Title: [114379] trunk
- Revision
- 114379
- Author
- commit-qu...@webkit.org
- Date
- 2012-04-17 08:20:01 -0700 (Tue, 17 Apr 2012)
Log Message
REGRESSION (r105453): Crash when handling touch events
https://bugs.webkit.org/show_bug.cgi?id=81958
Patch by Yong Li <y...@rim.com> on 2012-04-17
Reviewed by Antonio Gomes.
.:
Add a manual test for this issue because DumpRenderTree
currently cannot send a group of touch points with
different touch states in one shot.
* ManualTests/resources/iframe-reloaded-on-touch.html: Added.
* ManualTests/touch-stale-iframe-crash.html: Added.
Source/WebCore:
Always perform sanity checks when handling every touch point
because the node and document may have been destroyed or detached.
ManualTests/touch-stale-iframe-crash.html added.
(DumpRenderTree doesn't support transiting touch states in one shot yet)
* page/EventHandler.cpp:
(WebCore::EventHandler::handleTouchEvent):
Modified Paths
Added Paths
Diff
Modified: trunk/ChangeLog (114378 => 114379)
--- trunk/ChangeLog 2012-04-17 15:18:37 UTC (rev 114378)
+++ trunk/ChangeLog 2012-04-17 15:20:01 UTC (rev 114379)
@@ -1,3 +1,17 @@
+2012-04-17 Yong Li <y...@rim.com>
+
+ REGRESSION (r105453): Crash when handling touch events
+ https://bugs.webkit.org/show_bug.cgi?id=81958
+
+ Reviewed by Antonio Gomes.
+
+ Add a manual test for this issue because DumpRenderTree
+ currently cannot send a group of touch points with
+ different touch states in one shot.
+
+ * ManualTests/resources/iframe-reloaded-on-touch.html: Added.
+ * ManualTests/touch-stale-iframe-crash.html: Added.
+
2012-04-17 Kent Tamura <tk...@chromium.org>
Calendar Picker: Support RTL layout
Added: trunk/ManualTests/resources/iframe-reloaded-on-touch.html (0 => 114379)
--- trunk/ManualTests/resources/iframe-reloaded-on-touch.html (rev 0)
+++ trunk/ManualTests/resources/iframe-reloaded-on-touch.html 2012-04-17 15:20:01 UTC (rev 114379)
@@ -0,0 +1,3 @@
+<body>
+<div _ontouchstart_="window.location.reload()" style="background-color:green;height:200px;width:200px">Touch me</div>
+</body>
Added: trunk/ManualTests/touch-stale-iframe-crash.html (0 => 114379)
--- trunk/ManualTests/touch-stale-iframe-crash.html (rev 0)
+++ trunk/ManualTests/touch-stale-iframe-crash.html 2012-04-17 15:20:01 UTC (rev 114379)
@@ -0,0 +1,4 @@
+<body>
+<iframe id="iframe" src=""
+This test passes if it doesn't crash.
+</body>
Modified: trunk/Source/WebCore/ChangeLog (114378 => 114379)
--- trunk/Source/WebCore/ChangeLog 2012-04-17 15:18:37 UTC (rev 114378)
+++ trunk/Source/WebCore/ChangeLog 2012-04-17 15:20:01 UTC (rev 114379)
@@ -1,3 +1,19 @@
+2012-04-17 Yong Li <y...@rim.com>
+
+ REGRESSION (r105453): Crash when handling touch events
+ https://bugs.webkit.org/show_bug.cgi?id=81958
+
+ Reviewed by Antonio Gomes.
+
+ Always perform sanity checks when handling every touch point
+ because the node and document may have been destroyed or detached.
+
+ ManualTests/touch-stale-iframe-crash.html added.
+ (DumpRenderTree doesn't support transiting touch states in one shot yet)
+
+ * page/EventHandler.cpp:
+ (WebCore::EventHandler::handleTouchEvent):
+
2012-04-17 Allan Sandfeld Jensen <allan.jen...@nokia.com>
Asserts in XMLHttpRequestProgressEventThrottle
Modified: trunk/Source/WebCore/page/EventHandler.cpp (114378 => 114379)
--- trunk/Source/WebCore/page/EventHandler.cpp 2012-04-17 15:18:37 UTC (rev 114378)
+++ trunk/Source/WebCore/page/EventHandler.cpp 2012-04-17 15:20:01 UTC (rev 114379)
@@ -3496,8 +3496,15 @@
if (!touchTarget.get())
continue;
+ Document* doc = touchTarget->toNode()->document();
+ if (!doc)
+ continue;
+ if (!doc->hasListenerType(Document::TOUCH_LISTENER))
+ continue;
+ Frame* targetFrame = doc->frame();
+ if (!targetFrame)
+ continue;
- Frame* targetFrame = touchTarget->toNode()->document()->frame();
if (m_frame != targetFrame) {
// pagePoint should always be relative to the target elements containing frame.
pagePoint = documentPointForWindowPoint(targetFrame, point.pos());
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
