Title: [124399] trunk/Source/WebCore
- Revision
- 124399
- Author
- [email protected]
- Date
- 2012-08-01 18:44:32 -0700 (Wed, 01 Aug 2012)
Log Message
[EFL] Crash at WebCore::toRenderSlider
https://bugs.webkit.org/show_bug.cgi?id=92893
Patch by Mikhail Pozdnyakov <[email protected]> on 2012-08-01
Reviewed by Hajime Morita.
Added a type check before casting a render object to RenderSlider as
an arbitrary element can have for example webkit-appearance: slider-horizontal.
No new tests. Existing test fast/forms/range/slider-appearance-crash.html covers the case.
* platform/efl/RenderThemeEfl.cpp:
(WebCore::RenderThemeEfl::paintThemePart):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (124398 => 124399)
--- trunk/Source/WebCore/ChangeLog 2012-08-02 01:28:10 UTC (rev 124398)
+++ trunk/Source/WebCore/ChangeLog 2012-08-02 01:44:32 UTC (rev 124399)
@@ -1,3 +1,18 @@
+2012-08-01 Mikhail Pozdnyakov <[email protected]>
+
+ [EFL] Crash at WebCore::toRenderSlider
+ https://bugs.webkit.org/show_bug.cgi?id=92893
+
+ Reviewed by Hajime Morita.
+
+ Added a type check before casting a render object to RenderSlider as
+ an arbitrary element can have for example webkit-appearance: slider-horizontal.
+
+ No new tests. Existing test fast/forms/range/slider-appearance-crash.html covers the case.
+
+ * platform/efl/RenderThemeEfl.cpp:
+ (WebCore::RenderThemeEfl::paintThemePart):
+
2012-08-01 Koji Ishii <[email protected]>
Cache support for OpenTypeVerticalData
Modified: trunk/Source/WebCore/platform/efl/RenderThemeEfl.cpp (124398 => 124399)
--- trunk/Source/WebCore/platform/efl/RenderThemeEfl.cpp 2012-08-02 01:28:10 UTC (rev 124398)
+++ trunk/Source/WebCore/platform/efl/RenderThemeEfl.cpp 2012-08-02 01:44:32 UTC (rev 124399)
@@ -326,6 +326,9 @@
// Currently, only sliders needs this message; if other widget ever needs special
// treatment, move them to special functions.
if (type == SliderVertical || type == SliderHorizontal) {
+ if (!object->isSlider())
+ return true; // probably have -webkit-appearance: slider..
+
RenderSlider* renderSlider = toRenderSlider(object);
HTMLInputElement* input = renderSlider->node()->toInputElement();
Edje_Message_Float_Set* msg;
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
