Title: [267678] branches/safari-610-branch/Source/WebCore
- Revision
- 267678
- Author
- [email protected]
- Date
- 2020-09-27 13:00:28 -0700 (Sun, 27 Sep 2020)
Log Message
Cherry-pick r267287. rdar://problem/69594243
Crash under WebCore::shouldResetFocusNavigationStartingNode()
https://bugs.webkit.org/show_bug.cgi?id=216714
<rdar://problem/68132047>
Reviewed by Darin Adler.
Protect anchorElement in FrameView::scrollToFragmentInternal() to make sure
it stays alive until the time we pass it to setFocusNavigationStartingNode().
* page/FrameView.cpp:
(WebCore::FrameView::scrollToFragmentInternal):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267287 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-610-branch/Source/WebCore/ChangeLog (267677 => 267678)
--- branches/safari-610-branch/Source/WebCore/ChangeLog 2020-09-27 20:00:25 UTC (rev 267677)
+++ branches/safari-610-branch/Source/WebCore/ChangeLog 2020-09-27 20:00:28 UTC (rev 267678)
@@ -1,5 +1,38 @@
2020-09-27 Alan Coon <[email protected]>
+ Cherry-pick r267287. rdar://problem/69594243
+
+ Crash under WebCore::shouldResetFocusNavigationStartingNode()
+ https://bugs.webkit.org/show_bug.cgi?id=216714
+ <rdar://problem/68132047>
+
+ Reviewed by Darin Adler.
+
+ Protect anchorElement in FrameView::scrollToFragmentInternal() to make sure
+ it stays alive until the time we pass it to setFocusNavigationStartingNode().
+
+ * page/FrameView.cpp:
+ (WebCore::FrameView::scrollToFragmentInternal):
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@267287 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-09-18 Chris Dumez <[email protected]>
+
+ Crash under WebCore::shouldResetFocusNavigationStartingNode()
+ https://bugs.webkit.org/show_bug.cgi?id=216714
+ <rdar://problem/68132047>
+
+ Reviewed by Darin Adler.
+
+ Protect anchorElement in FrameView::scrollToFragmentInternal() to make sure
+ it stays alive until the time we pass it to setFocusNavigationStartingNode().
+
+ * page/FrameView.cpp:
+ (WebCore::FrameView::scrollToFragmentInternal):
+
+2020-09-27 Alan Coon <[email protected]>
+
Cherry-pick r267198. rdar://problem/69594065
[iOS] YouTube does not route video to AirPlay the first time
Modified: branches/safari-610-branch/Source/WebCore/page/FrameView.cpp (267677 => 267678)
--- branches/safari-610-branch/Source/WebCore/page/FrameView.cpp 2020-09-27 20:00:25 UTC (rev 267677)
+++ branches/safari-610-branch/Source/WebCore/page/FrameView.cpp 2020-09-27 20:00:28 UTC (rev 267678)
@@ -2207,12 +2207,12 @@
auto& document = *frame().document();
RELEASE_ASSERT(document.haveStylesheetsLoaded());
- Element* anchorElement = document.findAnchor(fragmentIdentifier);
+ auto anchorElement = makeRefPtr(document.findAnchor(fragmentIdentifier));
- LOG(Scrolling, " anchorElement is %p", anchorElement);
+ LOG(Scrolling, " anchorElement is %p", anchorElement.get());
// Setting to null will clear the current target.
- document.setCSSTarget(anchorElement);
+ document.setCSSTarget(anchorElement.get());
if (is<SVGDocument>(document)) {
if (fragmentIdentifier.isEmpty())
@@ -2229,18 +2229,18 @@
return false;
}
- ContainerNode* scrollPositionAnchor = anchorElement;
+ RefPtr<ContainerNode> scrollPositionAnchor = anchorElement;
if (!scrollPositionAnchor)
scrollPositionAnchor = frame().document();
- maintainScrollPositionAtAnchor(scrollPositionAnchor);
+ maintainScrollPositionAtAnchor(scrollPositionAnchor.get());
// If the anchor accepts keyboard focus, move focus there to aid users relying on keyboard navigation.
if (anchorElement) {
if (anchorElement->isFocusable())
- document.setFocusedElement(anchorElement);
+ document.setFocusedElement(anchorElement.get());
else {
document.setFocusedElement(nullptr);
- document.setFocusNavigationStartingNode(anchorElement);
+ document.setFocusNavigationStartingNode(anchorElement.get());
}
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
