From 321aa9d20101560dfcef6738be70916b47dbb0ed Mon Sep 17 00:00:00 2001 From: Simon Hausmann Date: Tue, 3 Aug 2010 14:18:44 +0200 Subject: Updated WebKit to d6aa024c84f61d0602bef4eef84efaed7cfeefcc Integrated changes: || || Crash while uploading a PDF document on www.largefilesasap.com || || || [Qt] Stack overflow when converting navigator object to QVariant || || || [Qt] Incorrect input method hints || --- src/3rdparty/webkit/.tag | 2 +- src/3rdparty/webkit/VERSION | 2 +- src/3rdparty/webkit/WebCore/ChangeLog | 37 ++++++++++++++++++++++ .../webkit/WebCore/bridge/qt/qt_runtime.cpp | 31 ++++++++++-------- .../webkit/WebCore/platform/FileChooser.cpp | 6 ++-- src/3rdparty/webkit/WebCore/platform/FileChooser.h | 4 ++- .../WebCore/rendering/RenderFileUploadControl.cpp | 5 +-- .../WebCore/rendering/RenderFileUploadControl.h | 2 +- src/3rdparty/webkit/WebKit/qt/ChangeLog | 16 ++++++++++ .../WebKit/qt/WebCoreSupport/EditorClientQt.cpp | 26 +++++++-------- .../WebKit/qt/tests/qwebview/tst_qwebview.cpp | 23 +++++++++++--- 11 files changed, 113 insertions(+), 41 deletions(-) diff --git a/src/3rdparty/webkit/.tag b/src/3rdparty/webkit/.tag index 0b414ab..718ea9d 100644 --- a/src/3rdparty/webkit/.tag +++ b/src/3rdparty/webkit/.tag @@ -1 +1 @@ -e6e692bb056670e2781dd0bc473a60757ae53992 +d6aa024c84f61d0602bef4eef84efaed7cfeefcc diff --git a/src/3rdparty/webkit/VERSION b/src/3rdparty/webkit/VERSION index f8403fb..1826cb6 100644 --- a/src/3rdparty/webkit/VERSION +++ b/src/3rdparty/webkit/VERSION @@ -4,4 +4,4 @@ This is a snapshot of the Qt port of WebKit from and has the sha1 checksum - e6e692bb056670e2781dd0bc473a60757ae53992 + d6aa024c84f61d0602bef4eef84efaed7cfeefcc diff --git a/src/3rdparty/webkit/WebCore/ChangeLog b/src/3rdparty/webkit/WebCore/ChangeLog index 5189eb5..5b78226 100644 --- a/src/3rdparty/webkit/WebCore/ChangeLog +++ b/src/3rdparty/webkit/WebCore/ChangeLog @@ -1,3 +1,40 @@ +2010-06-14 Andreas Kling + + Reviewed by Tor Arne Vestbø. + + [Qt] Stack overflow when converting navigator object to QVariant + https://bugs.webkit.org/show_bug.cgi?id=40572 + + Protect against infinite recursion in JSValue->QVariant conversion. + This fixes a crash when trying to convert MimeType objects (they + recurse infinitely and on-the-fly via the enabledPlugin property.) + + * bridge/qt/qt_runtime.cpp: + (JSC::Bindings::convertValueToQVariant): + +2010-03-30 Kent Tamura + + Reviewed by Brady Eidson. + + REGRESSION (r56439) - Crash when a renderer for a file upload control + with a selected file is recreated + https://bugs.webkit.org/show_bug.cgi?id=36723 + + RenderFileUploadControl::chooseIconForFiles was called before + m_fileChooser was initialized. + + * platform/FileChooser.cpp: + (WebCore::FileChooser::FileChooser): Introduce m_isInitializing flag to + avoid FileChooserClient::repaint() call. + (WebCore::FileChooser::loadIcon): + (WebCore::FileChooser::iconLoaded): + * platform/FileChooser.h: Add a FielChooser parameter to + FileChooserClient::chooseIconForFiles(). + * rendering/RenderFileUploadControl.cpp: + (WebCore::RenderFileUploadControl::chooseIconForFiles): + (WebCore::RenderFileUploadControl::paintObject): Add an assertion. + * rendering/RenderFileUploadControl.h: + 2010-07-06 Nikolas Zimmermann Reviewed by Dirk Schulze. diff --git a/src/3rdparty/webkit/WebCore/bridge/qt/qt_runtime.cpp b/src/3rdparty/webkit/WebCore/bridge/qt/qt_runtime.cpp index a39dc7a..2212f58 100644 --- a/src/3rdparty/webkit/WebCore/bridge/qt/qt_runtime.cpp +++ b/src/3rdparty/webkit/WebCore/bridge/qt/qt_runtime.cpp @@ -162,9 +162,11 @@ static JSRealType valueRealType(ExecState* exec, JSValue val) return String; // I don't