Changeset 121930 in webkit


Ignore:
Timestamp:
Jul 5, 2012 5:26:39 PM (12 years ago)
Author:
hayato@chromium.org
Message:

t/fuzzer-mouse-crash

<patch description>

Location:
trunk
Files:
2 added
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r121921 r121930  
     12012-07-05  Hayato Ito  <hayato@chromium.org>
     2
     3        [Crash] Click an element which will be 'display: none' on focus.
     4        https://bugs.webkit.org/show_bug.cgi?id=90516
     5
     6        Reviewed by Hajime Morita.
     7
     8        * fast/events/display-none-on-focus-crash-expected.txt: Added.
     9        * fast/events/display-none-on-focus-crash.html: Added.
     10
    1112012-07-05  Leandro Gracia Gil  <leandrogracia@chromium.org>
    212

  • trunk/Source/WebCore/ChangeLog

    r121929 r121930  
     12012-07-05  Hayato Ito  <hayato@chromium.org>
     2
     3        [Crash] Click an element which will be 'display: none' on focus.
     4        https://bugs.webkit.org/show_bug.cgi?id=90516
     5
     6        Reviewed by Hajime Morita.
     7
     8        EventHandler::handleMousePressEventSingleClick checks whether
     9        innerNode has a renderer in the beginning of the function.  But
     10        the renderer may disappear in the middle of the function since its
     11        style has just become 'display:none'.  As a result, it touches null renderer
     12        in EventHandler.cpp:517:
     13            VisiblePosition visiblePos(innerNode->renderer()->positionForPoint(event.localPoint()));
     14        In the case of 'display:none', we don't have to continue.  So call
     15        updateLayoutIgnorePendingStylesheets() in the beginning so that we
     16        can early exit and do not touch null renderer.
     17
     18        Test: fast/events/display-none-on-focus-crash.html
     19
     20        * page/EventHandler.cpp:
     21        (WebCore::EventHandler::handleMousePressEventSingleClick):
     22
    1232012-07-05  Benjamin Poulain  <bpoulain@apple.com>
    224

  • trunk/Source/WebCore/page/EventHandler.cpp

    r121305 r121930  
    497497bool EventHandler::handleMousePressEventSingleClick(const MouseEventWithHitTestResults& event)
    498498{
     499    m_frame->document()->updateLayoutIgnorePendingStylesheets();
    499500    Node* innerNode = targetNode(event);
    500501    if (!(innerNode && innerNode->renderer() && m_mouseDownMayStartSelect))
Note: See TracChangeset for help on using the changeset viewer.