2009-04-25 Brady Eidson <beidson@apple.com>

Reviewed by Oliver Hunt <rdar://problem/6817607> BumperCar 2.2 crashes going back (invalid WebHistoryItem) BumperCar was holding a pointer to a WebHistoryItem they never retain, then later tried to go to it. In some cases it would be dealloc'ed first. When WebHistoryItems were pure Objective-C they probably got away with this more often. With the WebCore/Obj-C mixed WebHistoryItems it's more likely to crash. * History/WebBackForwardList.mm: (bumperCarBackForwardHackNeeded): (-[WebBackForwardList backListWithLimit:]): If this is BumperCar, hang on to the NSArray of WebHistoryItems until the next time this method is called. (-[WebBackForwardList forwardListWithLimit:]): Ditto. * Misc/WebKitVersionChecks.h: Added WEBKIT_FIRST_VERSION_WITHOUT_BUMPERCAR_BACK_FORWARD_QUIRK. git-svn-id: svn://svn.chromium.org/blink/trunk@42870 bbb929c8-8fbe-4397-9dbb-9b2b20218538

2009-04-25 Brady Eidson <beidson@apple.com>
Reviewed by Oliver Hunt <rdar://problem/6817607> BumperCar 2.2 crashes going back (invalid WebHistoryItem) BumperCar was holding a pointer to a WebHistoryItem they never retain, then later tried to go to it. In some cases it would be dealloc'ed first. When WebHistoryItems were pure Objective-C they probably got away with this more often. With the WebCore/Obj-C mixed WebHistoryItems it's more likely to crash. * History/WebBackForwardList.mm: (bumperCarBackForwardHackNeeded): (-[WebBackForwardList backListWithLimit:]): If this is BumperCar, hang on to the NSArray of WebHistoryItems until the next time this method is called. (-[WebBackForwardList forwardListWithLimit:]): Ditto. * Misc/WebKitVersionChecks.h: Added WEBKIT_FIRST_VERSION_WITHOUT_BUMPERCAR_BACK_FORWARD_QUIRK. git-svn-id: svn://svn.chromium.org/blink/trunk@42870 bbb929c8-8fbe-4397-9dbb-9b2b20218538
ff1399db · beidson@apple.com · 82ae4469 · ff1399db · ff1399db · ff1399db
Commit ff1399db authored Apr 25, 2009 by beidson@apple.com
3 changed files
--- a/third_party/WebKit/WebKit/mac/ChangeLog
+++ b/third_party/WebKit/WebKit/mac/ChangeLog
+2009-04-25  Brady Eidson  <beidson@apple.com>
+
+        Reviewed by Oliver Hunt
+
+        <rdar://problem/6817607> BumperCar 2.2 crashes going back (invalid WebHistoryItem)
+
+        BumperCar was holding a pointer to a WebHistoryItem they never retain, then later
+        tried to go to it.  In some cases it would be dealloc'ed first.
+        When WebHistoryItems were pure Objective-C they probably got away with this more often.
+        With the WebCore/Obj-C mixed WebHistoryItems it's more likely to crash.
+
+        * History/WebBackForwardList.mm:
+        (bumperCarBackForwardHackNeeded):
+        (-[WebBackForwardList backListWithLimit:]):  If this is BumperCar, hang on to the
+          NSArray of WebHistoryItems until the next time this method is called.
+        (-[WebBackForwardList forwardListWithLimit:]):  Ditto.
+
+        * Misc/WebKitVersionChecks.h: Added WEBKIT_FIRST_VERSION_WITHOUT_BUMPERCAR_BACK_FORWARD_QUIRK.
+
 2009-04-24  Anders Carlsson  <andersca@apple.com>

        Reviewed by Darin Adler.

--- a/third_party/WebKit/WebKit/mac/History/WebBackForwardList.mm
+++ b/third_party/WebKit/WebKit/mac/History/WebBackForwardList.mm
@@ -33,6 +33,7 @@
 #import "WebHistoryItemInternal.h"
 #import "WebHistoryItemPrivate.h"
 #import "WebKitLogging.h"
+#import "WebKitVersionChecks.h"
 #import "WebNSObjectExtras.h"
 #import "WebPreferencesPrivate.h"
 #import "WebTypesInternal.h"
@@ -204,18 +205,47 @@ static NSArray* vectorToNSArray(HistoryItemVector& list)
    return result;
 }

+static bool bumperCarBackForwardHackNeeded() {
+    static bool initialized = false;
+    static bool hackNeeded = false;
+    
+    if (!initialized) {
+        hackNeeded = [[[NSBundle mainBundle] bundleIdentifier] isEqualToString:@"com.freeverse.bumpercar"] && 
+                     !WebKitLinkedOnOrAfter(WEBKIT_FIRST_VERSION_WITHOUT_BUMPERCAR_BACK_FORWARD_QUIRK);
+        initialized = true;
+    }
+    
+    return hackNeeded;
+}
+
 - (NSArray *)backListWithLimit:(int)limit
 {
    HistoryItemVector list;
    core(self)->backListWithLimit(limit, list);
-    return vectorToNSArray(list);
+    NSArray *result = vectorToNSArray(list);
+    
+    if (bumperCarBackForwardHackNeeded()) {
+        static NSArray *lastBackListArray = nil;
+        [lastBackListArray release];
+        lastBackListArray = [result retain];
+    }
+    
+    return result;
 }

 - (NSArray *)forwardListWithLimit:(int)limit
 {
    HistoryItemVector list;
    core(self)->forwardListWithLimit(limit, list);
-    return vectorToNSArray(list);
+    NSArray *result = vectorToNSArray(list);
+    
+    if (bumperCarBackForwardHackNeeded()) {
+        static NSArray *lastForwardListArray = nil;
+        [lastForwardListArray release];
+        lastForwardListArray = [result retain];
+    }
+    
+    return result;
 }

 - (int)capacity

--- a/third_party/WebKit/WebKit/mac/Misc/WebKitVersionChecks.h
+++ b/third_party/WebKit/WebKit/mac/Misc/WebKitVersionChecks.h
@@ -51,6 +51,7 @@
 #define WEBKIT_FIRST_VERSION_WITH_RELOAD_FROM_ORIGIN 0x02100700 // 528.7.0
 #define WEBKIT_FIRST_VERSION_WITHOUT_WEBVIEW_INIT_THREAD_WORKAROUND 0x02100700 // 528.7.0
 #define WEBKIT_FIRST_VERSION_WITH_ROUND_TWO_MAIN_THREAD_EXCEPTIONS 0x02120400 // 530.4.0
+#define WEBKIT_FIRST_VERSION_WITHOUT_BUMPERCAR_BACK_FORWARD_QUIRK 0x02120700 // 530.7.0

 #ifdef __cplusplus
 extern "C" {