know. } -QVariant convertValueToQVariant(ExecState* exec, JSValue value, QMetaType::Type hint, int *distance, HashSet* visitedObjects) +QVariant convertValueToQVariant(ExecState* exec, JSValue value, QMetaType::Type hint, int *distance, HashSet* visitedObjects, int recursionLimit) { - if (!value) + --recursionLimit; + + if (!value || !recursionLimit) return QVariant(); JSObject* object = 0; @@ -344,7 +346,7 @@ QVariant convertValueToQVariant(ExecState* exec, JSValue value, QMetaType::Type while(it != properties.end()) { if (object->propertyIsEnumerable(exec, *it)) { JSValue val = object->get(exec, *it); - QVariant v = convertValueToQVariant(exec, val, QMetaType::Void, &objdist, visitedObjects); + QVariant v = convertValueToQVariant(exec, val, QMetaType::Void, &objdist, visitedObjects, recursionLimit); if (objdist >= 0) { UString ustring = (*it).ustring(); QString id = QString((const QChar*)ustring.rep()->characters(), ustring.size()); @@ -368,7 +370,7 @@ QVariant convertValueToQVariant(ExecState* exec, JSValue value, QMetaType::Type qConvDebug() << "converting a " << len << " length Array"; for (int i = 0; i < len; ++i) { JSValue val = rtarray->getConcreteArray()->valueAt(exec, i); - result.append(convertValueToQVariant(exec, val, QMetaType::Void, &objdist, visitedObjects)); + result.append(convertValueToQVariant(exec, val, QMetaType::Void, &objdist, visitedObjects, recursionLimit)); if (objdist == -1) { qConvDebug() << "Failed converting element at index " << i; break; // Failed converting a list entry, so fail the array @@ -387,7 +389,7 @@ QVariant convertValueToQVariant(ExecState* exec, JSValue value, QMetaType::Type qConvDebug() << "converting a " << len << " length Array"; for (int i = 0; i < len; ++i) { JSValue val = array->get(exec, i); - result.append(convertValueToQVariant(exec, val, QMetaType::Void, &objdist, visitedObjects)); + result.append(convertValueToQVariant(exec, val, QMetaType::Void, &objdist, visitedObjects, recursionLimit)); if (objdist == -1) { qConvDebug() << "Failed converting element at index " << i; break; // Failed converting a list entry, so fail the array @@ -401,7 +403,7 @@ QVariant convertValueToQVariant(ExecState* exec, JSValue value, QMetaType::Type // Make a single length array int objdist; qConvDebug() << "making a single length variantlist"; - QVariant var = convertValueToQVariant(exec, value, QMetaType::Void, &objdist, visitedObjects); + QVariant var = convertValueToQVariant(exec, value, QMetaType::Void, &objdist, visitedObjects, recursionLimit); if (objdist != -1) { QVariantList result; result << var; @@ -645,7 +647,7 @@ QVariant convertValueToQVariant(ExecState* exec, JSValue value, QMetaType::Type for (int i = 0; i < len; ++i) { JSValue val = rtarray->getConcreteArray()->valueAt(exec, i); int itemdist = -1; - QVariant item = convertValueToQVariant(exec, val, QMetaType::QObjectStar, &itemdist, visitedObjects); + QVariant item = convertValueToQVariant(exec, val, QMetaType::QObjectStar, &itemdist, visitedObjects, recursionLimit); if (itemdist >= 0) result.append(item.value()); else @@ -664,7 +666,7 @@ QVariant convertValueToQVariant(ExecState* exec, JSValue value, QMetaType::Type for (int i = 0; i < len; ++i) { JSValue val = array->get(exec, i); int itemdist = -1; - QVariant item = convertValueToQVariant(exec, val, QMetaType::QObjectStar, &itemdist, visitedObjects); + QVariant item = convertValueToQVariant(exec, val, QMetaType::QObjectStar, &itemdist, visitedObjects, recursionLimit); if (itemdist >= 0) result.append(item.value()); else @@ -679,7 +681,7 @@ QVariant convertValueToQVariant(ExecState* exec, JSValue value, QMetaType::Type // Make