Title: [106305] trunk
- Revision
- 106305
- Author
- [email protected]
- Date
- 2012-01-30 17:10:53 -0800 (Mon, 30 Jan 2012)
Log Message
<rdar://problem/10707072>
Crashes in WebProcess at WebCore::Node::rendererIsNeeded
Reviewed by Darin Adler.
Source/WebCore:
In specific circumstances a plugin element can be without a render style at the point in time where
the page navigated and enters the page cache.
When this is the cash, the element should not enter into the "custom style for renderer" mode and should
instead use the default render style machinery.
Test: plugins/crash-restoring-pluging-page-from-page-cache.html
* html/HTMLPlugInImageElement.cpp:
(WebCore::HTMLPlugInImageElement::documentWillSuspendForPageCache): Only setHasCustomStyleForRenderer and
forceRecalc if there actually is a custom style to be used.
(WebCore::HTMLPlugInImageElement::documentDidResumeFromPageCache): Only clearHasCustomStyleForRenderer if there
actually was a custom style to be cleared.
(WebCore::HTMLPlugInImageElement::customStyleForRenderer): This should only be called if there actually is a
custom style to be used. Otherwise the element would have to fallback to the "normal" RenderStyle which might
not exist.
LayoutTests:
* plugins/crash-restoring-pluging-page-from-page-cache-expected.txt: Added.
* plugins/crash-restoring-pluging-page-from-page-cache.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (106304 => 106305)
--- trunk/LayoutTests/ChangeLog 2012-01-31 01:07:43 UTC (rev 106304)
+++ trunk/LayoutTests/ChangeLog 2012-01-31 01:10:53 UTC (rev 106305)
@@ -1,3 +1,13 @@
+2012-01-30 Brady Eidson <[email protected]>
+
+ <rdar://problem/10707072>
+ Crashes in WebProcess at WebCore::Node::rendererIsNeeded
+
+ Reviewed by Darin Adler.
+
+ * plugins/crash-restoring-pluging-page-from-page-cache-expected.txt: Added.
+ * plugins/crash-restoring-pluging-page-from-page-cache.html: Added.
+
2012-01-30 Rakesh KN <[email protected]>
single-file input elements should refuse multi-file drags
Added: trunk/LayoutTests/plugins/crash-restoring-pluging-page-from-page-cache-expected.txt (0 => 106305)
--- trunk/LayoutTests/plugins/crash-restoring-pluging-page-from-page-cache-expected.txt (rev 0)
+++ trunk/LayoutTests/plugins/crash-restoring-pluging-page-from-page-cache-expected.txt 2012-01-31 01:10:53 UTC (rev 106305)
@@ -0,0 +1,11 @@
+ALERT: Made it back!
+This test - assuming it will pass - does the following:
+1 - Has nested plugin elements
+2 - Leaves the page, and the page enters the page cache
+3 - Returns, pulling the page from the page cache
+4 - Doesn't crash
+
+If you're not running under DRT, you'll need to leave the page then return to it yourself.
+Some fallback text to force a renderer.
+
+(Yes, the extreme number of object elements are necessary to more reliably reproduce the crash. Leave them.)
Added: trunk/LayoutTests/plugins/crash-restoring-pluging-page-from-page-cache.html (0 => 106305)
--- trunk/LayoutTests/plugins/crash-restoring-pluging-page-from-page-cache.html (rev 0)
+++ trunk/LayoutTests/plugins/crash-restoring-pluging-page-from-page-cache.html 2012-01-31 01:10:53 UTC (rev 106305)
@@ -0,0 +1,94 @@
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+ layoutTestController.overridePreference("WebKitUsesPageCachePreferenceKey", 1);
+ layoutTestController.overridePreference("WebKitPageCacheSupportsPluginsPreferenceKey", 1);
+}
+
+function pageShown() {
+ if (event.persisted)
+ setTimeout("testComplete()", 0);
+ else
+ setTimeout("startTest()", 0);
+}
+
+function testComplete() {
+ alert("Made it back!");
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+
+function startTest() {
+ document.getElementById("ExamplePlugin").setAttribute("style", "display:none");
+ window.location.href = '';
+}
+
+</script>
+
+<style>
+ object { border-color: red; border-width: 2px; border-style:solid; }
+</style>
+</head>
+
+<body _onpageshow_="pageShown();">
+
+This test - assuming it will pass - does the following:<br>
+1 - Has nested plugin elements<br>
+2 - Leaves the page, and the page enters the page cache<br>
+3 - Returns, pulling the page from the page cache<br>
+4 - Doesn't crash<br>
+<br>
+If you're not running under DRT, you'll need to leave the page then return to it yourself.
