From 64662c80a86eed23bc4a87c8ec998cf458ebd11b Mon Sep 17 00:00:00 2001 From: "mjs@apple.com" Date: Mon, 6 Oct 2008 06:44:03 +0000 Subject: [PATCH] 2008-10-05 Darin Fisher Reviewed by Eric Seidel. REGRESSION: crash in ScriptElement::notifyFinished Fixes https://bugs.webkit.org/show_bug.cgi?id=21329 * dom/ScriptElement.cpp: (WebCore::ScriptElementData::notifyFinished): Revert part of r35744 to ensure that the ScriptElementData object is not destroyed prematurely. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@37327 268f45cc-cd09-0410-ab3c-d52691b4dbfc --- WebCore/ChangeLog | 11 +++++++++++ WebCore/dom/ScriptElement.cpp | 5 ++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog index 958e393846bf..981a8fe237da 100644 --- a/WebCore/ChangeLog +++ b/WebCore/ChangeLog @@ -1,3 +1,14 @@ +2008-10-05 Darin Fisher + + Reviewed by Eric Seidel. + + REGRESSION: crash in ScriptElement::notifyFinished + Fixes https://bugs.webkit.org/show_bug.cgi?id=21329 + + * dom/ScriptElement.cpp: + (WebCore::ScriptElementData::notifyFinished): Revert part of r35744 to + ensure that the ScriptElementData object is not destroyed prematurely. + 2008-10-05 Chris Lord Reviewed by Alp Toker. Landed by Jan Alonzo. diff --git a/WebCore/dom/ScriptElement.cpp b/WebCore/dom/ScriptElement.cpp index 719209b4203e..5071afc70098 100644 --- a/WebCore/dom/ScriptElement.cpp +++ b/WebCore/dom/ScriptElement.cpp @@ -186,10 +186,13 @@ void ScriptElementData::notifyFinished(CachedResource* o) CachedScript* cs = static_cast(o); ASSERT(cs == m_cachedScript); + // Evaluating the script could lead to a garbage collection which can + // delete the script element so we need to protect it and us with it! + RefPtr protector(m_element); + if (cs->errorOccurred()) m_scriptElement->dispatchErrorEvent(); else { - RefPtr protector(m_element); evaluateScript(cs->url(), cs->script()); m_scriptElement->dispatchLoadEvent(); } -- 2.36.0