a single length array QObjectList result; int itemdist = -1; - QVariant item = convertValueToQVariant(exec, value, QMetaType::QObjectStar, &itemdist, visitedObjects); + QVariant item = convertValueToQVariant(exec, value, QMetaType::QObjectStar, &itemdist, visitedObjects, recursionLimit); if (itemdist >= 0) { result.append(item.value()); dist = 10; @@ -696,7 +698,7 @@ QVariant convertValueToQVariant(ExecState* exec, JSValue value, QMetaType::Type for (int i = 0; i < len; ++i) { JSValue val = rtarray->getConcreteArray()->valueAt(exec, i); int itemdist = -1; - QVariant item = convertValueToQVariant(exec, val, QMetaType::Int, &itemdist, visitedObjects); + QVariant item = convertValueToQVariant(exec, val, QMetaType::Int, &itemdist, visitedObjects, recursionLimit); if (itemdist >= 0) result.append(item.value()); else @@ -715,7 +717,7 @@ QVariant convertValueToQVariant(ExecState* exec, JSValue value, QMetaType::Type for (int i = 0; i < len; ++i) { JSValue val = array->get(exec, i); int itemdist = -1; - QVariant item = convertValueToQVariant(exec, val, QMetaType::Int, &itemdist, visitedObjects); + QVariant item = convertValueToQVariant(exec, val, QMetaType::Int, &itemdist, visitedObjects, recursionLimit); if (itemdist >= 0) result.append(item.value()); else @@ -730,7 +732,7 @@ QVariant convertValueToQVariant(ExecState* exec, JSValue value, QMetaType::Type // Make a single length array QList result; int itemdist = -1; - QVariant item = convertValueToQVariant(exec, value, QMetaType::Int, &itemdist, visitedObjects); + QVariant item = convertValueToQVariant(exec, value, QMetaType::Int, &itemdist, visitedObjects, recursionLimit); if (itemdist >= 0) { result.append(item.value()); dist = 10; @@ -757,7 +759,7 @@ QVariant convertValueToQVariant(ExecState* exec, JSValue value, QMetaType::Type } // And then recurse with the autodetect flag - ret = convertValueToQVariant(exec, value, QMetaType::Void, distance, visitedObjects); + ret = convertValueToQVariant(exec, value, QMetaType::Void, distance, visitedObjects, recursionLimit); dist = 10; } break; @@ -777,8 +779,9 @@ QVariant convertValueToQVariant(ExecState* exec, JSValue value, QMetaType::Type QVariant convertValueToQVariant(ExecState* exec, JSValue value, QMetaType::Type hint, int *distance) { + const int recursionLimit = 200; HashSet visitedObjects; - return convertValueToQVariant(exec, value, hint, distance, &visitedObjects); + return convertValueToQVariant(exec, value, hint, distance, &visitedObjects, recursionLimit); } JSValue convertQVariantToValue(ExecState* exec, PassRefPtr root, const QVariant& variant) diff --git a/src/3rdparty/webkit/WebCore/platform/FileChooser.cpp b/src/3rdparty/webkit/WebCore/platform/FileChooser.cpp index dd4fc0d..90dd567 100644 --- a/src/3rdparty/webkit/WebCore/platform/FileChooser.cpp +++ b/src/3rdparty/webkit/WebCore/platform/FileChooser.cpp @@ -39,9 +39,11 @@ FileChooserClient::~FileChooserClient() inline FileChooser::FileChooser(FileChooserClient* client, const Vector& initialFilenames) : m_client(client) + , m_isInitializing(true) { m_filenames = initialFilenames; loadIcon(); + m_isInitializing = false; } PassRefPtr FileChooser::create(FileChooserClient* client, const Vector& initialFilenames) @@ -79,13 +81,13 @@ void FileChooser::chooseFiles(const Vector& filenames) void FileChooser::loadIcon() { if (m_filenames.size() && m_client) - m_client->chooseIconForFiles(m_filenames); + m_client->chooseIconForFiles(this, m_filenames); } void FileChooser::iconLoaded(PassRefPtr icon) { m_icon = icon; - if (m_icon && m_client) + if (!m_isInitializing && m_icon && m_client) m_client->repaint(); } diff --git