FCL/sf/mw/qtwebkit: WebCore/manual-tests/crash-on-accessing-domwindow-without-frame.html@303757a437d3 (annotated)

0 4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1	<script>
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	2	var w;
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	3	function clear() {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	4	// Id doesn't matter, the crash happens while trying to access the NULL Document to lookup the Id.
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	5	w.clearTimeout(153);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	6	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	7
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	8	function test() {
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	9	w = window.open("data:text/html,"+
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	10	"<script>" +
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	11	"function navigate() { location.href='data:text/html,<body>Close this page and wait.</body>'};" +
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	12	"setTimeout(navigate,0);</" +
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	13	"script>");
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	14
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	15	setInterval(clear, 20);
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	16	}
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	17	</script>
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	18	<body><p>This test reproduces the crash that happens when JavaScript has access to DOMWindow which is disconnected from its Frame. This crash was fixed by http://trac.webkit.org/changeset/49786</p>
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	19	To reproduce the crash:
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	20	<ul><li>Click the link below, the popup window opens.</li><li>Close the popup window.</li><li>Wait about 10 seconds (~10, page cache should start deleting pages) and observe the crash.</li></ul>
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	21	Crashes on Safari 4.0.3</p><p><a href="javascript:test()">Crash me!</a></p>
4f2f89ce4247 Revision: 201037 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	22	</body>

author	Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
	Mon, 04 Oct 2010 01:32:07 +0300
changeset 2	303757a437d3
parent 0	4f2f89ce4247
permissions	-rw-r--r--