[webkit-changes] [126669] branches/chromium/1229

Fri, 24 Aug 2012 18:16:00 -0700

Title: [126669] branches/chromium/1229
Revision
126669
Author
[email protected]
Date
2012-08-24 18:16:36 -0700 (Fri, 24 Aug 2012)

Log Message

Merge 124843
BUG=139690
Review URL: https://chromiumcodereview.appspot.com/10867074


Modified Paths




Added Paths

Diff

Copied: branches/chromium/1229/LayoutTests/media/event-queue-crash-expected.txt (from rev 124843, trunk/LayoutTests/media/event-queue-crash-expected.txt) (0 => 126669)


--- branches/chromium/1229/LayoutTests/media/event-queue-crash-expected.txt	                        (rev 0)
+++ branches/chromium/1229/LayoutTests/media/event-queue-crash-expected.txt	2012-08-25 01:16:36 UTC (rev 126669)
@@ -0,0 +1,3 @@
+When an element containing video is removed, WebKit should not crash.
+
+PASS. WebKit didn't crash.

Copied: branches/chromium/1229/LayoutTests/media/event-queue-crash.html (from rev 124843, trunk/LayoutTests/media/event-queue-crash.html) (0 => 126669)


--- branches/chromium/1229/LayoutTests/media/event-queue-crash.html	                        (rev 0)
+++ branches/chromium/1229/LayoutTests/media/event-queue-crash.html	2012-08-25 01:16:36 UTC (rev 126669)
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html>
+<script src=""
+        
+<script>
+    if (window.testRunner) {
+        testRunner.dumpAsText();
+        testRunner.waitUntilDone();
+    }
+
+    function onLoad()
+    {
+        setSrcByTagName('video', findMediaFile('video', 'content/test-25fps'));
+        // Removes the video element here.
+        container.innerHTML = "PASS. WebKit didn't crash.";
+
+        setTimeout(function() {
+            if (window.testRunner)
+                testRunner.notifyDone();
+        }, 10);
+    }
+</script>
+
+<body _onload_="onLoad()">
+    <p>When an element containing video is removed, WebKit should not crash.</p>
+    <div id="container">
+        <div id="contents">
+            <!-- This is required to reproduce. -->
+            <video>
+            <!-- Only if we cannot eval the content of oncanplaythrough (i.e. only if the content of oncanplaythough
+                 has invalid syntax), this test causes a crash. -->
+            <video _oncanplaythrough_='if'>
+        </div>
+    </div>
+</body>
+</html>

Modified: branches/chromium/1229/Source/WebCore/dom/GenericEventQueue.cpp (126668 => 126669)


--- branches/chromium/1229/Source/WebCore/dom/GenericEventQueue.cpp	2012-08-25 01:04:50 UTC (rev 126668)
+++ branches/chromium/1229/Source/WebCore/dom/GenericEventQueue.cpp	2012-08-25 01:16:36 UTC (rev 126669)
@@ -85,6 +85,7 @@
     Vector<RefPtr<Event> > pendingEvents;
     m_pendingEvents.swap(pendingEvents);
 
+    RefPtr<EventTarget> protect(m_owner);
     for (unsigned i = 0; i < pendingEvents.size(); ++i) {
         EventTarget* target = pendingEvents[i]->target() ? pendingEvents[i]->target() : m_owner;
         target->dispatchEvent(pendingEvents[i].release());

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to