Changeset 196790 in webkit


Ignore:
Timestamp:
Feb 18, 2016 5:13:15 PM (8 years ago)
Author:
Simon Fraser
Message:

Wheel event callback removing the window causes crash in WebCore.
https://bugs.webkit.org/show_bug.cgi?id=150871

Reviewed by Brent Fulgham.
Source/WebCore:

Null check the FrameView before using it, since the iframe may have been removed
from its parent document inside the event handler.

Test: fast/events/wheel-event-destroys-frame.html

  • page/mac/EventHandlerMac.mm:

(WebCore::EventHandler::platformCompleteWheelEvent):

LayoutTests:

  • fast/events/wheel-event-destroys-frame-expected.txt: Added.
  • fast/events/wheel-event-destroys-frame.html: Added.
Location:
trunk
Files:
2 added
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r196782 r196790  
     12016-02-18  Simon Fraser  <simon.fraser@apple.com>
     2
     3        Wheel event callback removing the window causes crash in WebCore.
     4        https://bugs.webkit.org/show_bug.cgi?id=150871
     5
     6        Reviewed by Brent Fulgham.
     7
     8        * fast/events/wheel-event-destroys-frame-expected.txt: Added.
     9        * fast/events/wheel-event-destroys-frame.html: Added.
     10
    1112016-02-18  Zalan Bujtas  <zalan@apple.com>
    212

  • trunk/Source/WebCore/ChangeLog

    r196786 r196790  
     12016-02-18  Simon Fraser  <simon.fraser@apple.com>
     2
     3        Wheel event callback removing the window causes crash in WebCore.
     4        https://bugs.webkit.org/show_bug.cgi?id=150871
     5
     6        Reviewed by Brent Fulgham.
     7       
     8        Null check the FrameView before using it, since the iframe may have been removed
     9        from its parent document inside the event handler.
     10
     11        Test: fast/events/wheel-event-destroys-frame.html
     12
     13        * page/mac/EventHandlerMac.mm:
     14        (WebCore::EventHandler::platformCompleteWheelEvent):
     15
    1162016-02-18  Brady Eidson  <beidson@apple.com>
    217

  • trunk/Source/WebCore/page/mac/EventHandlerMac.mm

    r196070 r196790  
    10091009bool EventHandler::platformCompleteWheelEvent(const PlatformWheelEvent& wheelEvent, ContainerNode* scrollableContainer, ScrollableArea* scrollableArea)
    10101010{
     1011    FrameView* view = m_frame.view();
    10111012    // We do another check on the frame view because the event handler can run JS which results in the frame getting destroyed.
    1012     ASSERT(m_frame.view());
    1013     FrameView* view = m_frame.view();
     1013    if (!view)
     1014        return false;
    10141015
    10151016    ScrollLatchingState* latchingState = m_frame.mainFrame().latchingState();
Note: See TracChangeset for help on using the changeset viewer.