This causes re-entry into ScriptExecutionContext when
the ActiveDOMCallback objects get deleted, which crashes.
Instead, just de-activate the object and wait for
context destruction to clean up.
Test crashes consistently without fix and passes with fix.
Added some test infrastructure to support this test.
https://bugs.webkit.org/show_bug.cgi?id=78638
Patch by Greg Billock <gbillock@google.com> on 2012-02-23
Reviewed by Adam Barth.
* Modules/intents/IntentRequest.cpp:
(WebCore::IntentRequest::IntentRequest):
(WebCore::IntentRequest::stop):
(WebCore::IntentRequest::postResult):
(WebCore::IntentRequest::postFailure):
* Modules/intents/IntentRequest.h:
(IntentRequest):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108724
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
--- /dev/null
+<html>
+ <head>
+ </head>
+ <body>
+ <p>PASS</p>
+ </body>
+</html>
--- /dev/null
+<html>
+ <head>
+ <script src="../../fast/js/resources/js-test-pre.js"></script>
+ <script>
+ function onSuccess() {
+ }
+
+ function onFailure() {
+ }
+
+ function startIntent() {
+ debug("* launching intent action/type");
+ var intent = new Intent("action", "type");
+ try {
+ navigator.startActivity(intent, onSuccess, onFailure);
+ } catch (e) {
+ testFailed("startActivity should not throw exception");
+ }
+
+ debug("* navigating after startActivity");
+
+ // This should not crash.
+ window.location = "resources/pass.html";
+ }
+ </script>
+ </head>
+ <body>
+ <p>Original content</p>
+ </body>
+</html>
--- /dev/null
+Received Web Intent: action=action type=type
+* loaded
+* sent mouseup
+* loaded replacement page
+
+
+--------
+Frame: 'frame'
+--------
+PASS
--- /dev/null
+<html>
+ <head>
+ <script src="../fast/js/resources/js-test-pre.js"></script>
+ <script>
+ var latch = true;
+
+ function buttonClicked() {
+ frames[0].startIntent();
+ }
+
+ function frameloaded() {
+ if (latch) {
+ latch = false;
+ startTest();
+ return;
+ }
+
+ debug("* loaded replacement page");
+
+ if (window.layoutTestController) {
+ window.layoutTestController.notifyDone();
+ }
+ }
+
+ function startTest() {
+ if (window.layoutTestController) {
+ window.layoutTestController.waitUntilDone();
+ window.layoutTestController.dumpChildFramesAsText();
+ }
+
+ debug("* loaded");
+
+ // We must simulate a button press with eventSender because intents
+ // require a user gesture.
+ var button = document.getElementById("button");
+ if (eventSender) {
+ eventSender.mouseMoveTo(button.getBoundingClientRect().left + 2, button.getBoundingClientRect().top + 12);
+ eventSender.mouseDown();
+ eventSender.mouseUp();
+ debug("* sent mouseup");
+ }
+ }
+ </script>
+ </head>
+<body>
+<input type="button" id="button" value="Start Web Intent" onmouseup="buttonClicked()">
+<iframe id="frame" onload="frameloaded()" src="resources/web-intents-reload-orig.html"></iframe>
+</body>
+</html>
+2012-02-23 Greg Billock <gbillock@google.com>
+
+ Don't clear IntentRequest callback pointers on stop()
+
+ This causes re-entry into ScriptExecutionContext when
+ the ActiveDOMCallback objects get deleted, which crashes.
+ Instead, just de-activate the object and wait for
+ context destruction to clean up.
+
+ Test crashes consistently without fix and passes with fix.
+ Added some test infrastructure to support this test.
+ https://bugs.webkit.org/show_bug.cgi?id=78638
+
+ Reviewed by Adam Barth.
+
+ * Modules/intents/IntentRequest.cpp:
+ (WebCore::IntentRequest::IntentRequest):
+ (WebCore::IntentRequest::stop):
+ (WebCore::IntentRequest::postResult):
+ (WebCore::IntentRequest::postFailure):
+ * Modules/intents/IntentRequest.h:
+ (IntentRequest):
+
2012-02-23 Konrad Piascik <kpiascik@rim.com>
Upstream BlackBerry Cookie Management Classes
, m_intent(intent)
, m_successCallback(successCallback)
, m_errorCallback(errorCallback)
+ , m_stopped(false)
{
}
void IntentRequest::contextDestroyed()
{
ContextDestructionObserver::contextDestroyed();
- m_successCallback.clear();
- m_errorCallback.clear();
+ m_stopped = true;
}
void IntentRequest::stop()
{
- m_successCallback.clear();
- m_errorCallback.clear();
+ m_stopped = true;
}
void IntentRequest::postResult(SerializedScriptValue* data)
{
+ if (m_stopped)
+ return;
+
// Callback could lead to deletion of this.
RefPtr<IntentRequest> protector(this);
void IntentRequest::postFailure(SerializedScriptValue* data)
{
+ if (m_stopped)
+ return;
+
// Callback could lead to deletion of this.
RefPtr<IntentRequest> protector(this);
RefPtr<Intent> m_intent;
RefPtr<IntentResultCallback> m_successCallback;
RefPtr<IntentResultCallback> m_errorCallback;
+ bool m_stopped;
};
} // namespace WebCore
#include "WebFrame.h"
#include "WebGeolocationClientMock.h"
#include "WebHistoryItem.h"
+#include "WebIntent.h"
#include "WebKit.h"
#include "WebNode.h"
#include "WebPluginParams.h"
return false;
}
+void WebViewHost::dispatchIntent(WebFrame* source, const WebIntentRequest& request)
+{
+ printf("Received Web Intent: action=%s type=%s\n",
+ request.intent().action().utf8().data(),
+ request.intent().type().utf8().data());
+ m_currentRequest = request;
+}
+
// Public functions -----------------------------------------------------------
WebViewHost::WebViewHost(TestShell* shell)
#include "WebAccessibilityNotification.h"
#include "WebCursorInfo.h"
#include "WebFrameClient.h"
+#include "WebIntentRequest.h"
#include "WebSpellCheckClient.h"
#include "WebViewClient.h"
#include <wtf/HashMap.h>
virtual void didDetectXSS(WebKit::WebFrame*, const WebKit::WebURL&, bool didBlockEntirePage);
virtual void openFileSystem(WebKit::WebFrame*, WebKit::WebFileSystem::Type, long long size, bool create, WebKit::WebFileSystemCallbacks*);
virtual bool willCheckAndDispatchMessageEvent(WebKit::WebFrame* source, WebKit::WebSecurityOrigin target, WebKit::WebDOMMessageEvent);
+ virtual void dispatchIntent(WebKit::WebFrame* source, const WebKit::WebIntentRequest&);
WebKit::WebDeviceOrientationClientMock* deviceOrientationClientMock();
PointerLockWillFailSync
} m_pointerLockPlannedResult;
#endif
+
+ // For web intents: holds the current request, if any.
+ WebKit::WebIntentRequest m_currentRequest;
};
#endif // WebViewHost_h