[webkit-changes] cvs commit: WebCore/kwq KWQKHTMLPart.mm
Geoffrey
ggaren at opensource.apple.com
Thu Dec 29 02:36:24 PST 2005
ggaren 05/12/29 02:36:23
Modified: . ChangeLog
kwq KWQKHTMLPart.mm
Log:
Reviewed by mjs.
- Fixed <rdar://problem/4325722> crash in KJS::Bindings::dispatchJNICall
due to liveconnect call from Java after Java PlugInView has been
deallocated @ www.binarybet.com
AKA
http://bugzilla.opendarwin.org/show_bug.cgi?id=5518
We had code that checked for whether a call came from a live PlugIn,
but the live PlugIn dictionary would only get cleared when the
KWQKHTMLPart was destroyed. Since a single part can service multiple
loads, the dictionary needs to clear after each one.
No layout test because this bug is difficult to reproduce.
* kwq/KWQKHTMLPart.mm:
(KWQKHTMLPart::~KWQKHTMLPart):
(1) Unrelated cleanup: Removed manual clearing of form values,
replaced with call to clearRecordedFormValues().
(2) Replaced PlugIn dictionary cleanup code and view deref call
with call to setView(0), since much of this code was duplicated in
setView, and the stuff that wasn't duplicated needed to be.
(KWQKHTMLPart::setView):
(1) Removed some unnecessary braces.
(2) Added PlugIn dictionary cleanup code.
(3) New behavior: clear _bindingRoot and _windowScriptObject after
each view change. This is needed because after a call to
clenaupPluginRootObjects(), both objects have stale references.
(4) Changed a NULL to a 0.
(KWQKHTMLPart::cleanupPluginRootObjects): Removed extra space.
Revision Changes Path
1.53 +35 -0 WebCore/ChangeLog
Index: ChangeLog
===================================================================
RCS file: /cvs/root/WebCore/ChangeLog,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -r1.52 -r1.53
--- ChangeLog 29 Dec 2005 08:20:36 -0000 1.52
+++ ChangeLog 29 Dec 2005 10:36:22 -0000 1.53
@@ -1,3 +1,38 @@
+2005-12-28 Geoffrey Garen <ggaren at apple.com>
+
+ Reviewed by mjs.
+
+ - Fixed <rdar://problem/4325722> crash in KJS::Bindings::dispatchJNICall
+ due to liveconnect call from Java after Java PlugInView has been
+ deallocated @ www.binarybet.com
+ AKA
+ http://bugzilla.opendarwin.org/show_bug.cgi?id=5518
+
+ We had code that checked for whether a call came from a live PlugIn,
+ but the live PlugIn dictionary would only get cleared when the
+ KWQKHTMLPart was destroyed. Since a single part can service multiple
+ loads, the dictionary needs to clear after each one.
+
+ No layout test because this bug is difficult to reproduce.
+
+ * kwq/KWQKHTMLPart.mm:
+ (KWQKHTMLPart::~KWQKHTMLPart):
+ (1) Unrelated cleanup: Removed manual clearing of form values,
+ replaced with call to clearRecordedFormValues().
+ (2) Replaced PlugIn dictionary cleanup code and view deref call
+ with call to setView(0), since much of this code was duplicated in
+ setView, and the stuff that wasn't duplicated needed to be.
+
+ (KWQKHTMLPart::setView):
+ (1) Removed some unnecessary braces.
+ (2) Added PlugIn dictionary cleanup code.
+ (3) New behavior: clear _bindingRoot and _windowScriptObject after
+ each view change. This is needed because after a call to
+ clenaupPluginRootObjects(), both objects have stale references.
+ (4) Changed a NULL to a 0.
+
+ (KWQKHTMLPart::cleanupPluginRootObjects): Removed extra space.
+
2005-12-28 Anders Carlsson <andersca at mac.com>
Reviewed by Maciej.
1.712 +14 -21 WebCore/kwq/KWQKHTMLPart.mm
Index: KWQKHTMLPart.mm
===================================================================
RCS file: /cvs/root/WebCore/kwq/KWQKHTMLPart.mm,v
retrieving revision 1.711
retrieving revision 1.712
diff -u -r1.711 -r1.712
--- KWQKHTMLPart.mm 23 Dec 2005 18:44:35 -0000 1.711
+++ KWQKHTMLPart.mm 29 Dec 2005 10:36:23 -0000 1.712
@@ -177,20 +177,10 @@
KWQKHTMLPart::~KWQKHTMLPart()
{
- cleanupPluginRootObjects();
-
+ setView(0);
mutableInstances().remove(this);
- if (d->m_view) {
- d->m_view->deref();
- }
freeClipboard();
- // these are all basic Foundation classes and our own classes - we
- // know they will not raise in dealloc, so no need to block
- // exceptions.
- KWQRelease(_formValuesAboutToBeSubmitted);
- KWQRelease(_formAboutToBeSubmitted);
-
- KWQRelease(_windowScriptObject);
+ clearRecordedFormValues();
delete _windowWidget;
}
@@ -790,25 +780,28 @@
return NULL;
}
-
+
void KWQKHTMLPart::setView(KHTMLView *view)
{
// Detach the document now, so any onUnload handlers get run - if
// we wait until the view is destroyed, then things won't be
// hooked up enough for some JavaScript calls to work.
- if (d->m_doc && view == NULL) {
+ if (d->m_doc && view == 0)
d->m_doc->detach();
- }
-
- if (view) {
+
+ if (view)
view->ref();
- }
- if (d->m_view) {
+ if (d->m_view)
d->m_view->deref();
- }
d->m_view = view;
setWidget(view);
+ // Delete old PlugIn data structures
+ cleanupPluginRootObjects();
+ _bindingRoot = 0;
+ KWQRelease(_windowScriptObject);
+ _windowScriptObject = 0;
+
// Only one form submission is allowed per view of a part.
// Since this part may be getting reused as a result of being
// pulled from the back/forward cache, reset this flag.
@@ -3931,7 +3924,7 @@
KJS::Bindings::RootObject *root;
while ((root = rootObjects.getLast())) {
- root->removeAllNativeReferences ();
+ root->removeAllNativeReferences();
rootObjects.removeLast();
}
}
More information about the webkit-changes
mailing list