[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
jam at chromium.org
jam at chromium.org
Wed Dec 22 14:47:47 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 9c70d9769e628b233c84416ca8d975e8745fa8a5
Author: jam at chromium.org <jam at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Oct 20 18:04:08 2010 +0000
2010-10-20 John Abd-El-Malek <jam at chromium.org>
Reviewed by Darin Fisher.
[chromium] Fix crash when mousing over scrollview
https://bugs.webkit.org/show_bug.cgi?id=47956
* src/ChromeClientImpl.cpp:
(WebKit::ChromeClientImpl::mouseDidMoveOverElement):
* src/ChromiumBridge.cpp:
(WebCore::ChromiumBridge::pluginScriptableObject):
* src/ContextMenuClientImpl.cpp:
(WebKit::ContextMenuClientImpl::getCustomMenuFromDefaultItems):
* src/FrameLoaderClientImpl.cpp:
(WebKit::FrameLoaderClientImpl::redirectDataToPlugin):
* src/WebPluginContainerImpl.h:
(WebKit::WebPluginContainerImpl::isPluginContainer):
2010-10-20 John Abd-El-Malek <jam at chromium.org>
Reviewed by Darin Fisher.
[chromium] Fix crash when mousing over scrollview
https://bugs.webkit.org/show_bug.cgi?id=47956
Test: plugins/mouse-move-over-plugin-in-frame.html
* platform/Widget.h:
(WebCore::Widget::isPluginContainer):
2010-10-20 John Abd-El-Malek <jam at chromium.org>
Reviewed by Darin Fisher.
[chromium] Fix crash when mousing over scrollview
https://bugs.webkit.org/show_bug.cgi?id=47956
* plugins/mouse-move-over-plugin-in-frame.html: Added.
* plugins/mouse-move-over-plugin-in-frame.txt: Added.
* plugins/resources/mouse-move-over-plugin-in-frame.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@70153 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 1958c7e..e7e5ba6 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,14 @@
+2010-10-20 John Abd-El-Malek <jam at chromium.org>
+
+ Reviewed by Darin Fisher.
+
+ [chromium] Fix crash when mousing over scrollview
+ https://bugs.webkit.org/show_bug.cgi?id=47956
+
+ * plugins/mouse-move-over-plugin-in-frame.html: Added.
+ * plugins/mouse-move-over-plugin-in-frame.txt: Added.
+ * plugins/resources/mouse-move-over-plugin-in-frame.html: Added.
+
2010-10-20 Sheriff Bot <webkit.review.bot at gmail.com>
Unreviewed, rolling out r70149.
diff --git a/LayoutTests/plugins/mouse-move-over-plugin-in-frame.html b/LayoutTests/plugins/mouse-move-over-plugin-in-frame.html
new file mode 100644
index 0000000..fccfceb
--- /dev/null
+++ b/LayoutTests/plugins/mouse-move-over-plugin-in-frame.html
@@ -0,0 +1,16 @@
+<html>
+<body>
+<object name="plg" data="resources/mouse-move-over-plugin-in-frame.html" style="padding: 20px;"> </object>
+<p>Test for <a href="https://bugs.webkit.org/show_bug.cgi?id=47956">bug 47956</a>:
+Crash when mouse is over plugin inside a frame.</p>
+<script>
+ if (!window.layoutTestController) {
+ document.write("This test does not work in manual mode.");
+ } else {
+ layoutTestController.dumpAsText();
+ eventSender.mouseMoveTo(10,10);
+ }
+
+</script>
+</body>
+</html>
diff --git a/LayoutTests/plugins/mouse-move-over-plugin-in-frame.txt b/LayoutTests/plugins/mouse-move-over-plugin-in-frame.txt
new file mode 100644
index 0000000..b6831c3
--- /dev/null
+++ b/LayoutTests/plugins/mouse-move-over-plugin-in-frame.txt
@@ -0,0 +1 @@
+Test for bug 47956: Crash when mouse is over plugin inside a frame.
diff --git a/LayoutTests/plugins/resources/mouse-move-over-plugin-in-frame.html b/LayoutTests/plugins/resources/mouse-move-over-plugin-in-frame.html
new file mode 100644
index 0000000..c1d6dab
--- /dev/null
+++ b/LayoutTests/plugins/resources/mouse-move-over-plugin-in-frame.html
@@ -0,0 +1 @@
+<object name="plugin" type="application/x-webkit-test-netscape"></object>
\ No newline at end of file
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index fdc02e4..837212d 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-10-20 John Abd-El-Malek <jam at chromium.org>
+
+ Reviewed by Darin Fisher.
+
+ [chromium] Fix crash when mousing over scrollview
+ https://bugs.webkit.org/show_bug.cgi?id=47956
+
+ Test: plugins/mouse-move-over-plugin-in-frame.html
+
+ * platform/Widget.h:
+ (WebCore::Widget::isPluginContainer):
+
2010-10-20 Sheriff Bot <webkit.review.bot at gmail.com>
Unreviewed, rolling out r70149.
diff --git a/WebCore/platform/Widget.h b/WebCore/platform/Widget.h
index 3f9a045..7635149 100644
--- a/WebCore/platform/Widget.h
+++ b/WebCore/platform/Widget.h
@@ -227,6 +227,10 @@ public:
const String edjeThemeRecursive() const;
#endif
+#if PLATFORM(CHROMIUM)
+ virtual bool isPluginContainer() const { return false; }
+#endif
+
// Virtual methods to convert points to/from the containing ScrollView
virtual IntRect convertToContainingView(const IntRect&) const;
virtual IntRect convertFromContainingView(const IntRect&) const;
diff --git a/WebKit/chromium/ChangeLog b/WebKit/chromium/ChangeLog
index 8a31294..5c7959f 100644
--- a/WebKit/chromium/ChangeLog
+++ b/WebKit/chromium/ChangeLog
@@ -1,3 +1,21 @@
+2010-10-20 John Abd-El-Malek <jam at chromium.org>
+
+ Reviewed by Darin Fisher.
