49489 2010-11-12 21:42:13 -0800 Replace null checks of newParent in Frame::transferChildFrameToNewDocument() with ASSERT 2010-11-19 12:08:48 -0800 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 48768 1 dbates dbates abarth ap dimich fishd hausmann jennb levin oldest_to_newest 308923 0 dbates 2010-11-12 21:42:13 -0800 It is not possible for newParent to be null in Frame::transferChildFrameToNewDocument() based on the the call order of HTMLFrameElementBase::setRemainsAliveOnRemovalFromTree() and Frame::transferChildFrameToNewDocument(): Frame::transferChildFrameToNewDocument() is only called if HTMLFrameElementBase::m_remainsAliveOnRemovalFromTree is true by line 177 <http://trac.webkit.org/browser/trunk/WebCore/html/HTMLFrameElementBase.cpp?rev=71219#L177> and line 169 <http://trac.webkit.org/browser/trunk/WebCore/html/HTMLFrameElementBase.cpp?rev=71219#L169> of r71219 of HTMLFrameElementBase.cpp. Without loss of generality, HTMLFrameElementBase::m_remainsAliveOnRemovalFromTree is set to true if the document that is adopting the <iframe> is attached() by line 880 of r71767 of Document.cpp <http://trac.webkit.org/browser/trunk/WebCore/dom/Document.cpp?rev=71767#L880> and line 264 of r71219 of HTMLFrameElementBase.cpp <http://trac.webkit.org/browser/trunk/WebCore/html/HTMLFrameElementBase.cpp?rev=71219#L264>. Moreover, Document::adoptNode() (line 880 of r71767 of Document.cpp) is the only caller of HTMLFrameElementBase::setRemainsAliveOnRemovalFromTree(). Notice, a Document D is said to be attached if Frame::setDocument() is called on it AND by the ASSERT in Frame::setDocument() <http://trac.webkit.org/browser/trunk/WebCore/page/Frame.cpp?rev=71493#L279> D must have a non-null pointer to a Frame object. So, Frame::transferChildFrameToNewDocument() is only called if the document the <iframe> is being transferred to has a frame (i.e. m_ownerElement->document()->frame() != NULL); => newParent cannot be NULL. 309924 1 74040 dbates 2010-11-16 13:57:25 -0800 Created attachment 74040 Patch 311607 2 74040 dbates 2010-11-19 12:08:40 -0800 Comment on attachment 74040 Patch Clearing flags on attachment: 74040 Committed r72423: <http://trac.webkit.org/changeset/72423> 311608 3 dbates 2010-11-19 12:08:48 -0800 All reviewed patches have been landed. Closing bug. 74040 2010-11-16 13:57:25 -0800 2010-11-19 12:08:40 -0800 Patch Bug49489.patch text/plain 2021 dbates SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA3MjEzMikKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMjEgQEAKKzIwMTAtMTEtMTYgIERhbmllbCBCYXRlcyAgPGRiYXRlc0ByaW0uY29t PgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFJlcGxh Y2UgbnVsbCBjaGVja3Mgb2YgbmV3UGFyZW50IGluIEZyYW1lOjp0cmFuc2ZlckNoaWxkRnJhbWVU b05ld0RvY3VtZW50KCkgd2l0aCBBU1NFUlQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5v cmcvc2hvd19idWcuY2dpP2lkPTQ5NDg5CisKKyAgICAgICAgU3Vic3RpdHV0ZSBBU1NFUlQobmV3 UGFyZW50KSBmb3IgbnVsbC1jaGVja3MgZm9yIG5ld1BhcmVudCBpbgorICAgICAgICBGcmFtZTo6 dHJhbnNmZXJDaGlsZEZyYW1lVG9OZXdEb2N1bWVudCgpIHNpbmNlIG5ld1BhcmVudCBpcworICAg ICAgICBuZXZlciBudWxsLgorCisgICAgICAgIFdoZW4gRnJhbWU6OnRyYW5zZmVyQ2hpbGRGcmFt ZVRvTmV3RG9jdW1lbnQoKSBpcyBjYWxsZWQgdGhlIGNoaWxkCisgICAgICAgIGZyYW1lJ3Mgb3du ZXIgZWxlbWVudCBoYXMgYWxyZWFkeSBiZWVuIHRyYW5zZmVycmVkIHRvIHRoZSBuZXcKKyAgICAg ICAgZG9jdW1lbnQgRCBhbmQgRCBpcyBhdHRhY2hlZCAoaS5lLiBoYXMgYSBmcmFtZSkuCisKKyAg ICAgICAgKiBwYWdlL0ZyYW1lLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OkZyYW1lOjp0cmFuc2Zl ckNoaWxkRnJhbWVUb05ld0RvY3VtZW50KToKKwogMjAxMC0xMS0xMSAgWmhlbnlhbyBNbyAgPHpt b0Bnb29nbGUuY29tPgogCiAgICAgICAgIFJldmlld2VkIGJ5IEtlbm5ldGggUnVzc2VsbC4KSW5k ZXg6IFdlYkNvcmUvcGFnZS9GcmFtZS5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gV2ViQ29yZS9wYWdlL0Zy YW1lLmNwcAkocmV2aXNpb24gNzIxMTApCisrKyBXZWJDb3JlL3BhZ2UvRnJhbWUuY3BwCSh3b3Jr aW5nIGNvcHkpCkBAIC03MTEsMTAgKzcxMSwxMSBAQCB2b2lkIEZyYW1lOjp0cmFuc2ZlckNoaWxk RnJhbWVUb05ld0RvY3VtCiB7CiAgICAgQVNTRVJUKG1fb3duZXJFbGVtZW50KTsKICAgICBGcmFt ZSogbmV3UGFyZW50ID0gbV9vd25lckVsZW1lbnQtPmRvY3VtZW50KCktPmZyYW1lKCk7CisgICAg QVNTRVJUKG5ld1BhcmVudCk7CiAgICAgYm9vbCBkaWRUcmFuc2ZlciA9IGZhbHNlOwogCiAgICAg Ly8gU3dpdGNoIHBhZ2UuCi0gICAgUGFnZSogbmV3UGFnZSA9IG5ld1BhcmVudCA/IG5ld1BhcmVu dC0+cGFnZSgpIDogMDsKKyAgICBQYWdlKiBuZXdQYWdlID0gbmV3UGFyZW50LT5wYWdlKCk7CiAg ICAgUGFnZSogb2xkUGFnZSA9IG1fcGFnZTsKICAgICBpZiAobV9wYWdlICE9IG5ld1BhZ2UpIHsK ICAgICAgICAgaWYgKG1fcGFnZSkgewpAQCAtNzMyLDEwICs3MzMsOCBAQCB2b2lkIEZyYW1lOjp0 cmFuc2ZlckNoaWxkRnJhbWVUb05ld0RvY3VtCiAgICAgICAgIGRpZFRyYW5zZmVyID0gdHJ1ZTsK ICAgICB9CiAKLSAgICBpZiAobmV3UGFyZW50KSB7Ci0gICAgICAgIC8vIFVwZGF0ZSB0aGUgZnJh bWUgdHJlZS4KLSAgICAgICAgZGlkVHJhbnNmZXIgPSBuZXdQYXJlbnQtPnRyZWUoKS0+dHJhbnNm ZXJDaGlsZCh0aGlzKTsKLSAgICB9CisgICAgLy8gVXBkYXRlIHRoZSBmcmFtZSB0cmVlLgorICAg IGRpZFRyYW5zZmVyID0gbmV3UGFyZW50LT50cmVlKCktPnRyYW5zZmVyQ2hpbGQodGhpcyk7CiAK ICAgICAvLyBBdm9pZCB1bm5lY2Vzc2FyeSBjYWxscyB0byBjbGllbnQgYW5kIGZyYW1lIHN1YnRy ZWUgaWYgdGhlIGZyYW1lIGVuZGVkCiAgICAgLy8gdXAgb24gdGhlIHNhbWUgcGFnZSBhbmQgdW5k ZXIgdGhlIHNhbWUgcGFyZW50IGZyYW1lLgo=