Reviewed by Darin, landed by Beth.
- fixed http://bugs.webkit.org/show_bug.cgi?id=15765
The call to HTMLTokenizer::write might result in a call to ::end which will invoke
HTMLParser::finished() or Document::finishedParsing(). HTMLParser::finished() will eventually
call Document::finishedParsing. The Document will delete the calling HTMLTokenizer and from the deleted
tokenizer we will call into FrameLoader::tokenizerProcessedData.
-) FrameLoader::tokenizerProcessedData calls FrameLoader::checkCompleted which gets called from the Document::finishedParsing
(FrameLoader::finishedParsing).
* html/HTMLTokenizer.cpp:
(WebCore::HTMLTokenizer::timerFired):
LayoutTests:
Reviewed by Darin, landed by Beth.
-test for http://bugs.webkit.org/show_bug.cgi?id=15765
Gmail hitting an assert in FrameLoader::tokenizerProcessedData
* http/tests/loading/gmail-assert-on-load-expected.txt: Added.
* http/tests/loading/gmail-assert-on-load.html: Added.
* http/tests/loading/resources/gmail-assert-on-load-frame.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@29655
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2008-01-18 Holger Hans Peter Freyther <holger.freyther@trolltech.com>
+
+ Reviewed by Darin, landed by Beth.
+
+ -test for http://bugs.webkit.org/show_bug.cgi?id=15765
+ Gmail hitting an assert in FrameLoader::tokenizerProcessedData
+
+ * http/tests/loading/gmail-assert-on-load-expected.txt: Added.
+ * http/tests/loading/gmail-assert-on-load.html: Added.
+ * http/tests/loading/resources/gmail-assert-on-load-frame.html: Added.
+
2008-01-18 Sam Weinig <sam@webkit.org>
Reviewed by Beth Dakin.
--- /dev/null
+main frame - didStartProvisionalLoadForFrame
+main frame - willCloseFrame
+main frame - didCommitLoadForFrame
+main frame - didClearWindowObjectForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - willCloseFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didClearWindowObjectForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test provokes HTMLTokenizer::timerFired to be called and from within timerFired we want to call WebCore::pageDestroyed.
+
+You pass this test if you don't see an ASSERT. This is from http://bugs.webkit.org/show_bug.cgi?id=15765.
+
+
--- /dev/null
+<html>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+}
+</script>
+<body>
+<p>This test provokes HTMLTokenizer::timerFired to be called and from within timerFired we want to call WebCore::pageDestroyed.</p>
+<p>You pass this test if you don't see an ASSERT. This is from http://bugs.webkit.org/show_bug.cgi?id=15765.</p>
+<iframe src="resources/gmail-assert-on-load-frame.html"></iframe>
+</body>
--- /dev/null
+<script>
+function destroyIt() {
+ frameElement.parentNode.removeChild(frameElement);
+}
+</script>
+<script>
+ // Force a sleep for 1 second, to make sure the rest of the parsing is done
+ // via a timer.
+ var start = new Date()
+ var startMS = start.getTime()
+ while (true) {
+ var now = new Date()
+ if (now.getTime() - startMS > 1000) {
+ break;
+ }
+ }
+</script>
+
+<body onload="destroyIt()">
+</body>
+2008-01-18 Holger Hans Peter Freyther <holger.freyther@trolltech.com>
+
+ Reviewed by Darin, landed by Beth.
+
+ - fixed http://bugs.webkit.org/show_bug.cgi?id=15765
+
+ The call to HTMLTokenizer::write might result in a call to ::end which will invoke
+ HTMLParser::finished() or Document::finishedParsing(). HTMLParser::finished() will eventually
+ call Document::finishedParsing. The Document will delete the calling HTMLTokenizer and from the deleted
+ tokenizer we will call into FrameLoader::tokenizerProcessedData.
+ -) FrameLoader::tokenizerProcessedData calls FrameLoader::checkCompleted which gets called from the Document::finishedParsing
+ (FrameLoader::finishedParsing).
+
+ * html/HTMLTokenizer.cpp:
+ (WebCore::HTMLTokenizer::timerFired):
+
2008-01-18 David Hyatt <hyatt@apple.com>
Don't apply the border/margin/padding check to root line boxes, since their renderers
m_timer.startOneShot(0);
return;
}
-
- RefPtr<Frame> frame = m_fragment ? 0 : m_doc->frame();
- // Invoke write() as though more data came in.
- bool didCallEnd = write(SegmentedString(), true);
-
- // If we called end() during the write, we need to let WebKit know that we're done processing the data.
- if (didCallEnd && frame)
- frame->loader()->tokenizerProcessedData();
+ // Invoke write() as though more data came in. This might cause us to get deleted.
+ write(SegmentedString(), true);
}
void HTMLTokenizer::end()
git://git.webkit.org / WebKit-https.git / commitdiff