+
+ [chromium] Fix crash when mousing over scrollview
+ https://bugs.webkit.org/show_bug.cgi?id=47956
+
+ * src/ChromeClientImpl.cpp:
+ (WebKit::ChromeClientImpl::mouseDidMoveOverElement):
+ * src/ChromiumBridge.cpp:
+ (WebCore::ChromiumBridge::pluginScriptableObject):
+ * src/ContextMenuClientImpl.cpp:
+ (WebKit::ContextMenuClientImpl::getCustomMenuFromDefaultItems):
+ * src/FrameLoaderClientImpl.cpp:
+ (WebKit::FrameLoaderClientImpl::redirectDataToPlugin):
+ * src/WebPluginContainerImpl.h:
+ (WebKit::WebPluginContainerImpl::isPluginContainer):
+
2010-10-20 Sheriff Bot <webkit.review.bot at gmail.com>
Unreviewed, rolling out r70149.
diff --git a/WebKit/chromium/src/ChromeClientImpl.cpp b/WebKit/chromium/src/ChromeClientImpl.cpp
index 350371a..4f1705f 100644
--- a/WebKit/chromium/src/ChromeClientImpl.cpp
+++ b/WebKit/chromium/src/ChromeClientImpl.cpp
@@ -595,7 +595,7 @@ void ChromeClientImpl::mouseDidMoveOverElement(
RenderObject* object = result.innerNonSharedNode()->renderer();
if (object && object->isWidget()) {
Widget* widget = toRenderWidget(object)->widget();
- if (widget) {
+ if (widget && widget->isPluginContainer()) {
WebPluginContainerImpl* plugin = static_cast<WebPluginContainerImpl*>(widget);
url = plugin->plugin()->linkAtPosition(result.point());
}
diff --git a/WebKit/chromium/src/ChromiumBridge.cpp b/WebKit/chromium/src/ChromiumBridge.cpp
index 1c58824..1af32cf 100644
--- a/WebKit/chromium/src/ChromiumBridge.cpp
+++ b/WebKit/chromium/src/ChromiumBridge.cpp
@@ -591,14 +591,9 @@ bool ChromiumBridge::plugins(bool refresh, Vector<PluginInfo>* results)
NPObject* ChromiumBridge::pluginScriptableObject(Widget* widget)
{
- if (!widget)
+ if (!widget || !widget->isPluginContainer())
return 0;
- ASSERT(!widget->isFrameView());
-
- // NOTE: We have to trust that the widget passed to us here is a
- // WebPluginContainerImpl. There isn't a way to dynamically verify it,
- // since the derived class (Widget) has no identifier.
return static_cast<WebPluginContainerImpl*>(widget)->scriptableObject();
}
diff --git a/WebKit/chromium/src/ContextMenuClientImpl.cpp b/WebKit/chromium/src/ContextMenuClientImpl.cpp
index aa63d6a..d9ccb17 100644
--- a/WebKit/chromium/src/ContextMenuClientImpl.cpp
+++ b/WebKit/chromium/src/ContextMenuClientImpl.cpp
@@ -208,7 +208,7 @@ PlatformMenuDescription ContextMenuClientImpl::getCustomMenuFromDefaultItems(
RenderObject* object = r.innerNonSharedNode()->renderer();
if (object && object->isWidget()) {
Widget* widget = toRenderWidget(object)->widget();
- if (widget) {
+ if (widget && widget->isPluginContainer()) {
WebPluginContainerImpl* plugin = static_cast<WebPluginContainerImpl*>(widget);
WebString text = plugin->plugin()->selectionAsText();
if (!text.isEmpty()) {
diff --git a/WebKit/chromium/src/FrameLoaderClientImpl.cpp b/WebKit/chromium/src/FrameLoaderClientImpl.cpp
index 829b670..b4c62f4 100644
--- a/WebKit/chromium/src/FrameLoaderClientImpl.cpp
+++ b/WebKit/chromium/src/FrameLoaderClientImpl.cpp
@@ -1426,7 +1426,8 @@ PassRefPtr<Widget> FrameLoaderClientImpl::createPlugin(
// (e.g., acrobat reader).
void FrameLoaderClientImpl::redirectDataToPlugin(Widget* pluginWidget)
{
- m_pluginWidget = static_cast<WebPluginContainerImpl*>(pluginWidget);
+ if (pluginWidget->isPluginContainer())
+ m_pluginWidget = static_cast<WebPluginContainerImpl*>(pluginWidget);
ASSERT(m_pluginWidget.get());
}
diff --git a/WebKit/chromium/src/WebPluginContainerImpl.h b/WebKit/chromium/src/WebPluginContainerImpl.h
index cf8eb36..27f5f2e 100644
--- a/WebKit/chromium/src/WebPluginContainerImpl.h
+++ b/WebKit/chromium/src/WebPluginContainerImpl.h
@@ -73,6 +73,7 @@ public:
virtual void setParentVisible(bool);
virtual void setParent(WebCore::ScrollView*);
virtual void widgetPositionsUpdated();
+ virtual bool isPluginContainer() const { return true; }
// WebPluginContainer methods
virtual WebElement element();
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list