Fix WebViewCore uninitialised data.

Improve WebViewCore initialisation by using the
initialiser list rather than assignment in the
constructor. Ensure that *all* members get an initial
value.

Also remove the WebViewCore::reset(bool) function, that
was only being called from the constructor and so is
now unnecessary.

Additionally remove two completely unused members and one
(m_now) that was being written once but never read (and only
ever behind a debug #ifdef).

Bug: 5399726

Change-Id: I29216737c2406eed1cdc426d011bca0728fdf232

2 files changed, 95 insertions, 111 deletions

diff --git a/Source/WebKit/android/jni/WebViewCore.cpp b/Source/WebKit/android/jni/WebViewCore.cpp
index 6d6b81c..527d596 100644
--- a/Source/WebKit/android/jni/WebViewCore.cpp
+++ b/Source/WebKit/android/jni/WebViewCore.cpp
@@ -340,34 +340,64 @@ Mutex WebViewCore::gButtonMutex;
 Mutex WebViewCore::gCursorBoundsMutex;
 
 WebViewCore::WebViewCore(JNIEnv* env, jobject javaWebViewCore, WebCore::Frame* mainframe)
-    : m_pluginInvalTimer(this, &WebViewCore::pluginInvalTimerFired)
+    : m_frameCacheKit(0)
+    , m_navPictureKit(0)
+    , m_moveGeneration(0)
+    , m_touchGeneration(0)
+    , m_lastGeneration(0)
+    , m_updatedFrameCache(true)
+    , m_findIsUp(false)
+    , m_hasCursorBounds(false)
+    , m_cursorBounds(WebCore::IntRect(0, 0, 0, 0))
+    , m_cursorHitBounds(WebCore::IntRect(0, 0, 0, 0))
+    , m_cursorFrame(0)
+    , m_cursorLocation(WebCore::IntPoint(0, 0))
+    , m_cursorNode(0)
+    , m_javaGlue(new JavaGlue)
+    , m_mainFrame(mainframe)
+    , m_popupReply(0)
+    , m_lastFocused(0)
+    , m_lastFocusedBounds(WebCore::IntRect(0,0,0,0))
+    , m_blurringNodePointer(0)
+    , m_lastFocusedSelStart(0)
+    , m_lastFocusedSelEnd(0)
+    , m_blockTextfieldUpdates(false)
+    , m_focusBoundsChanged(false)
+    , m_skipContentDraw(false)
+    , m_textGeneration(0)
+    , m_temp(0)
+    , m_tempPict(0)
+    , m_maxXScroll(320/4)
+    , m_maxYScroll(240/4)
+    , m_scrollOffsetX(0)
+    , m_scrollOffsetY(0)
+    , m_mousePos(WebCore::IntPoint(0,0))
+    , m_frameCacheOutOfDate(true)
+    , m_progressDone(false)
+    , m_screenWidth(320)
+    , m_screenHeight(240)
+    , m_textWrapWidth(320)
+    , m_scale(1.0f)
+    , m_domtree_version(0)
+    , m_check_domtree_version(true)
+    , m_groupForVisitedLinks(0)
+    , m_isPaused(false)
+    , m_cacheMode(0)
+    , m_shouldPaintCaret(true)
+    , m_pluginInvalTimer(this, &WebViewCore::pluginInvalTimerFired)
+    , m_screenOnCounter(0)
+    , m_currentNodeDomNavigationAxis(0)
     , m_deviceMotionAndOrientationManager(this)
-{
-    m_mainFrame = mainframe;
-
-    m_popupReply = 0;
-    m_moveGeneration = 0;
-    m_lastGeneration = 0;
-    m_touchGeneration = 0;
-    m_blockTextfieldUpdates = false;
-    // just initial values. These should be set by client
-    m_maxXScroll = 320/4;
-    m_maxYScroll = 240/4;
-    m_textGeneration = 0;
-    m_screenWidth = 320;
-    m_textWrapWidth = 320;
-    m_scale = 1;
 #if ENABLE(TOUCH_EVENTS)
-    m_forwardingTouchEvents = false;
+    , m_forwardingTouchEvents(false)
 #endif
-    m_isPaused = false;
-    m_screenOnCounter = 0;
-    m_shouldPaintCaret = true;
-
+#if USE(CHROME_NETWORK_STACK)
+    , m_webRequestContext(0)
+#endif
+{
     LOG_ASSERT(m_mainFrame, "Uh oh, somehow a frameview was made without an initial frame!");
 
     jclass clazz = env->GetObjectClass(javaWebViewCore);
-    m_javaGlue = new JavaGlue;
     m_javaGlue->m_obj = env->NewWeakGlobalRef(javaWebViewCore);
     m_javaGlue->m_scrollTo = GetJMethod(env, clazz, "contentScrollTo", "(IIZZ)V");
     m_javaGlue->m_contentDraw = GetJMethod(env, clazz, "contentDraw", "()V");
@@ -423,11 +453,9 @@ WebViewCore::WebViewCore(JNIEnv* env, jobject javaWebViewCore, WebCore::Frame* m
 
     env->SetIntField(javaWebViewCore, gWebViewCoreFields.m_nativeClass, (jint)this);
 
