[webkit-changes] [145664] branches/safari-536.30-branch

Tue, 12 Mar 2013 18:38:01 -0700

Title: [145664] branches/safari-536.30-branch

Diff

Modified: branches/safari-536.30-branch/LayoutTests/ChangeLog (145663 => 145664)


--- branches/safari-536.30-branch/LayoutTests/ChangeLog	2013-03-13 01:37:09 UTC (rev 145663)
+++ branches/safari-536.30-branch/LayoutTests/ChangeLog	2013-03-13 01:39:56 UTC (rev 145664)
@@ -1,5 +1,19 @@
 2013-03-12  Lucas Forschler  <[email protected]>
 
+        Merge r141858
+
+    2013-02-04  Kent Tamura  <[email protected]>
+
+            Fix crash by <select> type change on focus
+            https://bugs.webkit.org/show_bug.cgi?id=108830
+
+            Reviewed by Abhishek Arya.
+
+            * fast/forms/select/select-change-type-on-focus-expected.txt: Added.
+            * fast/forms/select/select-change-type-on-focus.html: Added.
+
+2013-03-12  Lucas Forschler  <[email protected]>
+
         Merge r140520
 
     2013-01-23  Hajime Morrita  <[email protected]>

Copied: branches/safari-536.30-branch/LayoutTests/fast/forms/select/select-change-type-on-focus-expected.txt (from rev 141858, trunk/LayoutTests/fast/forms/select/select-change-type-on-focus-expected.txt) (0 => 145664)


--- branches/safari-536.30-branch/LayoutTests/fast/forms/select/select-change-type-on-focus-expected.txt	                        (rev 0)
+++ branches/safari-536.30-branch/LayoutTests/fast/forms/select/select-change-type-on-focus-expected.txt	2013-03-13 01:39:56 UTC (rev 145664)
@@ -0,0 +1,10 @@
+Check if select type change on focus doesn't cause crash.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS if not crashed
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Copied: branches/safari-536.30-branch/LayoutTests/fast/forms/select/select-change-type-on-focus.html (from rev 141858, trunk/LayoutTests/fast/forms/select/select-change-type-on-focus.html) (0 => 145664)


--- branches/safari-536.30-branch/LayoutTests/fast/forms/select/select-change-type-on-focus.html	                        (rev 0)
+++ branches/safari-536.30-branch/LayoutTests/fast/forms/select/select-change-type-on-focus.html	2013-03-13 01:39:56 UTC (rev 145664)
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<script src=""
+<div tabindex="04">
+<select _onfocus_="this.size = 10">
+<optgroup tabindex="20"></optgroup>
+</select>
+<script>
+description('Check if select type change on focus doesn\'t cause crash.');
+if (!window.eventSender)
+    debug('Requires DRT/WRT.');
+eventSender.keyDown('\t');
+eventSender.keyDown('\t');
+eventSender.keyDown(' ');
+testPassed('if not crashed');
+</script>
+<script src=""
+</div>

Modified: branches/safari-536.30-branch/Source/WebCore/ChangeLog (145663 => 145664)


--- branches/safari-536.30-branch/Source/WebCore/ChangeLog	2013-03-13 01:37:09 UTC (rev 145663)
+++ branches/safari-536.30-branch/Source/WebCore/ChangeLog	2013-03-13 01:39:56 UTC (rev 145664)
@@ -1,5 +1,22 @@
 2013-03-12  Lucas Forschler  <[email protected]>
 
+        Merge r141858
+
+    2013-02-04  Kent Tamura  <[email protected]>
+
+            Fix crash by <select> type change on focus
+            https://bugs.webkit.org/show_bug.cgi?id=108830
+
+            Reviewed by Abhishek Arya.
+
+            Test: fast/forms/select/select-change-type-on-focus.html
+
+            * html/HTMLSelectElement.cpp:
+            (WebCore::HTMLSelectElement::menuListDefaultEventHandler):
+            focus() calls may change the renderer type.
+
+2013-03-12  Lucas Forschler  <[email protected]>
+
         Merge r141851
 
     2013-02-04  Wei James  <[email protected]>

Modified: branches/safari-536.30-branch/Source/WebCore/html/HTMLSelectElement.cpp (145663 => 145664)


--- branches/safari-536.30-branch/Source/WebCore/html/HTMLSelectElement.cpp	2013-03-13 01:37:09 UTC (rev 145663)
+++ branches/safari-536.30-branch/Source/WebCore/html/HTMLSelectElement.cpp	2013-03-13 01:39:56 UTC (rev 145664)
@@ -1106,9 +1106,9 @@
             if (keyCode == ' ' || keyCode == '\r') {
                 focus();
 
-                // Calling focus() may cause us to lose our renderer, in which case
-                // do not want to handle the event.
-                if (!renderer())
+                // Calling focus() may remove the renderer or change the
+                // renderer type.
+                if (!renderer() || !renderer()->isMenuList())
                     return;
 
                 // Save the selection so it can be compared to the new selection
@@ -1124,9 +1124,9 @@
             if (keyCode == ' ') {
                 focus();
 
-                // Calling focus() may cause us to lose our renderer, in which case
-                // do not want to handle the event.
-                if (!renderer())
+                // Calling focus() may remove the renderer or change the
+                // renderer type.
+                if (!renderer() || !renderer()->isMenuList())
                     return;
 
                 // Save the selection so it can be compared to the new selection

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to