[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.2.3-2-60-g76add97

Gustavo Noronha Silva gns at gnome.org
Sun Oct 17 22:27:42 UTC 2010 

The following commit has been merged in the debian/unstable branch:
commit 8f3b51f8785c744e034c5de7a733be75de24642e
Author: tony at chromium.org <tony at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Aug 20 19:23:56 2010 +0000

    2010-08-20  Tony Chang  <tony at chromium.org>
    
            Reviewed by Adam Barth.
    
            crash when trying to access a stale Node pointer in FocusController::setFocusedNode
            https://bugs.webkit.org/show_bug.cgi?id=44226
    
            * fast/events/focus-change-crash2-expected.txt: Added.
            * fast/events/focus-change-crash2.html: Added.
    2010-08-20  Tony Chang  <tony at chromium.org>
    
            Reviewed by Adam Barth.
    
            crash when trying to access a stale Node pointer in FocusController::setFocusedNode
            https://bugs.webkit.org/show_bug.cgi?id=44226
    
            Test: fast/events/focus-change-crash2.html
    
            * page/FocusController.cpp:
            (WebCore::FocusController::setFocusedNode): add a ref to prevent the focused node from being deleted
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@65748 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 891bfb6..f5c36b0 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-08-20  Tony Chang  <tony at chromium.org>
+
+        Reviewed by Adam Barth.
+
+        crash when trying to access a stale Node pointer in FocusController::setFocusedNode
+        https://bugs.webkit.org/show_bug.cgi?id=44226
+
+        * fast/events/focus-change-crash2-expected.txt: Added.
+        * fast/events/focus-change-crash2.html: Added.
+
 2010-08-12  Justin Schuh  <jschuh at chromium.org>
 
         Reviewed by Dumitru Daniliuc.
diff --git a/LayoutTests/fast/events/focus-change-crash2-expected.txt b/LayoutTests/fast/events/focus-change-crash2-expected.txt
new file mode 100644
index 0000000..9a6441f
--- /dev/null
+++ b/LayoutTests/fast/events/focus-change-crash2-expected.txt
@@ -0,0 +1,3 @@
+This tests a crash when changing focus deletes the node being focused. This test requires DRT.
+
+PASSED
diff --git a/LayoutTests/fast/events/focus-change-crash2.html b/LayoutTests/fast/events/focus-change-crash2.html
new file mode 100644
index 0000000..7800465
--- /dev/null
+++ b/LayoutTests/fast/events/focus-change-crash2.html
@@ -0,0 +1,31 @@
+<p>This tests a crash when changing focus deletes the node being focused. This test requires DRT.</p>
+<div id='test'><input id='1' /><input id='2' /></div>
+<script>
+function runTest()
+{
+    document.getElementById("1").addEventListener("keypress", function(e) {
+        document.getElementById("2").focus();
+
+        setTimeout(function() {
+            document.getElementById("test").innerHTML = "PASSED";
+            layoutTestController.notifyDone();
+        }, 0);
+    }, false);
+
+    document.getElementById("1").addEventListener("change", function(e) {
+        document.getElementById("test").innerHTML = "<input id='3' />";
+        window.GCController.collect();
+        document.getElementById("3").focus();
+    }, false);
+
+    document.getElementById("1").focus();
+
+    if (window.layoutTestController) {
+        layoutTestController.dumpAsText();
+        layoutTestController.waitUntilDone();
+        eventSender.keyDown("a")
+    }
+}
+
+runTest();
+</script>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index a01dd1e..a0bdb88 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-08-20  Tony Chang  <tony at chromium.org>
+
+        Reviewed by Adam Barth.
+
+        crash when trying to access a stale Node pointer in FocusController::setFocusedNode
+        https://bugs.webkit.org/show_bug.cgi?id=44226
+
+        Test: fast/events/focus-change-crash2.html
+
+        * page/FocusController.cpp:
+        (WebCore::FocusController::setFocusedNode): add a ref to prevent the focused node from being deleted
+
 2010-08-12  Justin Schuh  <jschuh at chromium.org>
 
         Reviewed by Dumitru Daniliuc.
diff --git a/WebCore/page/FocusController.cpp b/WebCore/page/FocusController.cpp
index 920e8b3..9ad4167 100644
--- a/WebCore/page/FocusController.cpp
+++ b/WebCore/page/FocusController.cpp
@@ -496,11 +496,14 @@ bool FocusController::setFocusedNode(Node* node, PassRefPtr<Frame> newFocusedFra
         oldDocument->setFocusedNode(0);
     
     setFocusedFrame(newFocusedFrame);
-    
+
+    // Setting the focused node can result in losing our last reft to node when JS event handlers fire.
+    RefPtr<Node> protect = node;
     if (newDocument)
         newDocument->setFocusedNode(node);
-    
-    m_page->editorClient()->setInputMethodState(node->shouldUseInputMethod());
+
+    if (newDocument->focusedNode() == node)
+        m_page->editorClient()->setInputMethodState(node->shouldUseInputMethod());
 
     return true;
 }

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list