changeset 9465:51c2129d282c

8145682: topDocument() returns an incorrect reference for cached Documents Reviewed-by: azvegint, kcr Contributed-by: murali.billa@oracle.com
author azvegint
date Sun, 20 Dec 2015 17:30:09 +0300
parents 298ee18c8890
children 8adbdda40fdb
files modules/web/src/main/native/Source/WebCore/dom/Document.cpp
diffstat 1 files changed, 14 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/modules/web/src/main/native/Source/WebCore/dom/Document.cpp	Sat Dec 19 11:20:21 2015 -0500
+++ b/modules/web/src/main/native/Source/WebCore/dom/Document.cpp	Sun Dec 20 17:30:09 2015 +0300
@@ -4284,11 +4284,20 @@
 
 Document& Document::topDocument() const
 {
-    if (!m_frame)
-        return const_cast<Document&>(*this);
-    // This should always be non-null.
-    Document* mainFrameDocument = m_frame->mainFrame().document();
-    return mainFrameDocument ? *mainFrameDocument : const_cast<Document&>(*this);
+    // FIXME: This special-casing avoids incorrectly determined top documents during the process
+    // of AXObjectCache teardown or notification posting for cached or being-destroyed documents.
+    if (!m_inPageCache && !m_renderTreeBeingDestroyed) {
+        if (!m_frame)
+            return const_cast<Document&>(*this);
+        // This should always be non-null.
+        Document* mainFrameDocument = m_frame->mainFrame().document();
+        return mainFrameDocument ? *mainFrameDocument : const_cast<Document&>(*this);
+    }
+
+    Document* document = const_cast<Document*>(this);
+    while (HTMLFrameOwnerElement* element = document->ownerElement())
+        document = &element->document();
+    return *document;
 }
 
 PassRefPtr<Attr> Document::createAttribute(const String& name, ExceptionCode& ec)