Title: [188918] trunk
- Revision
- 188918
- Author
- wenson_hs...@apple.com
- Date
- 2015-08-25 11:00:02 -0700 (Tue, 25 Aug 2015)
Log Message
Fix crash due to search field disappearing when showing results menu
https://bugs.webkit.org/show_bug.cgi?id=148410
<rdar://problem/22399850>
Reviewed by Brent Fulgham.
When clicking on the results button of a search field that hides upon being focused, WebKit will crash because we
attempt to toggle the results menu using the search field's renderer which is null. This is addressed by adding a null
check to make sure the search field has not been hidden before toggling the menu.
Test: fast/forms/search/search-results-hidden-crash.html
* html/shadow/TextControlInnerElements.cpp:
(WebCore::SearchFieldResultsButtonElement::defaultEventHandler): Add a null check for the search field's renderer.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/TestExpectations (188917 => 188918)
--- trunk/LayoutTests/TestExpectations 2015-08-25 17:58:27 UTC (rev 188917)
+++ trunk/LayoutTests/TestExpectations 2015-08-25 18:00:02 UTC (rev 188918)
@@ -18,6 +18,7 @@
fast/scrolling/latching [ Skip ]
fast/forms/search/search-padding-cancel-results-buttons.html [ Skip ]
+fast/forms/search/search-results-hidden-crash.html [ Skip ]
#//////////////////////////////////////////////////////////////////////////////////////////
# End platform-specific tests.
Added: trunk/LayoutTests/fast/forms/search/search-results-hidden-crash-expected.txt (0 => 188918)
--- trunk/LayoutTests/fast/forms/search/search-results-hidden-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/forms/search/search-results-hidden-crash-expected.txt 2015-08-25 18:00:02 UTC (rev 188918)
@@ -0,0 +1 @@
+We did not crash!
Added: trunk/LayoutTests/fast/forms/search/search-results-hidden-crash.html (0 => 188918)
--- trunk/LayoutTests/fast/forms/search/search-results-hidden-crash.html (rev 0)
+++ trunk/LayoutTests/fast/forms/search/search-results-hidden-crash.html 2015-08-25 18:00:02 UTC (rev 188918)
@@ -0,0 +1,32 @@
+<html>
+
+<head>
+ <script>
+ function hideSearchField() {
+ var search = document.getElementsByTagName("input")[0];
+ search.style.display = "none";
+ }
+
+ function setup() {
+ if (window.testRunner) {
+ testRunner.dumpAsText();
+ window.eventSender.mouseMoveTo(10, 10);
+ window.eventSender.mouseDown();
+ window.eventSender.mouseUp();
+ }
+ }
+ </script>
+
+ <style>
+ body, input {
+ margin: 0;
+ }
+ </style>
+</head>
+
+<body _onload_="setup()">
+ <input _onfocus_="hideSearchField()" type="search" results="5"></input>
+ <p>We did not crash!</p>
+</body>
+
+</html>
Modified: trunk/LayoutTests/platform/mac/TestExpectations (188917 => 188918)
--- trunk/LayoutTests/platform/mac/TestExpectations 2015-08-25 17:58:27 UTC (rev 188917)
+++ trunk/LayoutTests/platform/mac/TestExpectations 2015-08-25 18:00:02 UTC (rev 188918)
@@ -11,6 +11,7 @@
fast/scrolling/latching [ Pass ]
fast/forms/search/search-padding-cancel-results-buttons.html [ Pass ]
+fast/forms/search/search-results-hidden-crash.html [ Pass ]
#//////////////////////////////////////////////////////////////////////////////////////////
# End platform-specific directories.
Modified: trunk/Source/WebCore/ChangeLog (188917 => 188918)
--- trunk/Source/WebCore/ChangeLog 2015-08-25 17:58:27 UTC (rev 188917)
+++ trunk/Source/WebCore/ChangeLog 2015-08-25 18:00:02 UTC (rev 188918)
@@ -1,3 +1,20 @@
+2015-08-25 Wenson Hsieh <wenson_hs...@apple.com>
+
+ Fix crash due to search field disappearing when showing results menu
+ https://bugs.webkit.org/show_bug.cgi?id=148410
+ <rdar://problem/22399850>
+
+ Reviewed by Brent Fulgham.
+
+ When clicking on the results button of a search field that hides upon being focused, WebKit will crash because we
+ attempt to toggle the results menu using the search field's renderer which is null. This is addressed by adding a null
+ check to make sure the search field has not been hidden before toggling the menu.
+
+ Test: fast/forms/search/search-results-hidden-crash.html
+
+ * html/shadow/TextControlInnerElements.cpp:
+ (WebCore::SearchFieldResultsButtonElement::defaultEventHandler): Add a null check for the search field's renderer.
+
2015-08-25 Chris Dumez <cdu...@apple.com>
compareDocumentPosition() should report PRECEDING or FOLLOWING information even if nodes are disconnected
Modified: trunk/Source/WebCore/html/shadow/TextControlInnerElements.cpp (188917 => 188918)
--- trunk/Source/WebCore/html/shadow/TextControlInnerElements.cpp 2015-08-25 17:58:27 UTC (rev 188917)
+++ trunk/Source/WebCore/html/shadow/TextControlInnerElements.cpp 2015-08-25 18:00:02 UTC (rev 188918)
@@ -147,11 +147,13 @@
input->focus();
input->select();
#if !PLATFORM(IOS)
- RenderSearchField& renderer = downcast<RenderSearchField>(*input->renderer());
- if (renderer.popupIsVisible())
- renderer.hidePopup();
- else if (input->maxResults() > 0)
- renderer.showPopup();
+ if (RenderObject* renderer = input->renderer()) {
+ RenderSearchField& searchFieldRenderer = downcast<RenderSearchField>(*renderer);
+ if (searchFieldRenderer.popupIsVisible())
+ searchFieldRenderer.hidePopup();
+ else if (input->maxResults() > 0)
+ searchFieldRenderer.showPopup();
+ }
#endif
event->setDefaultHandled();
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
