Fixed <rdar://problem/
4152454> crash in KJS::ExprStatementNode::execute(KJS::ExecState*) in World Clock widget with TOT.
Test cases added:
* layout-tests/fast/dom/gc-4-expected.txt: Added.
* layout-tests/fast/dom/gc-4.html: Added.
* khtml/ecma/kjs_html.cpp:
(KJS::Context2D::mark): mark now (1) checks for NULL pointers and (2)
calls mark on its parent class (DOMObject::mark).
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@9440
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
--- /dev/null
+This test checks for a regression against rdar://problem/4152454 crash in KJS::ExprStatementNode::execute(KJS::ExecState*) in World Clock widget with TOT. The original bug occurred because some objects did not properly mark themselves, and so the garbage collector prematurely destroyed them.
+
+If the test passes, you will see the word "passed" below. Otherwise, it will crash.
+
+
+passed
--- /dev/null
+<html>
+<head>
+<meta http-equiv="content-type" content="text/html; charset=utf-8">
+<script type='text/javascript' charset='utf-8'>
+function print(message) {
+ var paragraph = document.createElement("p");
+ paragraph.appendChild(document.createTextNode(message));
+ document.getElementById("console").appendChild(paragraph);
+}
+
+function test() {
+ if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ }
+
+ for (x = 0; x < 1000; x++) {
+ var canvas = document.getElementById("canvas");
+ var context = canvas.getContext("2d");
+ context.save();
+ }
+
+ print("passed");
+}
+</script>
+</head>
+<body onload="test();">
+<p>This test checks for a regression against <i>rdar://problem/4152454 crash in KJS::ExprStatementNode::execute(KJS::ExecState*) in World Clock widget with TOT</i>. The original bug occurred because some objects did not properly mark themselves, and so the garbage collector prematurely destroyed them.</p>
+<p>If the test passes, you will see the word "passed" below. Otherwise, it will crash.</p>
+<hr>
+<canvas id='canvas' width='172' height='172'/>
+<div id='console'/>
+</body>
+</html>
+2005-06-20 Geoffrey Garen <ggaren@apple.com>
+
+ Changes by Darin. Layout tests by me. Reviewed by me.
+
+ Fixed <rdar://problem/4152454> crash in KJS::ExprStatementNode::execute(KJS::ExecState*) in World Clock widget with TOT.
+
+ Test cases added:
+ * layout-tests/fast/dom/gc-4-expected.txt: Added.
+ * layout-tests/fast/dom/gc-4.html: Added.
+
+ * khtml/ecma/kjs_html.cpp:
+ (KJS::Context2D::mark): mark now (1) checks for NULL pointers and (2)
+ calls mark on its parent class (DOMObject::mark).
+
2005-06-19 Darin Adler <darin@apple.com>
Changes by both Anders Carlsson and me.
ValueImp *v;
v = _strokeStyle;
- if (!v->marked())
+ if (v && !v->marked())
v->mark();
v = _fillStyle;
- if (!v->marked())
+ if (v && !v->marked())
v->mark();
v = _lineWidth;
- if (!v->marked())
+ if (v && !v->marked())
v->mark();
v = _lineCap;
- if (!v->marked())
+ if (v && !v->marked())
v->mark();
v = _lineJoin;
- if (!v->marked())
+ if (v && !v->marked())
v->mark();
v = _miterLimit;
- if (!v->marked())
+ if (v && !v->marked())
v->mark();
v = _shadowOffsetX;
- if (!v->marked())
+ if (v && !v->marked())
v->mark();
v = _shadowOffsetY;
- if (!v->marked())
+ if (v && !v->marked())
v->mark();
v = _shadowBlur;
- if (!v->marked())
+ if (v && !v->marked())
v->mark();
v = _shadowColor;
- if (!v->marked())
+ if (v && !v->marked())
v->mark();
v = _globalAlpha;
- if (!v->marked())
+ if (v && !v->marked())
v->mark();
- v = _globalComposite;;
- if (!v->marked())
+ v = _globalComposite;
+ if (v && !v->marked())
v->mark();
QPtrListIterator<List> it(stateStack);
list->mark();
++it;
}
+
+ DOMObject::mark();
}
const ClassInfo KJS::Gradient::info = { "Gradient", 0, &GradientTable, 0 };
git://git.webkit.org / WebKit-https.git / commitdiff