Changeset 40804 in webkit
- Timestamp:
- Feb 9, 2009 7:13:06 PM (15 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 3 edited
-
LayoutTests/ChangeLog (modified) (1 diff)
-
LayoutTests/fast/dom/HTMLSelectElement/remove-element-from-within-focus-handler-crash-expected.txt (added)
-
LayoutTests/fast/dom/HTMLSelectElement/remove-element-from-within-focus-handler-crash.html (added)
-
WebCore/ChangeLog (modified) (1 diff)
-
WebCore/html/HTMLSelectElement.cpp (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r40792 r40804 1 2009-02-09 Mark Rowe <mrowe@apple.com> 2 3 Reviewed by Sam Weinig. 4 5 Test for <https://bugs.webkit.org/show_bug.cgi?id=23858> 6 Bug 23858: Crash when removing a HTMLSelectElement from the document from inside its focus event handler 7 8 * fast/dom/HTMLSelectElement/remove-element-from-within-focus-handler-crash-expected.txt: Added. 9 * fast/dom/HTMLSelectElement/remove-element-from-within-focus-handler-crash.html: Added. 10 1 11 2009-02-09 Dimitri Glazkov <dglazkov@chromium.org> 2 12 -
trunk/WebCore/ChangeLog
r40802 r40804 1 2009-02-09 Mark Rowe <mrowe@apple.com> 2 3 Reviewed by Darin Adler. 4 5 Fix <https://bugs.webkit.org/show_bug.cgi?id=23858> 6 Bug 23858: Crash when removing a HTMLSelectElement from the document from inside its focus event handler 7 8 * html/HTMLSelectElement.cpp: 9 (WebCore::HTMLSelectElement::menuListDefaultEventHandler): Don't store the renderer in a local variable 10 as it can be invalidated by any of the calls to focus() within the function. Instead, retrieve it and 11 null-check it when it is needed. 12 1 13 2009-02-09 David Hyatt <hyatt@apple.com> 2 14 -
trunk/WebCore/html/HTMLSelectElement.cpp
r40763 r40804 618 618 void HTMLSelectElement::menuListDefaultEventHandler(Event* evt) 619 619 { 620 RenderMenuList* menuList = static_cast<RenderMenuList*>(renderer());621 622 620 if (evt->type() == eventNames().keydownEvent) { 623 621 if (!renderer() || !evt->isKeyboardEvent()) … … 631 629 // which gets called from RenderMenuList::valueChanged, which gets called after the user makes a selection from the menu. 632 630 saveLastSelection(); 633 menuList->showPopup(); 631 if (RenderMenuList* menuList = static_cast<RenderMenuList*>(renderer())) 632 menuList->showPopup(); 634 633 handled = true; 635 634 } … … 673 672 // which gets called from RenderMenuList::valueChanged, which gets called after the user makes a selection from the menu. 674 673 saveLastSelection(); 675 menuList->showPopup(); 674 if (RenderMenuList* menuList = static_cast<RenderMenuList*>(renderer())) 675 menuList->showPopup(); 676 676 handled = true; 677 677 } … … 696 696 if (evt->type() == eventNames().mousedownEvent && evt->isMouseEvent() && static_cast<MouseEvent*>(evt)->button() == LeftButton) { 697 697 focus(); 698 if (menuList->popupIsVisible()) 699 menuList->hidePopup(); 700 else { 701 // Save the selection so it can be compared to the new selection when we call onChange during setSelectedIndex, 702 // which gets called from RenderMenuList::valueChanged, which gets called after the user makes a selection from the menu. 703 saveLastSelection(); 704 menuList->showPopup(); 698 if (RenderMenuList* menuList = static_cast<RenderMenuList*>(renderer())) { 699 if (menuList->popupIsVisible()) 700 menuList->hidePopup(); 701 else { 702 // Save the selection so it can be compared to the new selection when we call onChange during setSelectedIndex, 703 // which gets called from RenderMenuList::valueChanged, which gets called after the user makes a selection from the menu. 704 saveLastSelection(); 705 menuList->showPopup(); 706 } 705 707 } 706 708 evt->setDefaultHandled();
Note: See TracChangeset
for help on using the changeset viewer.
