Commit e0cef43d authored by darin's avatar darin

Reviewed by Anders.

        - fix <rdar://problem/5318732> REGRESSION: In Mail, a crash occurs when attempting to send
          a HTML based message (nytimes.com, washingtonpost.com, latimes.com)

        Did an audit of calls to get the inspector and most other uses of Page* and added null
        checks since Frame* can outlast its Page*.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::createWindow): Added null check.
        (WebCore::FrameLoader::loadSubframe): Ditto.
        (WebCore::FrameLoader::load): Ditto.
        (WebCore::FrameLoader::transitionToCommitted): Ditto.
        (WebCore::FrameLoader::checkLoadCompleteForThisFrame): Ditto.
        (WebCore::FrameLoader::continueLoadAfterWillSubmitForm): Ditto.
        (WebCore::FrameLoader::addExtraFieldsToRequest): Ditto.
        (WebCore::FrameLoader::loadResourceSynchronously): Ditto.
        (WebCore::FrameLoader::continueLoadAfterNavigationPolicy): Ditto.
        (WebCore::FrameLoader::requestFromDelegate): Ditto.
        (WebCore::FrameLoader::canGoBackOrForward): Ditto.
        (WebCore::FrameLoader::getHistoryLength): Ditto.
        (WebCore::FrameLoader::historyURL): Ditto.
        (WebCore::FrameLoader::cachePageForHistoryItem): Ditto.
        (WebCore::FrameLoader::addBackForwardItemClippedAtTarget): Ditto.
        (WebCore::FrameLoader::goToItem): Ditto.
        (WebCore::FrameLoader::dispatchWindowObjectAvailable): Ditto.
        (WebCore::FrameLoader::dispatchDidCommitLoad): Ditto.
        (WebCore::FrameLoader::dispatchAssignIdentifierToInitialRequest): Ditto.
        (WebCore::FrameLoader::dispatchWillSendRequest): Ditto.
        (WebCore::FrameLoader::dispatchDidReceiveResponse): Ditto.
        (WebCore::FrameLoader::dispatchDidReceiveContentLength): Ditto.
        (WebCore::FrameLoader::dispatchDidFinishLoading): Ditto.
        (WebCore::FrameLoader::dispatchDidLoadResourceFromMemoryCache): Ditto.

        * page/ContextMenuController.h:
        * page/ContextMenuController.cpp:
        (WebCore::ContextMenuController::ContextMenuController): Removed unneeded and
        unused Page* parameter.
        (WebCore::openNewWindow): Added null check.
        (WebCore::ContextMenuController::contextMenuItemSelected): Ditto.

        * page/InspectorController.h:
        (WebCore::InspectorController::pageDestroyed): Added. Since this object is
        owned by the Page and has a back-pointer to it, it needs an explicit disconnect.
        There's already a higher-level one, but this is more reliable than that.
        * page/InspectorController.cpp:
        (WebCore::InspectorController::windowScriptObjectAvailable): Added null check.
        (WebCore::InspectorController::windowUnloading): Ditto.

        * page/Page.cpp:
        (WebCore::Page::Page): Updated for change in parameters of ContextMenuController 
        constructor.
        (WebCore::Page::~Page): Added call to InspectorController pageDestroyed().