+<br>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+<object>
+
+<object type="application/x-shockwave-flash" width="500" height="375" id="ExamplePlugin">
+ <img src=""
+</object>
+
+Some fallback text to force a renderer.
+
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object>
+</object><br><br>
+
+(Yes, the extreme number of object elements are necessary to more reliably reproduce the crash. Leave them.)
+</body>
Modified: trunk/Source/WebCore/ChangeLog (106304 => 106305)
--- trunk/Source/WebCore/ChangeLog 2012-01-31 01:07:43 UTC (rev 106304)
+++ trunk/Source/WebCore/ChangeLog 2012-01-31 01:10:53 UTC (rev 106305)
@@ -1,3 +1,27 @@
+2012-01-30 Brady Eidson <[email protected]>
+
+ <rdar://problem/10707072>
+ Crashes in WebProcess at WebCore::Node::rendererIsNeeded
+
+ Reviewed by Darin Adler.
+
+ In specific circumstances a plugin element can be without a render style at the point in time where
+ the page navigated and enters the page cache.
+
+ When this is the cash, the element should not enter into the "custom style for renderer" mode and should
+ instead use the default render style machinery.
+
+ Test: plugins/crash-restoring-pluging-page-from-page-cache.html
+
+ * html/HTMLPlugInImageElement.cpp:
+ (WebCore::HTMLPlugInImageElement::documentWillSuspendForPageCache): Only setHasCustomStyleForRenderer and
+ forceRecalc if there actually is a custom style to be used.
+ (WebCore::HTMLPlugInImageElement::documentDidResumeFromPageCache): Only clearHasCustomStyleForRenderer if there
+ actually was a custom style to be cleared.
+ (WebCore::HTMLPlugInImageElement::customStyleForRenderer): This should only be called if there actually is a
+ custom style to be used. Otherwise the element would have to fallback to the "normal" RenderStyle which might
+ not exist.
+
2012-01-30 Anders Carlsson <[email protected]>
Show debug borders for individual tile cache tiles
Modified: trunk/Source/WebCore/html/HTMLPlugInImageElement.cpp (106304 => 106305)
--- trunk/Source/WebCore/html/HTMLPlugInImageElement.cpp 2012-01-31 01:07:43 UTC (rev 106304)
+++ trunk/Source/WebCore/html/HTMLPlugInImageElement.cpp 2012-01-31 01:10:53 UTC (rev 106305)
@@ -217,25 +217,23 @@
void HTMLPlugInImageElement::documentWillSuspendForPageCache()
{
- if (RenderStyle* rs = renderStyle()) {
- m_customStyleForPageCache = RenderStyle::clone(rs);
+ if (RenderStyle* renderStyle = this->renderStyle()) {
+ m_customStyleForPageCache = RenderStyle::clone(renderStyle);
m_customStyleForPageCache->setDisplay(NONE);
- }
+ setHasCustomStyleForRenderer();
- setHasCustomStyleForRenderer();
-
- if (m_customStyleForPageCache)
recalcStyle(Force);
-
+ }
+
HTMLPlugInElement::documentWillSuspendForPageCache();
}
void HTMLPlugInImageElement::documentDidResumeFromPageCache()
{
- clearHasCustomStyleForRenderer();
-
if (m_customStyleForPageCache) {
m_customStyleForPageCache = 0;
+ clearHasCustomStyleForRenderer();
+
recalcStyle(Force);
}
@@ -244,9 +242,7 @@
PassRefPtr<RenderStyle> HTMLPlugInImageElement::customStyleForRenderer()
{
- if (!m_customStyleForPageCache)
- return renderStyle();
-
+ ASSERT(m_customStyleForPageCache);
return m_customStyleForPageCache;
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
