fixed <rdar://problem/3482852>: oft-seen, non-repro, nil-deref in
authorsullivan <sullivan@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 16 Dec 2003 19:33:46 +0000 (19:33 +0000)
committersullivan <sullivan@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 16 Dec 2003 19:33:46 +0000 (19:33 +0000)
        HTMLTokenizer::notifyFinished (snapfish.com, etc.)

        At least one of the dupes of this bug is a separate (still reproducible) issue;
        I'll clone it back to life and test the others.

        Reviewed by Darin.

        * khtml/html/htmltokenizer.cpp:
        (HTMLTokenizer::notifyFinished):
        Move check of cachedScript.isEmpty() until after scriptExecution()
        call, because cachedScript.isEmpty() value can be changed by that call.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@5805 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebCore/ChangeLog-2005-08-23
WebCore/khtml/html/htmltokenizer.cpp

index 4b51a7f45ce45391edd2ba34830f7c0855e42c13..3206ffdccfee2a6e4165ee70cf62f1a19915f4f4 100644 (file)
@@ -1,3 +1,18 @@
+2003-12-16  John Sullivan  <sullivan@apple.com>
+
+        fixed <rdar://problem/3482852>: oft-seen, non-repro, nil-deref in 
+        HTMLTokenizer::notifyFinished (snapfish.com, etc.)
+        
+        At least one of the dupes of this bug is a separate (still reproducible) issue;
+        I'll clone it back to life and test the others.
+
+        Reviewed by Darin.
+
+        * khtml/html/htmltokenizer.cpp:
+        (HTMLTokenizer::notifyFinished):
+        Move check of cachedScript.isEmpty() until after scriptExecution()
+        call, because cachedScript.isEmpty() value can be changed by that call.
+
 2003-12-15  David Hyatt  <hyatt@apple.com>
 
        Fix for 3508807, positions/sizes wrong for text elts and multi-line elts for accessibility.
index 9c222d4e8b6d83f847eb190861880fc97fa9b9f8..789143661420cbddb8bef255ee69db21af0c45f2 100644 (file)
@@ -1809,8 +1809,6 @@ void HTMLTokenizer::notifyFinished(CachedObject */*finishedObj*/)
         kdDebug( 6036 ) << "Finished loading an external script" << endl;
 #endif
         CachedScript* cs = cachedScript.dequeue();
-        finished = cachedScript.isEmpty();
-        if (finished) loadingExtScript = false;
         DOMString scriptSource = cs->script();
 #ifdef TOKEN_DEBUG
         kdDebug( 6036 ) << "External script is:" << endl << scriptSource.string() << endl;
@@ -1823,6 +1821,10 @@ void HTMLTokenizer::notifyFinished(CachedObject */*finishedObj*/)
         cs->deref(this);
 
        scriptExecution( scriptSource.string(), cachedScriptUrl );
+        // cachedScript.isEmpty() can change inside the scriptExecution() call above,
+        // so don't test it until afterwards.
+        finished = cachedScript.isEmpty();
+        if (finished) loadingExtScript = false;
 
         // 'script' is true when we are called synchronously from
         // parseScript(). In that case parseScript() will take care