Reviewed by Darin.
authordarin <darin@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 29 Jul 2006 15:21:41 +0000 (15:21 +0000)
committerdarin <darin@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 29 Jul 2006 15:21:41 +0000 (15:21 +0000)
        http://bugzilla.opendarwin.org/show_bug.cgi?id=10022
        Bug 10022: REGRESSION: Crash in WebCore::XMLTokenizer::characters

        * dom/XMLTokenizer.cpp:
        (WebCore::XMLTokenizer::resumeParsing): If the write() call resulted in new callbacks being
        added, don't call through to end() just yet.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@15689 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebCore/ChangeLog
WebCore/dom/XMLTokenizer.cpp

index d08d3c440b4c4a1a3992c86c04d8dd30cce46515..68126eec21b6f0bc2ddd8d5b767f78631c695cce 100644 (file)
@@ -1,3 +1,14 @@
+2006-07-29  Mark Rowe  <opendarwin.org@bdash.net.nz>
+
+        Reviewed by Darin.
+
+        http://bugzilla.opendarwin.org/show_bug.cgi?id=10022
+        Bug 10022: REGRESSION: Crash in WebCore::XMLTokenizer::characters
+
+        * dom/XMLTokenizer.cpp:
+        (WebCore::XMLTokenizer::resumeParsing): If the write() call resulted in new callbacks being
+        added, don't call through to end() just yet.
+
 2006-07-29  Mitz Pettel  <opendarwin.org@mitzpettel.com>
 
         Reviewed by John Sullivan.
index 646e531d8d60dbc840e6642e0f3bd1d4e403d214..429829eec44d8cb28317aecf765695f42149f55f 100644 (file)
@@ -1427,9 +1427,10 @@ void XMLTokenizer::resumeParsing()
     SegmentedString rest = m_pendingSrc;
     m_pendingSrc.clear();
     write(rest, false);
-    
-    // Finally, if finish() has been called, call end()
-    if (m_finishCalled)
+
+    // Finally, if finish() has been called and write() didn't result
+    // in any further callbacks being queued, call end()
+    if (m_finishCalled && m_pendingCallbacks->isEmpty())
         end();
 }