Changeset 35256 in webkit


Ignore:
Timestamp:
Jul 20, 2008 2:31:49 PM (16 years ago)
Author:
oliver@apple.com
Message:

Bug 19757: Crash when an ondragstart handler hides the element
<https://bugs.webkit.org/show_bug.cgi?id=19757>

Reviewed by Dan Bernstein.

The solution to this is problem is just to null check the renderer
immediately before launching the system drag, and terminate the
drag if the renderer is gone.

Location:
trunk/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/WebCore/ChangeLog

    r35255 r35256  
     12008-07-20  Oliver Hunt  <oliver@apple.com>
     2
     3        Reviewed by Dan Bernstein.
     4
     5        Bug 19757: Crash when an ondragstart handler hides the element
     6        <https://bugs.webkit.org/show_bug.cgi?id=19757>
     7
     8        The solution to this is problem is just to null check the renderer
     9        immediately before launching the system drag, and terminate the
     10        drag if the renderer is gone.
     11
     12        * page/EventHandler.cpp:
     13        (WebCore::EventHandler::handleDrag):
     14
    1152008-07-20  Nikolas Zimmermann  <zimmermann@kde.org>
    216
  • trunk/WebCore/page/EventHandler.cpp

    r35244 r35256  
    18611861        if (dragState().m_dragSrcIsDHTML) {
    18621862            int srcX, srcY;
    1863             dragState().m_dragSrc->renderer()->absolutePosition(srcX, srcY);
    1864             IntSize delta = m_mouseDownPos - IntPoint(srcX, srcY);
    1865             dragState().m_dragClipboard->setDragImageElement(dragState().m_dragSrc.get(), IntPoint() + delta);
     1863            if (RenderObject* renderer = dragState().m_dragSrc->renderer()) {
     1864                renderer->absolutePosition(srcX, srcY);
     1865                IntSize delta = m_mouseDownPos - IntPoint(srcX, srcY);
     1866                dragState().m_dragClipboard->setDragImageElement(dragState().m_dragSrc.get(), IntPoint() + delta);
     1867            } else {
     1868                // The renderer has disappeared, this can happen if the onStartDrag handler has hidden
     1869                // the element in some way.  In this case we just kill the drag.
     1870                m_mouseDownMayStartDrag = false;
     1871                goto cleanupDrag;
     1872            }
    18661873        }
    18671874       
     
    18931900        }
    18941901    }
    1895    
     1902
     1903cleanupDrag:
    18961904    if (!m_mouseDownMayStartDrag) {
    18971905        // something failed to start the drag, cleanup
Note: See TracChangeset for help on using the changeset viewer.