../WebCore: Manual test for <rdar://problem/9329741> Reproducible crash in WebChromeC...
authormitz@apple.com <mitz@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 24 Apr 2011 18:29:49 +0000 (18:29 +0000)
committermitz@apple.com <mitz@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 24 Apr 2011 18:29:49 +0000 (18:29 +0000)
https://bugs.webkit.org/show_bug.cgi?id=59299

Reviewed by Maciej Stachowiak.

* manual-tests/back-from-document-with-scrollbar.html: Added.

../WebKit2: <rdar://problem/9329741> Reproducible crash in WebChromeClient::invalidateContentsAndWindow() on simonscat.com
https://bugs.webkit.org/show_bug.cgi?id=59299

Reviewed by Maciej Stachowiak.

* WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::invalidateContentsAndWindow): Null-check the document.
(WebKit::WebChromeClient::invalidateContentsForSlowScroll): Ditto.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@84757 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/manual-tests/back-from-document-with-scrollbar.html [new file with mode: 0644]
Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/WebCoreSupport/WebChromeClient.cpp

index b30a61b..57e11e1 100644 (file)
@@ -1,3 +1,12 @@
+2011-04-24  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Manual test for <rdar://problem/9329741> Reproducible crash in WebChromeClient::invalidateContentsAndWindow() on simonscat.com
+        https://bugs.webkit.org/show_bug.cgi?id=59299
+
+        * manual-tests/back-from-document-with-scrollbar.html: Added.
+
 2011-04-24  Rik Cabanier  <cabanier@adobe.com>
 
         Reviewed by Simon Fraser.
diff --git a/Source/WebCore/manual-tests/back-from-document-with-scrollbar.html b/Source/WebCore/manual-tests/back-from-document-with-scrollbar.html
new file mode 100644 (file)
index 0000000..800437f
--- /dev/null
@@ -0,0 +1,42 @@
+<html>
+<head>
+<script>
+
+function navigate()
+{
+    if (location.hash == "") {
+        if (window.layoutTestController) {
+            layoutTestController.dumpAsText();
+            layoutTestController.waitUntilDone();
+        }
+
+        history.pushState({ }, "", window.location + "#1");
+        setTimeout(function() {
+            window.location.href = 'data:text/html, \
+                <html style="height: 200%"> \
+                <body onunload=""> \
+                <script> \
+                    document.body.offsetWidth; \
+                    setTimeout("window.history.back();", 0); \
+                <' + '/script> \
+                </body> \
+                </html> \
+            ';
+        }, 0);
+        return;
+    }
+
+    setTimeout(function () { 
+        var result = document.getElementById("result");
+        result.innerHTML = "Success if the web process did not crash."
+        if (window.layoutTestController)
+            layoutTestController.notifyDone();
+    }, 0);
+}
+
+</script>
+</head>
+<body onpageshow="navigate();">
+    <div id="result">Test did not complete</div>
+</body>
+</htmL>
index 91b2469..c24d66d 100644 (file)
@@ -1,3 +1,14 @@
+2011-04-24  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        <rdar://problem/9329741> Reproducible crash in WebChromeClient::invalidateContentsAndWindow() on simonscat.com
+        https://bugs.webkit.org/show_bug.cgi?id=59299
+
+        * WebProcess/WebCoreSupport/WebChromeClient.cpp:
+        (WebKit::WebChromeClient::invalidateContentsAndWindow): Null-check the document.
+        (WebKit::WebChromeClient::invalidateContentsForSlowScroll): Ditto.
+
 2011-04-23  Sheriff Bot  <webkit.review.bot@gmail.com>
 
         Unreviewed, rolling out r84740.
index 575dfb5..f070904 100644 (file)
@@ -356,15 +356,21 @@ void WebChromeClient::invalidateWindow(const IntRect&, bool)
 
 void WebChromeClient::invalidateContentsAndWindow(const IntRect& rect, bool)
 {
-    if (m_page->corePage()->mainFrame()->document()->printing())
-        return;
+    if (Document* document = m_page->corePage()->mainFrame()->document()) {
+        if (document->printing())
+            return;
+    }
+
     m_page->drawingArea()->setNeedsDisplay(rect);
 }
 
 void WebChromeClient::invalidateContentsForSlowScroll(const IntRect& rect, bool)
 {
-    if (m_page->corePage()->mainFrame()->document()->printing())
-        return;
+    if (Document* document = m_page->corePage()->mainFrame()->document()) {
+        if (document->printing())
+            return;
+    }
+
     m_page->pageDidScroll();
     m_page->drawingArea()->setNeedsDisplay(rect);
 }