[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-10851-g50815da
tony at chromium.org
tony at chromium.org
Wed Dec 22 17:58:13 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 8e70816b7b9a2de9082a59804ac3900c51dad936
Author: tony at chromium.org <tony at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Dec 3 19:18:09 2010 +0000
2010-12-03 Daniel Cheng <dcheng at chromium.org>
Reviewed by Tony Chang.
Dragging and dropping into an empty document crashes WebKit.
https://bugs.webkit.org/show_bug.cgi?id=48793
Remove the assert and update callers to check for a null return value.
Test: manual-tests/drop-in-empty-doc.html
* manual-tests/drop-in-empty-doc.html: Added.
* manual-tests/resources/drop-in-empty-doc.xhtml: Added.
* page/DragController.cpp:
(WebCore::elementUnderMouse):
(WebCore::DragController::tryDocumentDrag):
(WebCore::DragController::concludeEditDrag):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@73276 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 79aafc0..4d8b445 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,21 @@
+2010-12-03 Daniel Cheng <dcheng at chromium.org>
+
+ Reviewed by Tony Chang.
+
+ Dragging and dropping into an empty document crashes WebKit.
+ https://bugs.webkit.org/show_bug.cgi?id=48793
+
+ Remove the assert and update callers to check for a null return value.
+
+ Test: manual-tests/drop-in-empty-doc.html
+
+ * manual-tests/drop-in-empty-doc.html: Added.
+ * manual-tests/resources/drop-in-empty-doc.xhtml: Added.
+ * page/DragController.cpp:
+ (WebCore::elementUnderMouse):
+ (WebCore::DragController::tryDocumentDrag):
+ (WebCore::DragController::concludeEditDrag):
+
2010-12-03 Patrick Gansterer <paroga at webkit.org>
Reviewed by Andreas Kling.
diff --git a/WebCore/manual-tests/drop-in-empty-doc.html b/WebCore/manual-tests/drop-in-empty-doc.html
new file mode 100644
index 0000000..eae14f8
--- /dev/null
+++ b/WebCore/manual-tests/drop-in-empty-doc.html
@@ -0,0 +1,6 @@
+<!DOCTYPE html>
+<html>
+<body>
+<p>Click <a href="javascript:window.open('resources/drop-in-empty-doc.xhtml')">here</a> to open a new window. Drag and drop a file over the new window. It should not crash.
+</body>
+</html>
diff --git a/BugsSite/data/mail b/WebCore/manual-tests/resources/drop-in-empty-doc.xhtml
similarity index 100%
copy from BugsSite/data/mail
copy to WebCore/manual-tests/resources/drop-in-empty-doc.xhtml
diff --git a/WebCore/page/DragController.cpp b/WebCore/page/DragController.cpp
index eb90f85..3b0dd31 100644
--- a/WebCore/page/DragController.cpp
+++ b/WebCore/page/DragController.cpp
@@ -268,6 +268,7 @@ static HTMLInputElement* asFileInput(Node* node)
return inputElement;
}
+// This can return null if an empty document is loaded.
static Element* elementUnderMouse(Document* documentUnderMouse, const IntPoint& p)
{
Frame* frame = documentUnderMouse->frame();
@@ -284,7 +285,6 @@ static Element* elementUnderMouse(Document* documentUnderMouse, const IntPoint&
if (n)
n = n->shadowAncestorNode();
- ASSERT(n);
return static_cast<Element*>(n);
}
@@ -327,6 +327,8 @@ bool DragController::tryDocumentDrag(DragData* dragData, DragDestinationAction a
IntPoint point = frameView->windowToContents(dragData->clientPosition());
Element* element = elementUnderMouse(m_documentUnderMouse.get(), point);
+ if (!element)
+ return false;
if (!asFileInput(element)) {
VisibleSelection dragCaret = m_documentUnderMouse->frame()->visiblePositionForPoint(point);
m_page->dragCaretController()->setSelection(dragCaret);
@@ -386,6 +388,8 @@ bool DragController::concludeEditDrag(DragData* dragData)
IntPoint point = m_documentUnderMouse->view()->windowToContents(dragData->clientPosition());
Element* element = elementUnderMouse(m_documentUnderMouse.get(), point);
+ if (!element)
+ return false;
Frame* innerFrame = element->ownerDocument()->frame();
ASSERT(innerFrame);
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list