        * page/Chrome.cpp: Updated includes.
        * page/DragController.cpp: Ditto.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@24156 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 8220e86b
2007-07-10 Darin Adler <darin@apple.com>
Reviewed by Anders.
- fix <rdar://problem/5318732> REGRESSION: In Mail, a crash occurs when attempting to send
a HTML based message (nytimes.com, washingtonpost.com, latimes.com)
Did an audit of calls to get the inspector and most other uses of Page* and added null
checks since Frame* can outlast its Page*.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::createWindow): Added null check.
(WebCore::FrameLoader::loadSubframe): Ditto.
(WebCore::FrameLoader::load): Ditto.
(WebCore::FrameLoader::transitionToCommitted): Ditto.
(WebCore::FrameLoader::checkLoadCompleteForThisFrame): Ditto.
(WebCore::FrameLoader::continueLoadAfterWillSubmitForm): Ditto.
(WebCore::FrameLoader::addExtraFieldsToRequest): Ditto.
(WebCore::FrameLoader::loadResourceSynchronously): Ditto.
(WebCore::FrameLoader::continueLoadAfterNavigationPolicy): Ditto.
(WebCore::FrameLoader::requestFromDelegate): Ditto.
(WebCore::FrameLoader::canGoBackOrForward): Ditto.
(WebCore::FrameLoader::getHistoryLength): Ditto.
(WebCore::FrameLoader::historyURL): Ditto.
(WebCore::FrameLoader::cachePageForHistoryItem): Ditto.
(WebCore::FrameLoader::addBackForwardItemClippedAtTarget): Ditto.
(WebCore::FrameLoader::goToItem): Ditto.
(WebCore::FrameLoader::dispatchWindowObjectAvailable): Ditto.
(WebCore::FrameLoader::dispatchDidCommitLoad): Ditto.
(WebCore::FrameLoader::dispatchAssignIdentifierToInitialRequest): Ditto.
(WebCore::FrameLoader::dispatchWillSendRequest): Ditto.
(WebCore::FrameLoader::dispatchDidReceiveResponse): Ditto.
(WebCore::FrameLoader::dispatchDidReceiveContentLength): Ditto.
(WebCore::FrameLoader::dispatchDidFinishLoading): Ditto.
(WebCore::FrameLoader::dispatchDidLoadResourceFromMemoryCache): Ditto.
* page/ContextMenuController.h:
* page/ContextMenuController.cpp:
(WebCore::ContextMenuController::ContextMenuController): Removed unneeded and
unused Page* parameter.
(WebCore::openNewWindow): Added null check.
(WebCore::ContextMenuController::contextMenuItemSelected): Ditto.
* page/InspectorController.h:
(WebCore::InspectorController::pageDestroyed): Added. Since this object is
owned by the Page and has a back-pointer to it, it needs an explicit disconnect.
There's already a higher-level one, but this is more reliable than that.
* page/InspectorController.cpp:
(WebCore::InspectorController::windowScriptObjectAvailable): Added null check.
(WebCore::InspectorController::windowUnloading): Ditto.
* page/Page.cpp:
(WebCore::Page::Page): Updated for change in parameters of ContextMenuController
constructor.
(WebCore::Page::~Page): Added call to InspectorController pageDestroyed().
* page/Chrome.cpp: Updated includes.
* page/DragController.cpp: Ditto.
2007-07-10 Adam Treat <adam@staikos.net>
Reviewed by George Staikos.
......@@ -234,7 +293,9 @@
Reviewed by Oliver.
<rdar://problem/5295734> Repro crash closing tab/window @ maps.google.com in WTF::HashSet<KJS::RuntimeObjectImp*, WTF::PtrHash<KJS::RuntimeObjectImp*>, WTF::HashTraits<KJS::RuntimeObjectImp*> >::add + 11
<rdar://problem/5295734> Repro crash closing tab/window @ maps.google.com in
WTF::HashSet<KJS::RuntimeObjectImp*, WTF::PtrHash<KJS::RuntimeObjectImp*>,
WTF::HashTraits<KJS::RuntimeObjectImp*> >::add + 11
Automated test case is not possible. Did not bother with manual test this time.
This diff is collapsed.
// -*- mode: c++; c-basic-offset: 4 -*-
/*
* Copyright (C) 2006 Apple Computer, Inc.
* Copyright (C) 2006, 2007 Apple Inc. All rights reserved.
* Copyright (C) 2007 Trolltech ASA
*
