryosuke Niwa.

Source/WebCore:

removeAllChildren() is designed for trashing deleting children out.
It doesn't detach() children and could have possible leak.
This change replaces such removeAllChildren() usage with safer removeChildren().

No new tests. Covered by existing tests.

* html/HTMLInputElement.cpp:
(WebCore::HTMLInputElement::parseAttribute):
* html/InputType.cpp:
(WebCore::InputType::destroyShadowSubtree):
* html/ValidationMessage.cpp:
(WebCore::ValidationMessage::setMessageDOMAndStartTimer):
* html/parser/HTMLTreeBuilder.cpp:
(WebCore::HTMLTreeBuilder::processEndTag):

Source/WebKit/qt:

* Api/qwebelement.cpp: Repalced removeAllChildren() with safer removeChildren()
(QWebElement::removeAllChildren):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@140659 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/html/HTMLInputElement.cpp
Source/WebCore/html/InputType.cpp
Source/WebCore/html/ValidationMessage.cpp
Source/WebCore/html/parser/HTMLTreeBuilder.cpp
Source/WebKit/qt/Api/qwebelement.cpp
Source/WebKit/qt/ChangeLog

index 98f174c..e7be08c 100644 (file)
@@ -1,3 +1,25 @@
+2013-01-24  Hajime Morrita  <morrita@google.com>
+
+        There are a few of wrong removeAllChildren() call
+        https://bugs.webkit.org/show_bug.cgi?id=107790
+
+        Reviewed by Ryosuke Niwa.
+
+        removeAllChildren() is designed for trashing deleting children out.
+        It doesn't detach() children and could have possible leak.
+        This change replaces such removeAllChildren() usage with safer removeChildren().
+
+        No new tests. Covered by existing tests.
+
+        * html/HTMLInputElement.cpp:
+        (WebCore::HTMLInputElement::parseAttribute):
+        * html/InputType.cpp:
+        (WebCore::InputType::destroyShadowSubtree):
+        * html/ValidationMessage.cpp:
+        (WebCore::ValidationMessage::setMessageDOMAndStartTimer):
+        * html/parser/HTMLTreeBuilder.cpp:
+        (WebCore::HTMLTreeBuilder::processEndTag):
+
 2013-01-24  Dominic Mazzoni  <dmazzoni@google.com>
 
         AX: should init an AXObject only after AXObjectCache has added it
index b201ee3..6aaf994 100644 (file)
@@ -752,7 +752,8 @@ void HTMLInputElement::parseAttribute(const QualifiedName& name, const AtomicStr
             detach();
             m_inputType->destroyShadowSubtree();
             m_inputType->createShadowSubtree();
-            attach();
+            if (!attached())
+                attach();
         } else {
             m_inputType->destroyShadowSubtree();
             m_inputType->createShadowSubtree();
index 6421777..bc388ef 100644 (file)
@@ -489,14 +489,14 @@ void InputType::destroyShadowSubtree()
     if (!root)
         return;
 
-    root->removeAllChildren();
+    root->removeChildren();
 
     // It's ok to clear contents of all other ShadowRoots because they must have
     // been created by TextFieldDecorationElement, and we don't allow adding
     // AuthorShadowRoot to HTMLInputElement.
     while ((root = root->youngerShadowRoot())) {
 #if ENABLE(SHADOW_DOM)
-        root->removeAllChildren();
+        root->removeChildren();
         root->appendChild(HTMLShadowElement::create(shadowTag, element()->document()));
 #else
         ASSERT_NOT_REACHED();
index 53ec7e4..a6343f9 100644 (file)
@@ -125,8 +125,8 @@ void ValidationMessage::setMessageDOMAndStartTimer(Timer<ValidationMessage>*)
     ASSERT(!validationMessageClient());
     ASSERT(m_messageHeading);
     ASSERT(m_messageBody);
-    m_messageHeading->removeAllChildren();
-    m_messageBody->removeAllChildren();
+    m_messageHeading->removeChildren();
+    m_messageBody->removeChildren();
     Vector<String> lines;
     m_message.split('\n', lines);
     Document* doc = m_messageHeading->document();
index 5e2062f..c70119d 100644 (file)
@@ -2152,7 +2152,7 @@ void HTMLTreeBuilder::processEndTag(AtomicHTMLToken* token)
             m_scriptToProcess = m_tree.currentElement();
             m_tree.openElements()->pop();
             if (isParsingFragment() && !scriptingContentIsAllowed(m_fragmentContext.scriptingPermission()))
-                m_scriptToProcess->removeAllChildren();
+                m_scriptToProcess->removeChildren();
             setInsertionMode(m_originalInsertionMode);
 
             // This token will not have been created by the tokenizer if a
index 82f579d..3b09ebb 100644 (file)
@@ -1198,7 +1198,7 @@ void QWebElement::removeAllChildren()
     if (!m_element)
         return;
 
-    m_element->removeAllChildren();
+    m_element->removeChildren();
 }
 
 // FIXME: This code, and all callers are wrong, and have no place in a
index 973eb80..211c116 100644 (file)
@@ -1,3 +1,13 @@
+2013-01-24  Hajime Morrita  <morrita@google.com>
+
+        There are a few of wrong removeAllChildren() call
+        https://bugs.webkit.org/show_bug.cgi?id=107790
+
+        Reviewed by Ryosuke Niwa.
+
+        * Api/qwebelement.cpp: Repalced removeAllChildren() with safer removeChildren()
+        (QWebElement::removeAllChildren):
+
 2013-01-23  Shinya Kawanaka  <shinyak@chromium.org>
 
         shadowAncestorNode() should be renamed to deprecatedShadowAncestorNode()