REGRESSION (r173801): Use after free in WebCore::NotificationCenter::~NotificationCenter
authordarin@apple.com <darin@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 26 Apr 2015 21:18:15 +0000 (21:18 +0000)
committerdarin@apple.com <darin@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 26 Apr 2015 21:18:15 +0000 (21:18 +0000)
commitb3274485565dd7ce776bc4ac4b22be057bf2bf8a
treeb6d4efc86473fd6bcfe4ef9b08ddce12c68b0ee3
parentc4ba99bbd684c2efd618ee99c57ad1a3a9a26a2e
REGRESSION (r173801): Use after free in WebCore::NotificationCenter::~NotificationCenter
https://bugs.webkit.org/show_bug.cgi?id=137163

Reviewed by Andy Estes.

Source/WebCore:

Test: fast/notifications/request-notification-permission-while-reloading.html

The test doesn't crash under WebKit2, but that's still OK for our purposes.

* Modules/notifications/NotificationCenter.cpp:
(WebCore::NotificationCenter::NotificationCenter): Initialize m_timer.
(WebCore::NotificationCenter::createNotification): Moved here from the header.
(WebCore::NotificationCenter::requestPermission): Start the timer and ref the notification
center when we need to defer a callback. Also use a lambda for the callback and changed
the argument to match what the bindings actually pass. Before we said PassRefPtr, but the
bindings were not transferring ownership of the VoidCallback. The new type is a little
strange but it's consistent with how the bindings work right now.
(WebCore::NotificationCenter::timerFired): Added. Calls all the callbacks, then does a deref
to match the ref we did above.
(WebCore::NotificationCenter::requestTimedOut): Deleted.
(WebCore::NotificationCenter::NotificationRequestCallback::createAndStartTimer): Deleted.
(WebCore::NotificationCenter::NotificationRequestCallback::NotificationRequestCallback): Deleted.
(WebCore::NotificationCenter::NotificationRequestCallback::startTimer): Deleted.
(WebCore::NotificationCenter::NotificationRequestCallback::timerFired): Deleted.

* Modules/notifications/NotificationCenter.h: Reorganized the header to be a bit more tidy.
Changed the argument type for requestPermission to match the reality of what's passed by the
bindings. Removed NotificationRequestCallback and replaced the m_callbacks HashSet with a
vector of std::function.

LayoutTests:

* fast/notifications/request-notification-permission-while-reloading-expected.txt: Added.
* fast/notifications/request-notification-permission-while-reloading.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@183365 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/notifications/request-notification-permission-while-reloading-expected.txt [new file with mode: 0644]
LayoutTests/fast/notifications/request-notification-permission-while-reloading.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/Modules/notifications/NotificationCenter.cpp
Source/WebCore/Modules/notifications/NotificationCenter.h