Diff
Modified: trunk/Source/WebCore/ChangeLog (111271 => 111272)
--- trunk/Source/WebCore/ChangeLog 2012-03-19 23:46:13 UTC (rev 111271)
+++ trunk/Source/WebCore/ChangeLog 2012-03-19 23:59:07 UTC (rev 111272)
@@ -1,3 +1,27 @@
+2012-03-19 Brady Eidson <[email protected]>
+
+ <rdar://problem/10917120> and https://bugs.webkit.org/show_bug.cgi?id=81066
+ Crash in 3rd party WebKit apps under XHR/Cache code
+
+ Reviewed by Antti Koivisto.
+
+ No new layout tests.
+ TestWebKitAPI test MemoryCachePruneWithinResourceLoadDelegate included
+
+ A CachedResource representing an XHR was being deleted by cache pruning during a delegate callback.
+ This worked until http://trac.webkit.org/changeset/98380
+
+ * history/PageCache.cpp:
+ (WebCore::PageCache::releaseAutoreleasedPagesNow): Only trigger pruning after the page cache
+ autorelease if it was enabled before.
+
+ * loader/cache/CachedResourceLoader.cpp:
+ (WebCore::CachedResourceLoader::loadResource): Disable pruning before loading the resource and
+ re-enable it afterwards if necessary.
+
+ * loader/cache/MemoryCache.h:
+ (WebCore::MemoryCache::pruneEnabled):
+
2012-03-19 Anders Carlsson <[email protected]>
Fix Windows build.
Modified: trunk/Source/WebCore/history/PageCache.cpp (111271 => 111272)
--- trunk/Source/WebCore/history/PageCache.cpp 2012-03-19 23:46:13 UTC (rev 111271)
+++ trunk/Source/WebCore/history/PageCache.cpp 2012-03-19 23:59:07 UTC (rev 111272)
@@ -503,6 +503,7 @@
m_autoreleaseTimer.stop();
// Postpone dead pruning until all our resources have gone dead.
+ bool pruneWasEnabled = memoryCache()->pruneEnabled();
memoryCache()->setPruneEnabled(false);
CachedPageSet tmp;
@@ -513,8 +514,10 @@
(*it)->destroy();
// Now do the prune.
- memoryCache()->setPruneEnabled(true);
- memoryCache()->prune();
+ if (pruneWasEnabled) {
+ memoryCache()->setPruneEnabled(true);
+ memoryCache()->prune();
+ }
}
void PageCache::autorelease(PassRefPtr<CachedPage> page)
Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (111271 => 111272)
--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2012-03-19 23:46:13 UTC (rev 111271)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2012-03-19 23:59:07 UTC (rev 111272)
@@ -508,7 +508,11 @@
resource->setInCache(true);
resource->setLoadPriority(priority);
+
+ bool wasPruneEnabled = memoryCache()->pruneEnabled();
+ memoryCache()->setPruneEnabled(false);
resource->load(this, options);
+ memoryCache()->setPruneEnabled(wasPruneEnabled);
if (!inCache) {
resource->setOwningCachedResourceLoader(this);
Modified: trunk/Source/WebCore/loader/cache/MemoryCache.h (111271 => 111272)
--- trunk/Source/WebCore/loader/cache/MemoryCache.h 2012-03-19 23:46:13 UTC (rev 111271)
+++ trunk/Source/WebCore/loader/cache/MemoryCache.h 2012-03-19 23:59:07 UTC (rev 111272)
@@ -129,6 +129,7 @@
void evictResources();
void setPruneEnabled(bool enabled) { m_pruneEnabled = enabled; }
+ bool pruneEnabled() const { return m_pruneEnabled; }
void prune();
void pruneToPercentage(float targetPercentLive);
Modified: trunk/Tools/ChangeLog (111271 => 111272)
--- trunk/Tools/ChangeLog 2012-03-19 23:46:13 UTC (rev 111271)
+++ trunk/Tools/ChangeLog 2012-03-19 23:59:07 UTC (rev 111272)
@@ -1,5 +1,22 @@
2012-03-19 Brady Eidson <[email protected]>
+ <rdar://problem/10917120> and https://bugs.webkit.org/show_bug.cgi?id=81066
+ Crash in 3rd party WebKit apps under XHR/Cache code
+
+ Reviewed by Antti Koivisto.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/mac/MemoryCachePruneWithinResourceLoadDelegate.html: Added.
+ * TestWebKitAPI/Tests/mac/MemoryCachePruneWithinResourceLoadDelegate.mm: Added.
+ (-[MemoryCachePruneTestResourceLoadDelegate webView:identifierForInitialRequest:fromDataSource:]):
+ (-[MemoryCachePruneTestResourceLoadDelegate webView:resource:willSendRequest:redirectResponse:fromDataSource:]):
+ (-[MemoryCachePruneTestResourceLoadDelegate webView:resource:didFinishLoadingFromDataSource:]):
+ (-[MemoryCachePruneTestResourceLoadDelegate webView:resource:didFailLoadingWithError:fromDataSource:]):
+ (TestWebKitAPI):
+ (TestWebKitAPI::TEST):
+
+2012-03-19 Brady Eidson <[email protected]>
+
<rdar://problem/10848575> and https://bugs.webkit.org/show_bug.cgi?id=81516
REGRESSION (r107435) URLs copied from WebKit apps aren't in the right pasteboard format
Modified: trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (111271 => 111272)
--- trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2012-03-19 23:46:13 UTC (rev 111271)
+++ trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2012-03-19 23:59:07 UTC (rev 111272)
@@ -40,6 +40,8 @@
4BFDFFA9131477770061F24B /* HitTestResultNodeHandle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4BFDFFA8131477770061F24B /* HitTestResultNodeHandle.cpp */; };
5142B2711517C88B00C32B19 /* ContextMenuCanCopyURL.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5142B2701517C88B00C32B19 /* ContextMenuCanCopyURL.mm */; };
5142B2731517C8C800C32B19 /* ContextMenuCanCopyURL.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 5142B2721517C89100C32B19 /* ContextMenuCanCopyURL.html */; };
+ 517E7DFC15110EA600D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.mm in Sources */ = {isa = PBXBuildFile; fileRef = 517E7DFB15110EA600D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.mm */; };
+ 517E7E04151119C100D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 517E7E031511187500D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.html */; };
51FBBB4D1513D4E900822738 /* WebViewCanPasteURL.mm in Sources */ = {isa = PBXBuildFile; fileRef = 51FBBB4C1513D4E900822738 /* WebViewCanPasteURL.mm */; };
520BCF4C141EB09E00937EA8 /* WebArchive_Bundle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 520BCF4A141EB09E00937EA8 /* WebArchive_Bundle.cpp */; };
520BCF4D141EB09E00937EA8 /* WebArchive.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 520BCF4B141EB09E00937EA8 /* WebArchive.cpp */; };
@@ -161,6 +163,7 @@
dstSubfolderSpec = 7;
files = (
5142B2731517C8C800C32B19 /* ContextMenuCanCopyURL.html in Copy Resources */,
+ 517E7E04151119C100D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.html in Copy Resources */,
379028B914FAC24C007E6B43 /* acceptsFirstMouse.html in Copy Resources */,
33DC8912141955FE00747EF7 /* simple-iframe.html in Copy Resources */,
1A9E52C913E65EF4006917F5 /* 18-characters.html in Copy Resources */,
@@ -219,6 +222,8 @@
4BFDFFA8131477770061F24B /* HitTestResultNodeHandle.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HitTestResultNodeHandle.cpp; sourceTree = "<group>"; };
5142B2701517C88B00C32B19 /* ContextMenuCanCopyURL.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = ContextMenuCanCopyURL.mm; sourceTree = "<group>"; };
5142B2721517C89100C32B19 /* ContextMenuCanCopyURL.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = ContextMenuCanCopyURL.html; sourceTree = "<group>"; };
+ 517E7DFB15110EA600D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = MemoryCachePruneWithinResourceLoadDelegate.mm; sourceTree = "<group>"; };
+ 517E7E031511187500D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = MemoryCachePruneWithinResourceLoadDelegate.html; sourceTree = "<group>"; };
51FBBB4C1513D4E900822738 /* WebViewCanPasteURL.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WebViewCanPasteURL.mm; sourceTree = "<group>"; };
520BCF4A141EB09E00937EA8 /* WebArchive_Bundle.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WebArchive_Bundle.cpp; sourceTree = "<group>"; };
520BCF4B141EB09E00937EA8 /* WebArchive.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WebArchive.cpp; sourceTree = "<group>"; };
@@ -599,6 +604,7 @@
3776BC62150946BC0043A66D /* DeviceScaleFactorInDashboardRegions.mm */,
939BA91614103412001A01BD /* DeviceScaleFactorOnBack.mm */,
C507E8A614C6545B005D6B3B /* InspectorBar.mm */,
+ 517E7DFB15110EA600D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.mm */,
3722C8681461E03E00C45D00 /* RenderedImageFromDOMRange.mm */,
3799AD3914120A43005EB0C6 /* StringByEvaluatingJavaScriptFromString.mm */,
37A6895D148A9B50005100FA /* SubresourceErrorCrash.mm */,
@@ -615,6 +621,7 @@
5142B2721517C89100C32B19 /* ContextMenuCanCopyURL.html */,
37DC678F140D7D3A00ABCCDB /* DOMRangeOfString.html */,
C07E6CB113FD738A0038B22B /* devicePixelRatio.html */,
+ 517E7E031511187500D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.html */,
);
name = Resources;
sourceTree = "<group>";
@@ -809,6 +816,7 @@
E490296814E2E3A4002BEDD1 /* TypingStyleCrash.mm in Sources */,
379028B614FABD92007E6B43 /* AcceptsFirstMouse.mm in Sources */,
3776BC63150946BC0043A66D /* DeviceScaleFactorInDashboardRegions.mm in Sources */,
+ 517E7DFC15110EA600D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.mm in Sources */,
51FBBB4D1513D4E900822738 /* WebViewCanPasteURL.mm in Sources */,
5142B2711517C88B00C32B19 /* ContextMenuCanCopyURL.mm in Sources */,
);
Added: trunk/Tools/TestWebKitAPI/Tests/mac/MemoryCachePruneWithinResourceLoadDelegate.html (0 => 111272)
--- trunk/Tools/TestWebKitAPI/Tests/mac/MemoryCachePruneWithinResourceLoadDelegate.html (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/mac/MemoryCachePruneWithinResourceLoadDelegate.html 2012-03-19 23:59:07 UTC (rev 111272)
@@ -0,0 +1,14 @@
+<script>
+
+function loaded()
+{
+ var request = new XMLHttpRequest();
+ request.open('GET', 'http://www.iana.org/domains/example/', true);
+ request.send(null);
+}
+
+</script>
+
+<body _onload_="loaded();">
+We will do some XHR'ing now!
