[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198
simon.fraser at apple.com
simon.fraser at apple.com
Sun Feb 20 23:04:25 UTC 2011
The following commit has been merged in the webkit-1.3 branch:
commit 152918ff912041f7c07bda64caddbcae3c4a938a
Author: simon.fraser at apple.com <simon.fraser at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Mon Jan 17 03:49:59 2011 +0000
2011-01-16 Simon Fraser <simon.fraser at apple.com>
Reviewed by Dan Bernstein.
frame-removed-during-resize.html test crashes (shows up as image-map-2.html crash)
https://bugs.webkit.org/show_bug.cgi?id=52549
Fix regression from r75900; m_widget->setFrameRect() can run script that
clears m_widget, so null-check it before calling setBoundsSize().
Tested by fast/replaced/frame-removed-during-resize.html
* rendering/RenderWidget.cpp:
(WebCore::RenderWidget::setWidgetGeometry):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@75906 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index 309f11d..24c7c6d 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,5 +1,20 @@
2011-01-16 Simon Fraser <simon.fraser at apple.com>
+ Reviewed by Dan Bernstein.
+
+ frame-removed-during-resize.html test crashes (shows up as image-map-2.html crash)
+ https://bugs.webkit.org/show_bug.cgi?id=52549
+
+ Fix regression from r75900; m_widget->setFrameRect() can run script that
+ clears m_widget, so null-check it before calling setBoundsSize().
+
+ Tested by fast/replaced/frame-removed-during-resize.html
+
+ * rendering/RenderWidget.cpp:
+ (WebCore::RenderWidget::setWidgetGeometry):
+
+2011-01-16 Simon Fraser <simon.fraser at apple.com>
+
Keep Leopard build happy.
* platform/mac/WidgetMac.mm:
diff --git a/Source/WebCore/rendering/RenderWidget.cpp b/Source/WebCore/rendering/RenderWidget.cpp
index 5387306..056773a 100644
--- a/Source/WebCore/rendering/RenderWidget.cpp
+++ b/Source/WebCore/rendering/RenderWidget.cpp
@@ -174,7 +174,8 @@ bool RenderWidget::setWidgetGeometry(const IntRect& frame, const IntSize& bounds
RenderWidgetProtector protector(this);
RefPtr<Node> protectedNode(node());
m_widget->setFrameRect(frame);
- m_widget->setBoundsSize(boundsSize);
+ if (m_widget) // setFrameRect can run arbitrary script, which might clear m_widget.
+ m_widget->setBoundsSize(boundsSize);
#if USE(ACCELERATED_COMPOSITING)
if (hasLayer() && layer()->isComposited())
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list