* This library is free software; you can redistribute it and/or
......@@ -28,6 +28,7 @@
#include "HTMLFormElement.h"
#include "HTMLInputElement.h"
#include "HTMLNames.h"
#include "HitTestResult.h"
#include "InspectorController.h"
#include "Page.h"
#include "ResourceHandle.h"
......@@ -359,4 +360,3 @@ PageGroupLoadDeferrer::~PageGroupLoadDeferrer()
}
} // namespace WebCore
/*
* Copyright (C) 2006 Apple Computer, Inc. All rights reserved.
* Copyright (C) 2006, 2007 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
......@@ -58,9 +58,8 @@ namespace WebCore {
using namespace EventNames;
ContextMenuController::ContextMenuController(Page* page, ContextMenuClient* client)
: m_page(page)
, m_client(client)
ContextMenuController::ContextMenuController(ContextMenuClient* client)
: m_client(client)
, m_contextMenu(0)
{
}
......@@ -104,10 +103,10 @@ void ContextMenuController::handleContextMenuEvent(Event* event)
static void openNewWindow(const KURL& urlToLoad, Frame* frame)
{
Page* newPage = frame->page()->chrome()->createWindow(frame,
FrameLoadRequest(ResourceRequest(urlToLoad, frame->loader()->outgoingReferrer())));
if (newPage)
newPage->chrome()->show();
if (Page* oldPage = frame->page())
if (Page* newPage = oldPage->chrome()->createWindow(frame,
FrameLoadRequest(ResourceRequest(urlToLoad, frame->loader()->outgoingReferrer()))))
newPage->chrome()->show();
}
void ContextMenuController::contextMenuItemSelected(ContextMenuItem* item)
......@@ -123,7 +122,6 @@ void ContextMenuController::contextMenuItemSelected(ContextMenuItem* item)
Frame* frame = result.innerNonSharedNode()->document()->frame();
if (!frame)
return;
ASSERT(m_page == frame->page());
switch (item->action()) {
case ContextMenuItemTagOpenLinkInNewWindow:
......@@ -201,14 +199,13 @@ void ContextMenuController::contextMenuItemSelected(ContextMenuItem* item)
// FIXME: Some day we may be able to do this from within WebCore.
m_client->lookUpInDictionary(frame);
break;
case ContextMenuItemTagOpenLink: {
case ContextMenuItemTagOpenLink:
if (Frame* targetFrame = result.targetFrame())
targetFrame->loader()->load(FrameLoadRequest(ResourceRequest(result.absoluteLinkURL(),
frame->loader()->outgoingReferrer())), true, 0, 0, HashMap<String, String>());
else
openNewWindow(result.absoluteLinkURL(), frame);
break;
}
case ContextMenuItemTagBold:
frame->editor()->execCommand("ToggleBold");
break;
......@@ -276,8 +273,9 @@ void ContextMenuController::contextMenuItemSelected(ContextMenuItem* item)
break;
#endif
case ContextMenuItemTagInspectElement:
if (InspectorController* inspector = frame->page()->inspectorController())
inspector->inspect(result.innerNonSharedNode());
if (Page* page = frame->page())
if (InspectorController* inspector = page->inspectorController())
inspector->inspect(result.innerNonSharedNode());
break;
default:
break;
......@@ -285,4 +283,3 @@ void ContextMenuController::contextMenuItemSelected(ContextMenuItem* item)
}
} // namespace WebCore
/*
* Copyright (C) 2006 Apple Computer, Inc. All rights reserved.
* Copyright (C) 2006, 2007 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
......@@ -26,23 +26,20 @@
#ifndef ContextMenuController_h
#define ContextMenuController_h
#include <wtf/Forward.h>
#include <wtf/Noncopyable.h>
#include <wtf/OwnPtr.h>
#include <wtf/RefPtr.h>
#include "ContextMenu.h"
namespace WebCore {
class ContextMenu;
class ContextMenuClient;
class ContextMenuItem;
class Event;
class Node;
class Page;
class ContextMenuController : Noncopyable
{
class ContextMenuController : Noncopyable {
public:
ContextMenuController(Page*, ContextMenuClient*);
ContextMenuController(ContextMenuClient*);
~ContextMenuController();
ContextMenuClient* client() { return m_client; }
......
/*
* Copyright (C) 2007 Apple Inc. All rights reserved.