+</body>
\ No newline at end of file
Added: trunk/Tools/TestWebKitAPI/Tests/mac/MemoryCachePruneWithinResourceLoadDelegate.mm (0 => 111272)
--- trunk/Tools/TestWebKitAPI/Tests/mac/MemoryCachePruneWithinResourceLoadDelegate.mm (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/mac/MemoryCachePruneWithinResourceLoadDelegate.mm 2012-03-19 23:59:07 UTC (rev 111272)
@@ -0,0 +1,100 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+#import "PlatformUtilities.h"
+#import <wtf/RetainPtr.h>
+
+@interface MemoryCachePruneTestResourceLoadDelegate : NSObject {
+@public
+ NSWindow *_window;
+}
+@end
+
+static bool didFinishLoad;
+
+@implementation MemoryCachePruneTestResourceLoadDelegate
+
+- (id)webView:(WebView *)sender identifierForInitialRequest:(NSURLRequest *)request fromDataSource:(WebDataSource *)dataSource
+{
+ // We only care about an http request, which is our test XHR
+ if ([[[request URL] scheme] isEqualToString:@"http"])
+ return self;
+
+ return nil;
+}
+
+- (NSURLRequest *)webView:(WebView *)sender resource:(id)identifier willSendRequest:(NSURLRequest *)request redirectResponse:(NSURLResponse *)redirectResponse fromDataSource:(WebDataSource *)dataSource
+{
+ if (identifier == nil)
+ return request;
+
+ [_window close];
+ return request;
+}
+
+- (void)webView:(WebView *)sender resource:(id)identifier didFinishLoadingFromDataSource:(WebDataSource *)dataSource
+{
+ if (identifier == nil)
+ return;
+
+ didFinishLoad = true;
+}
+
+- (void)webView:(WebView *)sender resource:(id)identifier didFailLoadingWithError:(NSError *)error fromDataSource:(WebDataSource *)dataSource
+{
+ if (identifier == nil)
+ return;
+
+ didFinishLoad = true;
+}
+
+@end
+
+namespace TestWebKitAPI {
+
+TEST(WebKit1, MemoryCachePruneWithinResourceLoadDelegate)
+{
+ NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
+
+ RetainPtr<WebView> webView1(AdoptNS, [[WebView alloc] initWithFrame:NSMakeRect(0, 0, 120, 200) frameName:nil groupName:nil]);
+ RetainPtr<WebView> webView2(AdoptNS, [[WebView alloc] initWithFrame:NSMakeRect(0, 0, 120, 200) frameName:nil groupName:nil]);
+
+ NSWindow* window = [[NSWindow alloc] initWithContentRect:webView2.get().frame styleMask:NSBorderlessWindowMask backing:NSBackingStoreBuffered defer:YES];
+ [window.contentView addSubview:webView2.get()];
+
+ RetainPtr<MemoryCachePruneTestResourceLoadDelegate> resourceLoadDelegate(AdoptNS, [[MemoryCachePruneTestResourceLoadDelegate alloc] init]);
+ resourceLoadDelegate.get()->_window = window;
+ webView1.get().resourceLoadDelegate = resourceLoadDelegate.get();
+
+ [[webView1.get() mainFrame] loadRequest:[NSURLRequest requestWithURL:[[NSBundle mainBundle] URLForResource:@"MemoryCachePruneWithinResourceLoadDelegate" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]]];
+
+ Util::run(&didFinishLoad);
+
+ [pool drain];
+ // If we finished without crashing, the test passed.
+}
+
+} // namespace TestWebKitAPI
