[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.15.1-34-g43a6bb2

Gustavo Noronha Silva gustavo.noronha at collabora.co.uk
Wed Oct 7 06:26:29 UTC 2009 

The following commit has been merged in the webkit-1.1 branch:
commit d13745bf83bce89afda760e901a58b6fe235b542
Author: jianli at chromium.org <jianli at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Wed Sep 30 17:52:33 2009 +0000

    Need to check NULL frame in EventHandler::updateDragAndDrop.
    https://bugs.webkit.org/show_bug.cgi?id=29929
    
    Reviewed by Darin Adler.
    
    WebCore:
    
    Test: http/tests/misc/drag-over-iframe-invalid-source-crash.html
    
    * page/EventHandler.cpp:
    (WebCore::EventHandler::updateDragAndDrop):
    
    LayoutTests:
    
    Add a new test for the bug.
    
    * http/tests/misc/drag-over-iframe-invalid-source-crash-expected.txt: Added.
    * http/tests/misc/drag-over-iframe-invalid-source-crash.html: Added.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48934 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/http/tests/misc/drag-over-iframe-invalid-source-crash-expected.txt b/LayoutTests/http/tests/misc/drag-over-iframe-invalid-source-crash-expected.txt
new file mode 100644
index 0000000..b4bcccc
--- /dev/null
+++ b/LayoutTests/http/tests/misc/drag-over-iframe-invalid-source-crash-expected.txt
@@ -0,0 +1,6 @@
+CONSOLE MESSAGE: line 0: Not allowed to load local resource: file:
+This page tests that we don't crash if we drag something to an iframe that has an invalid source.
+
+
+SUCCESS - didn't crash
+
diff --git a/LayoutTests/http/tests/misc/drag-over-iframe-invalid-source-crash.html b/LayoutTests/http/tests/misc/drag-over-iframe-invalid-source-crash.html
new file mode 100644
index 0000000..3d37326
--- /dev/null
+++ b/LayoutTests/http/tests/misc/drag-over-iframe-invalid-source-crash.html
@@ -0,0 +1,22 @@
+<head>
+<script>
+window.onload = function () {
+    if (window.layoutTestController)
+        layoutTestController.dumpAsText(); 
+
+    var abe = document.getElementById("abe");
+    var dragTarget = document.getElementById("dragTarget");
+
+    eventSender.mouseMoveTo(abe.offsetLeft + 50, abe.offsetTop + 50);
+    eventSender.mouseDown();
+    eventSender.leapForward(500);
+    eventSender.mouseMoveTo(dragTarget.offsetLeft + 10, dragTarget.offsetTop + 10);
+    eventSender.mouseUp();
+}
+</script>
+</head>
+
+<p>This page tests that we don't crash if we drag something to an iframe that has an invalid source.</p>
+<img id="abe" src="http://127.0.0.1:8000/security/resources/abe.png">
+<div>SUCCESS - didn't crash</div>
+<iframe id="dragTarget" src="file:"></iframe> 
diff --git a/WebCore/page/EventHandler.cpp b/WebCore/page/EventHandler.cpp
index abe40c7..4afb613 100644
--- a/WebCore/page/EventHandler.cpp
+++ b/WebCore/page/EventHandler.cpp
@@ -1524,15 +1524,15 @@ bool EventHandler::updateDragAndDrop(const PlatformMouseEvent& event, Clipboard*
         // it is sometimes incorrect when dragging within subframes, as seen with
         // LayoutTests/fast/events/drag-in-frames.html.
         if (newTarget) {
-            if (newTarget->hasTagName(frameTag) || newTarget->hasTagName(iframeTag))
-                accept = static_cast<HTMLFrameElementBase*>(newTarget)->contentFrame()->eventHandler()->updateDragAndDrop(event, clipboard);
+            Frame* frame = (newTarget->hasTagName(frameTag) || newTarget->hasTagName(iframeTag)) ? static_cast<HTMLFrameElementBase*>(newTarget)->contentFrame() : 0;
+            if (frame)
+                accept = frame->eventHandler()->updateDragAndDrop(event, clipboard);
             else
                 accept = dispatchDragEvent(eventNames().dragenterEvent, newTarget, event, clipboard);
         }
 
         if (m_dragTarget) {
-            Frame* frame = (m_dragTarget->hasTagName(frameTag) || m_dragTarget->hasTagName(iframeTag)) 
-                            ? static_cast<HTMLFrameElementBase*>(m_dragTarget.get())->contentFrame() : 0;
+            Frame* frame = (m_dragTarget->hasTagName(frameTag) || m_dragTarget->hasTagName(iframeTag)) ? static_cast<HTMLFrameElementBase*>(m_dragTarget.get())->contentFrame() : 0;
             if (frame)
                 accept = frame->eventHandler()->updateDragAndDrop(event, clipboard);
             else
@@ -1540,8 +1540,9 @@ bool EventHandler::updateDragAndDrop(const PlatformMouseEvent& event, Clipboard*
         }
     } else {
         if (newTarget) {
-            if (newTarget->hasTagName(frameTag) || newTarget->hasTagName(iframeTag))
-                accept = static_cast<HTMLFrameElementBase*>(newTarget)->contentFrame()->eventHandler()->updateDragAndDrop(event, clipboard);
+            Frame* frame = (newTarget->hasTagName(frameTag) || newTarget->hasTagName(iframeTag)) ? static_cast<HTMLFrameElementBase*>(newTarget)->contentFrame() : 0;
+            if (frame)
+                accept = frame->eventHandler()->updateDragAndDrop(event, clipboard);
             else
                 accept = dispatchDragEvent(eventNames().dragoverEvent, newTarget, event, clipboard);
         }

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list