Changeset 54618 in webkit for trunk/JavaScriptCore/wtf/Vector.h


Ignore:
Timestamp:
Feb 10, 2010, 1:14:24 PM (15 years ago)
Author:
[email protected]
Message:

Reviewed by Geoffrey Garen.

https://bugs.webkit.org/show_bug.cgi?id=34490
WebCore::ImageEventSender::dispatchPendingEvents() crashes in certain conditions

Test: fast/images/destroyed-image-load-event.html

  • ForwardingHeaders/wtf/ValueCheck.h: Added.
  • loader/ImageLoader.cpp: (WTF::ValueCheck): Special case value check for ImageLoader - it's allocated inside elements, so check the owner instead. (WebCore::ImageEventSender::hasPendingEvents): Added a debugging aid for ImageLoader destructor. (WebCore::ImageLoader::~ImageLoader): Assert that we're not going to leave dangling pointers in ImageEventSender. (WebCore::ImageLoader::setImage): Cancel events that could be dispatched for the previous image. The only client using this method that I could find was DeleteButton, which doesn't care about load events for the new image, so I didn't add any code for firing those. (WebCore::ImageLoader::setLoadingImage): This method only existed to confuse readers - there wasn't any meaningful code shared (callers just undid most assignments made there). Merged the logic into callers. (WebCore::ImageLoader::updateFromElement): We're forgetting the old image, so forget its old events, too. (WebCore::ImageLoader::notifyFinished): This can be called from setImage(), in which case no one is going to dispatch the event "soon". So, don't queue it. (WebCore::ImageEventSender::dispatchPendingEvents): Call checkConsistency(). This didn't help catch this particuar bug, but seems like a useful check anyway.
  • loader/ImageLoader.h: Removed setLoadingImage().
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/wtf/Vector.h

    r51905 r54618  
    2525#include "Noncopyable.h"
    2626#include "NotFound.h"
     27#include "ValueCheck.h"
    2728#include "VectorTraits.h"
    2829#include <limits>
     
    587588        }
    588589
     590        void checkConsistency();
     591
    589592    private:
    590593        void expandCapacity(size_t newMinCapacity);
     
    988991
    989992    template<typename T, size_t inlineCapacity>
     993    inline void Vector<T, inlineCapacity>::checkConsistency()
     994    {
     995#if !ASSERT_DISABLED
     996        for (size_t i = 0; i < size(); ++i) {
     997            ValueCheck<T>::checkConsistency(at(i));
     998        }
     999#endif
     1000    }
     1001
     1002    template<typename T, size_t inlineCapacity>
    9901003    void deleteAllValues(const Vector<T, inlineCapacity>& collection)
    9911004    {
     
    10171030    }
    10181031
     1032#if !ASSERT_DISABLED
     1033    template<typename T> struct ValueCheck<Vector<T> > {
     1034        typedef Vector<T> TraitType;
     1035        static void checkConsistency(const Vector<T>& v)
     1036        {
     1037            v.checkConsistency();
     1038        }
     1039    };
     1040#endif
    10191041
    10201042} // namespace WTF
Note: See TracChangeset for help on using the changeset viewer.