2008-10-05 Darin Fisher <darin@chromium.org>
authormjs@apple.com <mjs@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 6 Oct 2008 06:44:03 +0000 (06:44 +0000)
committermjs@apple.com <mjs@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 6 Oct 2008 06:44:03 +0000 (06:44 +0000)
        Reviewed by Eric Seidel.

        REGRESSION: crash in ScriptElement::notifyFinished
        Fixes https://bugs.webkit.org/show_bug.cgi?id=21329

        * dom/ScriptElement.cpp:
        (WebCore::ScriptElementData::notifyFinished): Revert part of r35744 to
        ensure that the ScriptElementData object is not destroyed prematurely.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@37327 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebCore/ChangeLog
WebCore/dom/ScriptElement.cpp

index 958e393846bf4422c453ceb041bc27eb716d167a..981a8fe237da0fd0e523c5b22ed3705a4538bd71 100644 (file)
@@ -1,3 +1,14 @@
+2008-10-05  Darin Fisher  <darin@chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        REGRESSION: crash in ScriptElement::notifyFinished
+        Fixes https://bugs.webkit.org/show_bug.cgi?id=21329
+
+        * dom/ScriptElement.cpp:
+        (WebCore::ScriptElementData::notifyFinished): Revert part of r35744 to
+        ensure that the ScriptElementData object is not destroyed prematurely.
+
 2008-10-05  Chris Lord  <chris@openedhand.com>
 
         Reviewed by Alp Toker. Landed by Jan Alonzo.
index 719209b4203ee6e6cea8265437c0538314c2cb64..5071afc70098a92872f3749be1ef0d2ddb92ac48 100644 (file)
@@ -186,10 +186,13 @@ void ScriptElementData::notifyFinished(CachedResource* o)
     CachedScript* cs = static_cast<CachedScript*>(o);
     ASSERT(cs == m_cachedScript);
 
+    // Evaluating the script could lead to a garbage collection which can
+    // delete the script element so we need to protect it and us with it!
+    RefPtr<Element> protector(m_element);
+
     if (cs->errorOccurred())
         m_scriptElement->dispatchErrorEvent();
     else {
-        RefPtr<Element> protector(m_element);
         evaluateScript(cs->url(), cs->script());
         m_scriptElement->dispatchLoadEvent();
     }