Title: [96654] trunk
- Revision
- 96654
- Author
- [email protected]
- Date
- 2011-10-04 15:30:49 -0700 (Tue, 04 Oct 2011)
Log Message
occasional crash in Chromium in dispatching keyEvent
https://bugs.webkit.org/show_bug.cgi?id=67941
Patch by Scott Graham <[email protected]> on 2011-10-04
Reviewed by Tony Chang.
Source/WebKit/chromium:
Guard Frame while handling keyEvent, as it can lose last reference due
to actions of handler.
* src/WebViewImpl.cpp:
(WebKit::WebViewImpl::keyEvent):
LayoutTests:
* fast/events/keyevent-iframe-removed-crash-expected.txt: Added.
* fast/events/keyevent-iframe-removed-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (96653 => 96654)
--- trunk/LayoutTests/ChangeLog 2011-10-04 22:28:54 UTC (rev 96653)
+++ trunk/LayoutTests/ChangeLog 2011-10-04 22:30:49 UTC (rev 96654)
@@ -1,3 +1,13 @@
+2011-10-04 Scott Graham <[email protected]>
+
+ occasional crash in Chromium in dispatching keyEvent
+ https://bugs.webkit.org/show_bug.cgi?id=67941
+
+ Reviewed by Tony Chang.
+
+ * fast/events/keyevent-iframe-removed-crash-expected.txt: Added.
+ * fast/events/keyevent-iframe-removed-crash.html: Added.
+
2011-10-04 Adam Barth <[email protected]>
Update XP results for the font shaping patch.
Added: trunk/LayoutTests/fast/events/keyevent-iframe-removed-crash-expected.txt (0 => 96654)
--- trunk/LayoutTests/fast/events/keyevent-iframe-removed-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/events/keyevent-iframe-removed-crash-expected.txt 2011-10-04 22:30:49 UTC (rev 96654)
@@ -0,0 +1,3 @@
+This test passes if it does not crash. Move the mouse out of the window, and then press any key.
+
+PASS
Added: trunk/LayoutTests/fast/events/keyevent-iframe-removed-crash.html (0 => 96654)
--- trunk/LayoutTests/fast/events/keyevent-iframe-removed-crash.html (rev 0)
+++ trunk/LayoutTests/fast/events/keyevent-iframe-removed-crash.html 2011-10-04 22:30:49 UTC (rev 96654)
@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+ function go() {
+ var fr = document.createElement('iframe');
+ fr.id = "blorp";
+ document.body.appendChild(fr);
+ fr.contentDocument.body.innerHTML = '<p id="a">move mouse out of the window, and press a key</p>';
+ fr.contentDocument.body._onkeydown_ = function(e) {
+ e.preventDefault();
+ document.body.removeChild(fr);
+ };
+
+ fr.focus();
+
+ if (window.layoutTestController)
+ {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+ setTimeout(nuke, 0);
+ }
+ }
+
+ function nuke() {
+ eventSender.keyDown("x")
+ layoutTestController.notifyDone();
+ }
+</script>
+</head>
+
+<body _onload_="go()">
+ <p>
+ This test passes if it does not crash. Move the mouse out
+ of the window, and then press any key.
+ </p>
+
+ <p>
+ PASS
+ </p>
+</body>
+</html>
Modified: trunk/Source/WebKit/chromium/ChangeLog (96653 => 96654)
--- trunk/Source/WebKit/chromium/ChangeLog 2011-10-04 22:28:54 UTC (rev 96653)
+++ trunk/Source/WebKit/chromium/ChangeLog 2011-10-04 22:30:49 UTC (rev 96654)
@@ -1,3 +1,16 @@
+2011-10-04 Scott Graham <[email protected]>
+
+ occasional crash in Chromium in dispatching keyEvent
+ https://bugs.webkit.org/show_bug.cgi?id=67941
+
+ Reviewed by Tony Chang.
+
+ Guard Frame while handling keyEvent, as it can lose last reference due
+ to actions of handler.
+
+ * src/WebViewImpl.cpp:
+ (WebKit::WebViewImpl::keyEvent):
+
2011-10-04 Anders Carlsson <[email protected]>
Remove PlatformWheelEvent::m_isAccepted
Modified: trunk/Source/WebKit/chromium/src/WebViewImpl.cpp (96653 => 96654)
--- trunk/Source/WebKit/chromium/src/WebViewImpl.cpp 2011-10-04 22:28:54 UTC (rev 96653)
+++ trunk/Source/WebKit/chromium/src/WebViewImpl.cpp 2011-10-04 22:30:49 UTC (rev 96654)
@@ -624,7 +624,7 @@
if (autocompleteHandleKeyEvent(event))
return true;
- Frame* frame = focusedWebCoreFrame();
+ RefPtr<Frame> frame = focusedWebCoreFrame();
if (!frame)
return false;
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
