summaryrefslogtreecommitdiff
path: root/Source/WebCore/loader/ImageLoader.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Imported QtWebKit TP3 (git b57bc6801f1876c3220d5a4bfea33d620d477443)Konstantin Tokarev2017-02-021-94/+123
| | | | | Change-Id: I3b1d8a2808782c9f34d50240000e20cb38d3680f Reviewed-by: Konstantin Tokarev <annulen@yandex.ru>
* use after free in WebCore::DocumentOrderedMap::remove / ↵Zalan Bujtas2014-07-041-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | WebCore::TreeScope::removeElementById https://bugs.webkit.org/show_bug.cgi?id=121324 Reviewed by Ryosuke Niwa. Update the document ordered map for an image element before dispatching load or error events when it's inserted into a document. Source/WebCore: Test: fast/dom/modify-node-and-while-in-the-callback-too-crash.html * dom/DocumentOrderedMap.cpp: defensive fix to avoid use after free issues. (WebCore::DocumentOrderedMap::remove): * html/HTMLImageElement.cpp: (WebCore::HTMLImageElement::insertedInto): * loader/ImageLoader.cpp: (WebCore::ImageLoader::updateFromElement): setting m_failedLoadURL makes repeated updateFromElement calls return early. Change-Id: I305e56de969d0efe3dc67930cdf585a201e8c6a5 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159481 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Michael Bruning <michael.bruning@digia.com>
* Update RenderImage when the image src is clearedspartha2014-05-061-1/+4
| | | | | | | | | | | | | | | When the src is removed via JavaScript, the image loader now updates the renderer. BUG=123017 Review URL: https://chromiumcodereview.appspot.com/20473002 git-svn-id: svn://svn.chromium.org/blink/trunk@155294 bbb929c8-8fbe-4397-9dbb-9b2b20218538 Task-number: QTBUG-38287 Change-Id: I49c353cfa4ad1f7c1ceac80df81b8cb713d291df Reviewed-by: Michael Bruning <michael.bruning@digia.com>
* Import Qt5x2 branch of QtWebkit for Qt 5.2Allan Sandfeld Jensen2013-09-191-53/+82
| | | | | | | Importing a new snapshot of webkit. Change-Id: I2d01ad12cdc8af8cb015387641120a9d7ea5f10c Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* If ImageLoader's loadEventSender or errorEventSender fires after document is ↵Yongjun Zhang2013-08-081-6/+8
| | | | | | | | | | | | | | | | | | | | | | | | | detached, the document will be leaked. https://bugs.webkit.org/show_bug.cgi?id=106394 Patch by Yongjun Zhang <yongjun_zhang@apple.com> on 2013-01-09 Reviewed by Alexey Proskuryakov. ImageLoader's loadEventSender and errorEventSender schedule event dispatching in separate timers and refs the Element in updatedHasPendingEvent. If the Document is detached before either eventSender dispatches, we would leak the Document since we bail out early in dispatchPendingLoadEvent or dispatchPendingErrorEvent, without deref-ing the Element itself. No new tests. Verified manually by using heap tool to count the living HTMLDocuments. * loader/ImageLoader.cpp: (WebCore::ImageLoader::dispatchPendingLoadEvent): also call updatedHasPendingEvent to deref the Element if the document is detached. (WebCore::ImageLoader::dispatchPendingErrorEvent): ditto. Change-Id: Ie1102e0659bf37f4cf0002ce1d2ee259c6840921 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@139209 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Imported WebKit commit e89504fa9195b2063b2530961d4b73dd08de3242 ↵Simon Hausmann2012-11-221-0/+1
| | | | | | | (http://svn.webkit.org/repository/webkit/trunk@135485) Change-Id: I03774e5ac79721c13ffa30d152537a74d0b12e66 Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
* Imported WebKit commit 20434eb8eb95065803473139d8794e98a7672f75 ↵Simon Hausmann2012-10-231-3/+4
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@132191) New snapshot that should fix build with latest qtbase and the QPlastiqueStyle removal
* Imported WebKit commit 795dcd25a9649fccaf1c9b685f6e2ffedaf7e620 ↵Simon Hausmann2012-10-181-12/+11
| | | | | | | (http://svn.webkit.org/repository/webkit/trunk@131718) New snapshot that includes the return of -fkeep-memory at link time to reduce memory pressure as well as modularized documentation
* Imported WebKit commit 68645295d2e3e09af2c942f092556f06aa5f8b0d ↵Simon Hausmann2012-09-101-1/+1
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@128073) New snapshot
* Imported WebKit commit 35255d8c2fd37ba4359e75fe0ebe6aec87687f9c ↵Simon Hausmann2012-08-221-2/+8
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@126284) New snapshot that includes MSVC 64-bit build fix
* Imported WebKit commit e65cbc5b6ac32627c797e7fc7f46eb7794410c92 ↵Simon Hausmann2012-07-231-5/+14
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@123308) New snapshot with better configure tests
* Imported WebKit commit ff52235a78888e5cb8e286a828a8698042200e67 ↵Simon Hausmann2012-07-181-36/+42
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@122948) New snapshot that should fix the rendering issues recently introduced
* Imported WebKit commit 3a8c29f35d00659d2ce7a0ccdfa8304f14e82327 ↵Simon Hausmann2012-06-201-0/+43
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@120813) New snapshot with Windows build fixes
* Imported WebKit commit 1350e72f7345ced9da2bd9980deeeb5a8d62fab4 ↵Simon Hausmann2012-05-181-5/+8
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@117578) Weekly snapshot
* Imported WebKit commit 9a52e27980f47e8b0d8f8b7cc0fd7b5741bceb92 ↵Simon Hausmann2012-05-111-2/+2
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@116736) New snapshot to include QDeclarative* -> QQml* build fixes
* Imported WebKit commit 7e538425aa020340619e927792f3d895061fb54b ↵Simon Hausmann2012-05-071-25/+65
| | | | (http://svn.webkit.org/repository/webkit/trunk@116286)
* Imported WebKit commit bb52bf3c0119e8a128cd93afe5572413a8617de9 ↵Simon Hausmann2012-02-241-88/+11
| | | | (http://svn.webkit.org/repository/webkit/trunk@108790)
* Imported WebKit commit 2ea9d364d0f6efa8fa64acf19f451504c59be0e4 ↵Simon Hausmann2012-01-061-0/+419
(http://svn.webkit.org/repository/webkit/trunk@104285)
View Lorry Controller Status