-    m_scrollOffsetX = m_scrollOffsetY = 0;
-
     PageGroup::setShouldTrackVisitedLinks(true);
 
-    reset(true);
+    clearContent();
 
     MemoryUsage::setLowMemoryUsageMb(env->GetIntField(javaWebViewCore, gWebViewCoreFields.m_lowMemoryUsageMb));
     MemoryUsage::setHighMemoryUsageMb(env->GetIntField(javaWebViewCore, gWebViewCoreFields.m_highMemoryUsageMb));
@@ -480,45 +508,6 @@ WebViewCore* WebViewCore::getWebViewCore(const WebCore::ScrollView* view)
     return webFrameView->webViewCore();
 }
 
-void WebViewCore::reset(bool fromConstructor)
-{
-    DBG_SET_LOG("");
-    if (fromConstructor) {
-        m_frameCacheKit = 0;
-        m_navPictureKit = 0;
-    } else {
-        gFrameCacheMutex.lock();
-        delete m_frameCacheKit;
-        delete m_navPictureKit;
-        m_frameCacheKit = 0;
-        m_navPictureKit = 0;
-        gFrameCacheMutex.unlock();
-    }
-
-    m_lastFocused = 0;
-    m_blurringNodePointer = 0;
-    m_lastFocusedBounds = WebCore::IntRect(0,0,0,0);
-    m_focusBoundsChanged = false;
-    m_lastFocusedSelStart = 0;
-    m_lastFocusedSelEnd = 0;
-    clearContent();
-    m_updatedFrameCache = true;
-    m_frameCacheOutOfDate = true;
-    m_skipContentDraw = false;
-    m_findIsUp = false;
-    m_domtree_version = 0;
-    m_check_domtree_version = true;
-    m_progressDone = false;
-    m_hasCursorBounds = false;
-
-    m_scrollOffsetX = 0;
-    m_scrollOffsetY = 0;
-    m_screenWidth = 0;
-    m_screenHeight = 0;
-    m_groupForVisitedLinks = 0;
-    m_currentNodeDomNavigationAxis = 0;
-}
-
 static bool layoutIfNeededRecursive(WebCore::Frame* f)
 {
     if (!f)
@@ -1639,9 +1628,6 @@ void WebViewCore::updateFrameCache()
     TimeCounterAuto counter(TimeCounter::WebViewCoreBuildNavTimeCounter);
 #endif
     m_frameCacheOutOfDate = false;
-#if DEBUG_NAV_UI
-    m_now = SkTime::GetMSecs();
-#endif
     m_temp = new CachedRoot();
     m_temp->init(m_mainFrame, &m_history);
 #if USE(ACCELERATED_COMPOSITING)
diff --git a/Source/WebKit/android/jni/WebViewCore.h b/Source/WebKit/android/jni/WebViewCore.h
index a25c5bb..6d65957 100644
--- a/Source/WebKit/android/jni/WebViewCore.h
+++ b/Source/WebKit/android/jni/WebViewCore.h
@@ -607,11 +607,49 @@ namespace android {
         // buttons either replace our old ones or should be added to our list.
         // Then check the old buttons to see if any are no longer needed.
         void updateButtonList(WTF::Vector<Container>* buttons);
-        void reset(bool fromConstructor);
         // Create a set of pictures to represent the drawn DOM, driven by
         // the invalidated region and the time required to draw (used to draw)
         void recordPictureSet(PictureSet* master);
 
