[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

tony at chromium.org tony at chromium.org
Wed Dec 22 12:23:15 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit 2c590b1c4c7e0d9f22708aa0f33166f2f63c65b8
Author: tony at chromium.org <tony at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Aug 20 19:23:56 2010 +0000

    2010-08-20  Tony Chang  <tony at chromium.org>
    
            Reviewed by Adam Barth.
    
            crash when trying to access a stale Node pointer in FocusController::setFocusedNode
            https://bugs.webkit.org/show_bug.cgi?id=44226
    
            * fast/events/focus-change-crash2-expected.txt: Added.
            * fast/events/focus-change-crash2.html: Added.
    2010-08-20  Tony Chang  <tony at chromium.org>
    
            Reviewed by Adam Barth.
    
            crash when trying to access a stale Node pointer in FocusController::setFocusedNode
            https://bugs.webkit.org/show_bug.cgi?id=44226
    
            Test: fast/events/focus-change-crash2.html
    
            * page/FocusController.cpp:
            (WebCore::FocusController::setFocusedNode): add a ref to prevent the focused node from being deleted
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@65748 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index de4d4e6..43961c5 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,5 +1,15 @@
 2010-08-20  Tony Chang  <tony at chromium.org>
 
+        Reviewed by Adam Barth.
+
+        crash when trying to access a stale Node pointer in FocusController::setFocusedNode
+        https://bugs.webkit.org/show_bug.cgi?id=44226
+
+        * fast/events/focus-change-crash2-expected.txt: Added.
+        * fast/events/focus-change-crash2.html: Added.
+
+2010-08-20  Tony Chang  <tony at chromium.org>
+
         Reviewed by Kent Tamura.
 
         [chromium] fix a null pointer crash when dispatching JS keyboard events
diff --git a/LayoutTests/fast/events/focus-change-crash2-expected.txt b/LayoutTests/fast/events/focus-change-crash2-expected.txt
new file mode 100644
index 0000000..9a6441f
--- /dev/null
+++ b/LayoutTests/fast/events/focus-change-crash2-expected.txt
@@ -0,0 +1,3 @@
+This tests a crash when changing focus deletes the node being focused. This test requires DRT.
+
+PASSED
diff --git a/LayoutTests/fast/events/focus-change-crash2.html b/LayoutTests/fast/events/focus-change-crash2.html
new file mode 100644
index 0000000..7800465
--- /dev/null
+++ b/LayoutTests/fast/events/focus-change-crash2.html
@@ -0,0 +1,31 @@
+<p>This tests a crash when changing focus deletes the node being focused. This test requires DRT.</p>
+<div id='test'><input id='1' /><input id='2' /></div>
+<script>
+function runTest()
+{
+    document.getElementById("1").addEventListener("keypress", function(e) {
+        document.getElementById("2").focus();
+
+        setTimeout(function() {
+            document.getElementById("test").innerHTML = "PASSED";
+            layoutTestController.notifyDone();
+        }, 0);
+    }, false);
+
+    document.getElementById("1").addEventListener("change", function(e) {
+        document.getElementById("test").innerHTML = "<input id='3' />";
+        window.GCController.collect();
+        document.getElementById("3").focus();
+    }, false);
+
+    document.getElementById("1").focus();
+
+    if (window.layoutTestController) {
+        layoutTestController.dumpAsText();
+        layoutTestController.waitUntilDone();
+        eventSender.keyDown("a")
+    }
+}
+
+runTest();
+</script>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index b79e8a2..550029c 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-08-20  Tony Chang  <tony at chromium.org>
+
+        Reviewed by Adam Barth.
+
+        crash when trying to access a stale Node pointer in FocusController::setFocusedNode
+        https://bugs.webkit.org/show_bug.cgi?id=44226
+
+        Test: fast/events/focus-change-crash2.html
+
+        * page/FocusController.cpp:
+        (WebCore::FocusController::setFocusedNode): add a ref to prevent the focused node from being deleted
+
 2010-08-20  Simon Fraser  <simon.fraser at apple.com>
 
         Reviewed by Dan Bernstein.
diff --git a/WebCore/page/FocusController.cpp b/WebCore/page/FocusController.cpp
index 388aa09..2c2c447 100644
--- a/WebCore/page/FocusController.cpp
+++ b/WebCore/page/FocusController.cpp
@@ -620,11 +620,14 @@ bool FocusController::setFocusedNode(Node* node, PassRefPtr<Frame> newFocusedFra
         oldDocument->setFocusedNode(0);
     
     setFocusedFrame(newFocusedFrame);
-    
+
+    // Setting the focused node can result in losing our last reft to node when JS event handlers fire.
+    RefPtr<Node> protect = node;
     if (newDocument)
         newDocument->setFocusedNode(node);
-    
-    m_page->editorClient()->setInputMethodState(node->shouldUseInputMethod());
+
+    if (newDocument->focusedNode() == node)
+        m_page->editorClient()->setInputMethodState(node->shouldUseInputMethod());
 
     return true;
 }

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list