|Summary:||constructTreeFromCompactHTMLToken should call clearExternalCharacters|
|Product:||WebKit||Reporter:||Eric Seidel (no email) <eric>|
|Component:||New Bugs||Assignee:||Eric Seidel (no email) <eric>|
|Severity:||Normal||CC:||abarth, esprehn+autocc, inferno, ojan.autocc, webkit.review.bot|
|Version:||528+ (Nightly build)|
|Bug Depends on:|
Description Eric Seidel (no email) 2013-03-02 02:22:43 PST
constructTreeFromCompactHTMLToken should call clearExternalCharacters
Comment 2 Eric Seidel (no email) 2013-03-02 02:25:21 PST
I don't believe this causes any behavior change, but it's possible this is why we were passing that inspector view-source test better with the threaded parser. In order to have this be a problem, we would have to push a token onto the TreeBuilder's item-stack, and then end the chuck, and then somehow cause item()->token()->characters() to be accessed while parsing the next chunk.
Comment 3 Eric Seidel (no email) 2013-03-02 02:27:18 PST
This whole design is wrong for HTMLCompactToken. We shouldn't need a heap allocated AtomicHTMLToken anyway. We should replace it with a stack-allocated object which knows how to hang onto the necessary data when copied into an HTMLStackItem.
Comment 4 Adam Barth 2013-03-02 10:00:57 PST
Comment on attachment 191102 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=191102&action=review > Source/WebCore/ChangeLog:10 > + I don't know how to write a test for this. It's possible characters() > + is never accessed from HTMLStackItem::token(), but it's better to be > + safe than sorry here. Yeah, there isn't any behavior change from this patch, but it's worth doing anyway. > Source/WebCore/html/parser/HTMLDocumentParser.cpp:573 > + token->clearExternalCharacters(); // The compact token could be destroyed any time after this method returns. Yeah, we do the same thing in HTMLDocumentParser::constructTreeFromHTMLToken
Comment 5 WebKit Review Bot 2013-03-02 10:11:53 PST
Comment on attachment 191102 [details] Patch Clearing flags on attachment: 191102 Committed r144543: <http://trac.webkit.org/changeset/144543>
Comment 6 WebKit Review Bot 2013-03-02 10:11:56 PST
All reviewed patches have been landed. Closing bug.