+        void doMaxScroll(CacheBuilder::Direction dir);
+        SkPicture* rebuildPicture(const SkIRect& inval);
+        void rebuildPictureSet(PictureSet* );
+        void sendNotifyProgressFinished();
+        /*
+         * Handle a mouse click, either from a touch or trackball press.
+         * @param frame Pointer to the Frame containing the node that was clicked on.
+         * @param node Pointer to the Node that was clicked on.
+         * @param fake This is a fake mouse click, used to put a textfield into focus. Do not
+         *      open the IME.
+         */
+        bool handleMouseClick(WebCore::Frame*, WebCore::Node*, bool fake);
+        WebCore::HTMLAnchorElement* retrieveAnchorElement(int x, int y);
+        WebCore::HTMLElement* retrieveElement(int x, int y,
+            const WebCore::QualifiedName& );
+        WebCore::HTMLImageElement* retrieveImageElement(int x, int y);
+        // below are members responsible for accessibility support
+        String modifySelectionTextNavigationAxis(DOMSelection* selection, int direction, int granularity);
+        String modifySelectionDomNavigationAxis(DOMSelection* selection, int direction, int granularity);
+        Text* traverseNextContentTextNode(Node* fromNode, Node* toNode ,int direction);
+        bool isVisible(Node* node);
+        bool isHeading(Node* node);
+        String formatMarkup(DOMSelection* selection);
+        void selectAt(int x, int y);
+
+        void scrollNodeIntoView(Frame* frame, Node* node);
+        bool isContentTextNode(Node* node);
+        Node* getIntermediaryInputElement(Node* fromNode, Node* toNode, int direction);
+        bool isContentInputElement(Node* node);
+        bool isDescendantOf(Node* parent, Node* node);
+        void advanceAnchorNode(DOMSelection* selection, int direction, String& markup, bool ignoreFirstNode, ExceptionCode& ec);
+        Node* getNextAnchorNode(Node* anchorNode, bool skipFirstHack, int direction);
+        Node* getImplicitBoundaryNode(Node* node, unsigned offset, int direction);
+
+        // called from constructor, to add this to a global list
+        static void addInstance(WebViewCore*);
+        // called from destructor, to remove this from a global list
+        static void removeInstance(WebViewCore*);
+
         friend class ListBoxReply;
         struct JavaGlue;
         struct JavaGlue*       m_javaGlue;
@@ -642,8 +680,6 @@ namespace android {
         WebCore::IntPoint m_mousePos;
         bool m_frameCacheOutOfDate;
         bool m_progressDone;
-        int m_lastPassed;
-        int m_lastVelocity;
         CachedHistory m_history;
         int m_screenWidth; // width of the visible rect in document coordinates
         int m_screenHeight;// height of the visible rect in document coordinates
@@ -661,57 +697,19 @@ namespace android {
         void pluginInvalTimerFired(WebCore::Timer<WebViewCore>*) {
             this->drawPlugins();
         }
-        int m_screenOnCounter;
 
-        void doMaxScroll(CacheBuilder::Direction dir);
-        SkPicture* rebuildPicture(const SkIRect& inval);
-        void rebuildPictureSet(PictureSet* );
-        void sendNotifyProgressFinished();
-        /*
-         * Handle a mouse click, either from a touch or trackball press.
-         * @param frame Pointer to the Frame containing the node that was clicked on.
-         * @param node Pointer to the Node that was clicked on.
-         * @param fake This is a fake mouse click, used to put a textfield into focus. Do not
-         *      open the IME.
-         */
-        bool handleMouseClick(WebCore::Frame*, WebCore::Node*, bool fake);
-        WebCore::HTMLAnchorElement* retrieveAnchorElement(int x, int y);
-        WebCore::HTMLElement* retrieveElement(int x, int y,
-            const WebCore::QualifiedName& );
-        WebCore::HTMLImageElement* retrieveImageElement(int x, int y);
-        // below are members responsible for accessibility support
-        String modifySelectionTextNavigationAxis(DOMSelection* selection, int direction, int granularity);
-        String modifySelectionDomNavigationAxis(DOMSelection* selection, int direction, int granularity);
-        Text* traverseNextContentTextNode(Node* fromNode, Node* toNode ,int direction);
-        bool isVisible(Node* node);
-        bool isHeading(Node* node);
-        String formatMarkup(DOMSelection* selection);
-        void selectAt(int x, int y);
+        int m_screenOnCounter;
         Node* m_currentNodeDomNavigationAxis;
-        void scrollNodeIntoView(Frame* frame, Node* node);
-        bool isContentTextNode(Node* node);
-        Node* getIntermediaryInputElement(Node* fromNode, Node* toNode, int direction);
-        bool isContentInputElement(Node* node);
-        bool isDescendantOf(Node* parent, Node* node);
-        void advanceAnchorNode(DOMSelection* selection, int direction, String& markup, bool ignoreFirstNode, ExceptionCode& ec);
-        Node* getNextAnchorNode(Node* anchorNode, bool skipFirstHack, int direction);
-        Node* getImplicitBoundaryNode(Node* node, unsigned offset, int direction);
+        DeviceMotionAndOrientationManager m_deviceMotionAndOrientationManager;
 
 #if ENABLE(TOUCH_EVENTS)
         bool m_forwardingTouchEvents;
 #endif
-#if DEBUG_NAV_UI
-        uint32_t m_now;
-#endif
-        DeviceMotionAndOrientationManager m_deviceMotionAndOrientationManager;
+
 #if USE(CHROME_NETWORK_STACK)
         scoped_refptr<WebRequestContext> m_webRequestContext;
 #endif
 
-        // called from constructor, to add this to a global list
-        static void addInstance(WebViewCore*);
-        // called from destructor, to remove this from a global list
-        static void removeInstance(WebViewCore*);
     };
 
 }   // namespace android