* Copyright (C) 2007 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
......@@ -26,19 +26,19 @@
#include "config.h"
#include "DragController.h"
#include "CSSStyleDeclaration.h"
#include "Clipboard.h"
#include "ClipboardAccessPolicy.h"
#include "CSSStyleDeclaration.h"
#include "DocLoader.h"
#include "Document.h"
#include "DocumentFragment.h"
#include "DocLoader.h"
#include "DragActions.h"
#include "DragClient.h"
#include "DragData.h"
#include "Editor.h"
#include "EditorClient.h"
#include "Element.h"
#include "EventHandler.h"
#include "DragClient.h"
#include "DragData.h"
#include "FloatRect.h"
#include "Frame.h"
#include "FrameLoader.h"
......@@ -46,8 +46,8 @@
#include "HTMLAnchorElement.h"
#include "HTMLInputElement.h"
#include "HTMLNames.h"
#include "HitTestResult.h"
#include "Image.h"
#include "markup.h"
#include "MoveSelectionCommand.h"
#include "Node.h"
#include "Page.h"
......@@ -60,6 +60,7 @@
#include "Settings.h"
#include "SystemTime.h"
#include "Text.h"
#include "markup.h"
#include <wtf/RefPtr.h>
namespace WebCore {
......
/*
* Copyright (C) 2007 Apple Inc. All rights reserved.
* Copyright (C) 2007 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
......@@ -55,9 +55,9 @@
#include "kjs_dom.h"
#include "kjs_proxy.h"
#include "kjs_window.h"
#include <JavaScriptCore/APICast.h>
#include <JavaScriptCore/JSLock.h>
#include <JavaScriptCore/JSStringRef.h>
namespace WebCore {
......@@ -584,7 +584,8 @@ void InspectorController::detachWindow()
void InspectorController::windowScriptObjectAvailable()
{
ASSERT(m_page);
if (!m_page)
return;
m_scriptContext = toRef(m_page->mainFrame()->scriptProxy()->interpreter()->globalExec());
......@@ -651,7 +652,8 @@ void InspectorController::scriptObjectReady()
void InspectorController::windowUnloading()
{
m_client->closeWindow();
m_page->setParentInspectorController(0);
if (m_page)
m_page->setParentInspectorController(0);
ASSERT(m_scriptContext && m_scriptObject);
JSValueUnprotect(m_scriptContext, m_scriptObject);
......
/*
* Copyright (C) 2007 Apple Inc. All rights reserved.
* Copyright (C) 2007 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
......@@ -31,18 +31,14 @@
#include "Chrome.h"
#include <JavaScriptCore/JSContextRef.h>
#include <JavaScriptCore/JSStringRef.h>
#include <wtf/HashMap.h>
#include <wtf/RefPtr.h>
#include <wtf/Vector.h>
namespace WebCore {
class DocumentLoader;
class Frame;
class InspectorClient;
class Node;
class Page;
class ResourceResponse;
class ResourceError;
......@@ -58,6 +54,8 @@ public:
InspectorController(Page*, InspectorClient*);
~InspectorController();
void pageDestroyed() { m_page = 0; }
Page* inspectedPage() const { return m_inspectedPage; }
void inspect(Node*);
......@@ -96,6 +94,7 @@ public:
void didFailLoading(DocumentLoader*, unsigned long identifier, const ResourceError&);
const ResourcesMap& resources() const { return m_resources; }
private:
void focusNode();
......
......@@ -56,7 +56,7 @@ Page::Page(ChromeClient* chromeClient, ContextMenuClient* contextMenuClient, Edi
, m_dragCaretController(new SelectionController(0, true))
, m_dragController(new DragController(this, dragClient))
, m_focusController(new FocusController(this))
, m_contextMenuController(new ContextMenuController(this, contextMenuClient))
, m_contextMenuController(new ContextMenuController(contextMenuClient))
, m_settings(new Settings(this))
, m_progress(new ProgressTracker)
, m_backForwardList(new BackForwardList(this))
......@@ -84,6 +84,7 @@ Page::~Page()
for (Frame* frame = mainFrame(); frame; frame = frame->tree()->traverseNext())
frame->pageDestroyed();
m_editorClient->pageDestroyed();
m_inspectorController->pageDestroyed();
m_backForwardList->close();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment