Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(264)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/WebCore/dom/WebKitMutationObserver.cpp

Issue 9999033: Merge 113378 - Crash in MutationObservers due to an invalid HashSet iterator (Closed) Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/1084/
Patch Set: Created 8 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/WebCore/dom/WebKitMutationObserver.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google Inc. All rights reserved. 2 * Copyright (C) 2011 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after
128 return activeObservers; 128 return activeObservers;
129 } 129 }
130 130
131 void WebKitMutationObserver::enqueueMutationRecord(PassRefPtr<MutationRecord> mu tation) 131 void WebKitMutationObserver::enqueueMutationRecord(PassRefPtr<MutationRecord> mu tation)
132 { 132 {
133 ASSERT(isMainThread()); 133 ASSERT(isMainThread());
134 m_records.append(mutation); 134 m_records.append(mutation);
135 activeMutationObservers().add(this); 135 activeMutationObservers().add(this);
136 } 136 }
137 137
138 void WebKitMutationObserver::setHasTransientRegistration()
139 {
140 ASSERT(isMainThread());
141 activeMutationObservers().add(this);
142 }
143
138 void WebKitMutationObserver::deliver() 144 void WebKitMutationObserver::deliver()
139 { 145 {
146 // Calling clearTransientRegistrations() can modify m_registrations, so it's necessary
147 // to make a copy of the transient registrations before operating on them.
148 Vector<MutationObserverRegistration*, 1> transientRegistrations;
149 for (HashSet<MutationObserverRegistration*>::iterator iter = m_registrations .begin(); iter != m_registrations.end(); ++iter) {
150 if ((*iter)->hasTransientRegistrations())
151 transientRegistrations.append(*iter);
152 }
153 for (size_t i = 0; i < transientRegistrations.size(); ++i)
154 transientRegistrations[i]->clearTransientRegistrations();
155
140 if (m_records.isEmpty()) 156 if (m_records.isEmpty())
141 return; 157 return;
142 158
143 MutationRecordArray records; 159 MutationRecordArray records;
144 records.swap(m_records); 160 records.swap(m_records);
145 161
146 for (HashSet<MutationObserverRegistration*>::iterator iter = m_registrations .begin(); iter != m_registrations.end(); ++iter)
147 (*iter)->clearTransientRegistrations();
148
149 m_callback->handleEvent(&records, this); 162 m_callback->handleEvent(&records, this);
150 } 163 }
151 164
152 void WebKitMutationObserver::deliverAllMutations() 165 void WebKitMutationObserver::deliverAllMutations()
153 { 166 {
154 ASSERT(isMainThread()); 167 ASSERT(isMainThread());
155 static bool deliveryInProgress = false; 168 static bool deliveryInProgress = false;
156 if (deliveryInProgress) 169 if (deliveryInProgress)
157 return; 170 return;
158 deliveryInProgress = true; 171 deliveryInProgress = true;
159 172
160 while (!activeMutationObservers().isEmpty()) { 173 while (!activeMutationObservers().isEmpty()) {
161 Vector<RefPtr<WebKitMutationObserver> > observers; 174 Vector<RefPtr<WebKitMutationObserver> > observers;
162 copyToVector(activeMutationObservers(), observers); 175 copyToVector(activeMutationObservers(), observers);
163 activeMutationObservers().clear(); 176 activeMutationObservers().clear();
164 std::sort(observers.begin(), observers.end(), ObserverLessThan()); 177 std::sort(observers.begin(), observers.end(), ObserverLessThan());
165 for (size_t i = 0; i < observers.size(); ++i) 178 for (size_t i = 0; i < observers.size(); ++i)
166 observers[i]->deliver(); 179 observers[i]->deliver();
167 } 180 }
168 181
169 deliveryInProgress = false; 182 deliveryInProgress = false;
170 } 183 }
171 184
172 } // namespace WebCore 185 } // namespace WebCore
173 186
174 #endif // ENABLE(MUTATION_OBSERVERS) 187 #endif // ENABLE(MUTATION_OBSERVERS)
OLDNEW
« no previous file with comments | « Source/WebCore/dom/WebKitMutationObserver.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698