a/src/3rdparty/webkit/WebCore/platform/FileChooser.h b/src/3rdparty/webkit/WebCore/platform/FileChooser.h index 4028d41..e93b9ac 100644 --- a/src/3rdparty/webkit/WebCore/platform/FileChooser.h +++ b/src/3rdparty/webkit/WebCore/platform/FileChooser.h @@ -35,6 +35,7 @@ namespace WebCore { +class FileChooser; class Font; class Icon; @@ -44,7 +45,7 @@ public: virtual void repaint() = 0; virtual bool allowsMultipleFiles() = 0; virtual String acceptTypes() = 0; - virtual void chooseIconForFiles(const Vector&) = 0; + virtual void chooseIconForFiles(FileChooser*, const Vector&) = 0; virtual ~FileChooserClient(); }; @@ -79,6 +80,7 @@ private: FileChooserClient* m_client; Vector m_filenames; RefPtr m_icon; + bool m_isInitializing; }; } // namespace WebCore diff --git a/src/3rdparty/webkit/WebCore/rendering/RenderFileUploadControl.cpp b/src/3rdparty/webkit/WebCore/rendering/RenderFileUploadControl.cpp index 14d126d..6a5c1e0 100644 --- a/src/3rdparty/webkit/WebCore/rendering/RenderFileUploadControl.cpp +++ b/src/3rdparty/webkit/WebCore/rendering/RenderFileUploadControl.cpp @@ -114,10 +114,10 @@ String RenderFileUploadControl::acceptTypes() return static_cast(node())->accept(); } -void RenderFileUploadControl::chooseIconForFiles(const Vector& filenames) +void RenderFileUploadControl::chooseIconForFiles(FileChooser* chooser, const Vector& filenames) { if (Chrome* chromePointer = chrome()) - chromePointer->chooseIconForFiles(filenames, m_fileChooser); + chromePointer->chooseIconForFiles(filenames, chooser); } void RenderFileUploadControl::click() @@ -195,6 +195,7 @@ void RenderFileUploadControl::paintObject(PaintInfo& paintInfo, int tx, int ty) { if (style()->visibility() != VISIBLE) return; + ASSERT(m_fileChooser); // Push a clip. if (paintInfo.phase == PaintPhaseForeground || paintInfo.phase == PaintPhaseChildBlockBackgrounds) { diff --git a/src/3rdparty/webkit/WebCore/rendering/RenderFileUploadControl.h b/src/3rdparty/webkit/WebCore/rendering/RenderFileUploadControl.h index a5f3367..25d2639 100644 --- a/src/3rdparty/webkit/WebCore/rendering/RenderFileUploadControl.h +++ b/src/3rdparty/webkit/WebCore/rendering/RenderFileUploadControl.h @@ -63,7 +63,7 @@ private: void repaint() { RenderBlock::repaint(); } bool allowsMultipleFiles(); String acceptTypes(); - void chooseIconForFiles(const Vector&); + void chooseIconForFiles(FileChooser*, const Vector&); Chrome* chrome() const; int maxFilenameWidth() const; diff --git a/src/3rdparty/webkit/WebKit/qt/ChangeLog b/src/3rdparty/webkit/WebKit/qt/ChangeLog index b2bff0c..94aca65 100644 --- a/src/3rdparty/webkit/WebKit/qt/ChangeLog +++ b/src/3rdparty/webkit/WebKit/qt/ChangeLog @@ -1,3 +1,19 @@ +2010-07-27 Simon Hausmann + + Reviewed by Tor Arne Vestbø. + + [Qt] Incorrect input method hints + https://bugs.webkit.org/show_bug.cgi?id=43037 + + Properly set or reset all input method hints when + activating input fields. + + * WebCoreSupport/EditorClientQt.cpp: + (WebCore::EditorClientQt::setInputMethodState): + * tests/qwebview/tst_qwebview.cpp: + (tst_QWebView::focusInputTypes): Extended unit test to verify that we + reset hints. + 2009-10-30 Tor Arne Vestbø Reviewed by Kenneth Rohde Christiansen. diff --git a/src/3rdparty/webkit/WebKit/qt/WebCoreSupport/EditorClientQt.cpp b/src/3rdparty/webkit/WebKit/qt/WebCoreSupport/EditorClientQt.cpp index 1cebef7..cdc4013 100644 --- a/src/3rdparty/webkit/WebKit/qt/WebCoreSupport/EditorClientQt.cpp +++ b/src/3rdparty/webkit/WebKit/qt/WebCoreSupport/EditorClientQt.cpp @@ -606,20 +606,18 @@ void EditorClientQt::setInputMethodState(bool active) inputElement = static_cast(frame->document()->focusedNode()); if (inputElement) { - if (!active) { - // Setting the Qt::WA_InputMethodEnabled attribute true and Qt::ImhHiddenText flag - // for password fields. The Qt platform is responsible for determining which widget - // will receive input method events for password fields. - active = inputElement->isPasswordField(); - webPageClient->setInputMethodHint(Qt::ImhHiddenText, active); - } else { - // Set input method hints for "number", "tel", "email", and "url" input elements. - webPageClient->setInputMethodHint(Qt::ImhDialableCharactersOnly, inputElement->isTelephoneField()); - webPageClient->setInputMethodHint(Qt::ImhDigitsOnly, inputElement->isNumberField()); - webPageClient->setInputMethodHint(Qt::ImhEmailCharactersOnly, inputElement->isEmailField()); - webPageClient->setInputMethodHint(Qt::ImhUrlCharactersOnly, inputElement->isUrlField()); - webPageClient->setInputMethodHint(Qt::ImhHiddenText, inputElement->isPasswordField()); - } + // Set input method hints for "number", "tel", "email", "url" and "password" input elements. + webPageClient->setInputMethodHint(Qt::ImhDialableCharactersOnly, inputElement->isTelephoneField()); + webPageClient->setInputMethodHint(Qt::ImhDigitsOnly, inputElement->isNumberField()); + webPageClient->setInputMethodHint(Qt::ImhEmailCharactersOnly, inputElement->isEmailField()); + webPageClient->setInputMethodHint(Qt::ImhUrlCharactersOnly, inputElement->isUrlField()); + // Setting the Qt::WA_InputMethodEnabled attribute true and Qt::ImhHiddenText flag + // for password fields. The Qt platform is responsible for determining which widget + // will receive input method events for password fields. + bool isPasswordField = inputElement->isPasswordField(); + webPageClient->setInputMethodHint(Qt::ImhHiddenText, isPasswordField); + if (isPasswordField) + active = true; } #if defined(Q_WS_MAEMO_5) || defined(Q_OS_SYMBIAN) diff --git a/src/3rdparty/webkit/WebKit/qt/tests/qwebview/tst_qwebview.cpp b/src/3rdparty/webkit/WebKit/qt/tests/qwebview/tst_qwebview.cpp index 835ad82..5dc5e41 100644 --- a/src/3rdparty/webkit/WebKit/qt/tests/qwebview/tst_qwebview.cpp +++ b/src/3rdparty/webkit/WebKit/qt/tests/qwebview/tst_qwebview.cpp @@ -267,23 +267,36 @@ void tst_QWebView::focusInputTypes() // 'password' field webView->fireMouseClick(QPoint(20, 60)); - QVERIFY(webView->inputMethodHints() & Qt::ImhHiddenText); + QVERIFY(webView->inputMethodHints() == Qt::ImhHiddenText); // 'tel' field webView->fireMouseClick(QPoint(20, 110)); - QVERIFY(webView->inputMethodHints() & Qt::ImhDialableCharactersOnly); + QVERIFY(webView->inputMethodHints() == Qt::ImhDialableCharactersOnly); // 'number' field webView->fireMouseClick(QPoint(20, 160)); - QVERIFY(webView->inputMethodHints() & Qt::ImhDigitsOnly); + QVERIFY(webView->inputMethodHints() == Qt::ImhDigitsOnly); // 'email' field webView->fireMouseClick(QPoint(20, 210)); - QVERIFY(webView->inputMethodHints() & Qt::ImhEmailCharactersOnly); + QVERIFY(webView->inputMethodHints() == Qt::ImhEmailCharactersOnly); // 'url' field webView->fireMouseClick(QPoint(20, 260)); - QVERIFY(webView->inputMethodHints() & Qt::ImhUrlCharactersOnly); + QVERIFY(webView->inputMethodHints() == Qt::ImhUrlCharactersOnly); + + // 'password' field + webView->fireMouseClick(QPoint(20, 60)); + QVERIFY(webView->inputMethodHints() == Qt::ImhHiddenText); + + // 'text' type + webView->fireMouseClick(QPoint(20, 10)); +#if defined(Q_WS_MAEMO_5) || defined(Q_WS_MAEMO_6) || defined(Q_OS_SYMBIAN) + QVERIFY(webView->inputMethodHints() & Qt::ImhNoAutoUppercase); + QVERIFY(webView->inputMethodHints() & Qt::ImhNoPredictiveText); +#else + QVERIFY(webView->inputMethodHints() == Qt::ImhNone); +#endif delete webView; -- cgit v0.12