Fix for crash when doing 'reload frame'

David Faure faure at kde.org
Tue Feb 10 16:01:22 CET 2004 

Can you check if this affects Safari too?
Testcase:
http://www.heimatverein-boerger.de/1024x768/default.htm 
right-click the left frame (the one with the counter),
select Reload Frame -> crash.

This code was in the 3.1.x branch so it might affect Safari too.

----------  Forwarded Message  ----------

Subject: kdelibs/khtml
Date: Monday 09 February 2004 15:09
From: David Faure <faure at kde.org>
To: kde-cvs at kde.org
Cc: khtml-cvs at kde.org

CVS commit by faure: 

ecma/kjs_events.h (clear): set listener object to Null(), not to an invalid Object(),
which will crash when the listener is stored in another frame (#61467). Maybe it would be better
to really remove the event listener in this case, but this is hard to do efficiently.

Removed some unused stuff.


  M +6 -0      ChangeLog   1.200
  M +6 -14     ecma/kjs_events.cpp   1.81
  M +6 -8      ecma/kjs_events.h   1.31


--- kdelibs/khtml/ChangeLog  #1.199:1.200
@@ -1,2 +1,8 @@
+2004-02-09  David Faure  <faure at kde.org>
+
+        * ecma/kjs_events.h (clear): set listener object to Null(), not to an invalid Object(),
+        which will crash when the listener is stored in another frame (#61467). Maybe it would be better
+        to really remove the event listener in this case, but this is hard to do efficiently.
+
 2004-02-09  Stephan Kulow  <coolo at kde.org>
 

--- kdelibs/khtml/ecma/kjs_events.cpp  #1.80:1.81
@@ -62,5 +62,6 @@ void JSEventListener::handleEvent(DOM::E
     proxy = KJSProxy::proxy( part );
 
-  if (proxy && listener.implementsCall()) {
+  Object listenerObj = Object::dynamicCast( listener );
+  if (proxy && listenerObj.implementsCall()) {
     ref();
 
@@ -73,5 +74,5 @@ void JSEventListener::handleEvent(DOM::E
     // Set "this" to the event's current target
     Object thisObj = Object::dynamicCast(getDOMNode(exec,evt.currentTarget()));
-    ScopeChain oldScope = listener.scope();
+    ScopeChain oldScope = listenerObj.scope();
     if ( thisObj.isValid() ) {
       ScopeChain scope = oldScope;
@@ -79,5 +80,5 @@ void JSEventListener::handleEvent(DOM::E
       // (and the document, and the form - see KJS::HTMLElement::eventHandlerScope)
       static_cast<DOMNode*>(thisObj.imp())->pushEventHandlerScope(exec, scope);
-      listener.setScope( scope );
+      listenerObj.setScope( scope );
     }
     else {
@@ -101,8 +102,8 @@ void JSEventListener::handleEvent(DOM::E
     KJSCPUGuard guard;
     guard.start();
-    Value retval = listener.call(exec, thisObj, args);
+    Value retval = listenerObj.call(exec, thisObj, args);
     guard.stop();
 
-    listener.setScope( oldScope );
+    listenerObj.setScope( oldScope );
 
     window->setCurrentEvent( 0 );
@@ -129,13 +130,4 @@ DOM::DOMString JSEventListener::eventLis
 }
 
-Value KJS::getNodeEventListener(DOM::Node n, int eventId)
-{
-    DOM::EventListener *listener = n.handle()->getHTMLEventListener(eventId);
-    if (listener)
-        return static_cast<JSEventListener*>(listener)->listenerObj();
-    else
-        return Null();
-}
-
 // -------------------------------------------------------------------------
 

--- kdelibs/khtml/ecma/kjs_events.h  #1.30:1.31
@@ -45,18 +45,16 @@ namespace KJS {
     virtual DOM::DOMString eventListenerType();
     // Return the KJS function object executed when this event is emitted
-    Object listenerObj() const { return listener; }
-    // Faster version of listenerObj()
-    ObjectImp *listenerObjImp() const { return static_cast<ObjectImp *>(listener.imp()); }
-    // for Window::clear()
-    void clear() { listener = Object(); }
+    Value listenerObj() const { return listener; }
+    // for Window::clear(). This is a bad hack though. The JSEventListener might not get deleted
+    // if it was added to a DOM node in another frame (#61467). But calling removeEventListener on
+    // all nodes we're listening to is quite difficult.
+    void clear() { listener = Null(); }
 
   protected:
-    Object listener;
+    Value listener;
     bool html;
     Object win, m_hackThisObj;
   };
 
-  Value getNodeEventListener(DOM::Node n, int eventId);
-
   // Constructor for Event - currently only used for some global vars
   class EventConstructor : public DOMObject {

-------------------------------------------------------

-- 
David Faure, faure at kde.org, sponsored by Trolltech to work on KDE,
Konqueror (http://www.konqueror.org), and KOffice (http://www.koffice.org).

More information about the Khtml-devel mailing list