Title: [149254] trunk
- Revision
- 149254
- Author
- [email protected]
- Date
- 2013-04-27 20:43:25 -0700 (Sat, 27 Apr 2013)
Log Message
Pressing mouse button inside a dragstart event causes a crash
https://bugs.webkit.org/show_bug.cgi?id=115296
Reviewed by Darin Adler.
Source/WebCore:
Add a missing null pointer check. We should better encapsulate the states in DragState in the long term
but this is good enough for now.
Test: fast/events/mousedown-inside-dragstart-should-not-cause-crash.html
* page/EventHandler.cpp:
(WebCore::EventHandler::handleDrag):
LayoutTests:
Added a regression test. While the bug report involves opening inspector and setting a breakpoint,
a simpler reduction that uses eventSender significantly reduces the complexity.
* fast/events/mousedown-inside-dragstart-should-not-cause-crash-expected.txt: Added.
* fast/events/mousedown-inside-dragstart-should-not-cause-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (149253 => 149254)
--- trunk/LayoutTests/ChangeLog 2013-04-28 03:38:57 UTC (rev 149253)
+++ trunk/LayoutTests/ChangeLog 2013-04-28 03:43:25 UTC (rev 149254)
@@ -1,3 +1,16 @@
+2013-04-27 Ryosuke Niwa <[email protected]>
+
+ Pressing mouse button inside a dragstart event causes a crash
+ https://bugs.webkit.org/show_bug.cgi?id=115296
+
+ Reviewed by Darin Adler.
+
+ Added a regression test. While the bug report involves opening inspector and setting a breakpoint,
+ a simpler reduction that uses eventSender significantly reduces the complexity.
+
+ * fast/events/mousedown-inside-dragstart-should-not-cause-crash-expected.txt: Added.
+ * fast/events/mousedown-inside-dragstart-should-not-cause-crash.html: Added.
+
2013-04-25 Geoffrey Garen <[email protected]>
Cleaned up pre/post inc/dec in bytecode
Added: trunk/LayoutTests/fast/events/mousedown-inside-dragstart-should-not-cause-crash-expected.txt (0 => 149254)
--- trunk/LayoutTests/fast/events/mousedown-inside-dragstart-should-not-cause-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/events/mousedown-inside-dragstart-should-not-cause-crash-expected.txt 2013-04-28 03:43:25 UTC (rev 149254)
@@ -0,0 +1,4 @@
+This tests pressing a mouse button down inside a dragstart event.
+This happens when a user sets a breakpoint of a dragstart event handler in Inspector, and clicks somewhere on the page while the script is paused at the breakpoint. WebKit should not crash.
+
+PASS - mouse up and down inside a dragstart did not crash WebKit
Added: trunk/LayoutTests/fast/events/mousedown-inside-dragstart-should-not-cause-crash.html (0 => 149254)
--- trunk/LayoutTests/fast/events/mousedown-inside-dragstart-should-not-cause-crash.html (rev 0)
+++ trunk/LayoutTests/fast/events/mousedown-inside-dragstart-should-not-cause-crash.html 2013-04-28 03:43:25 UTC (rev 149254)
@@ -0,0 +1,38 @@
+<!DOCTYPE html>
+<html>
+<body>
+<p id="description">
+This tests pressing a mouse button down inside a dragstart event.<br>
+This happens when a user sets a breakpoint of a dragstart event handler in Inspector,
+and clicks somewhere on the page while the script is paused at the breakpoint. WebKit should not crash.
+</p>
+<div id="container"><span id="target" draggable="true" _ondragstart_="onDragStart()">drag me</span></div>
+<script>
+
+if (!window.testRunner || !window.eventSender)
+ document.body.innerHTML = 'This test requires eventSender';
+else {
+ testRunner.dumpAsText();
+
+ var target = document.getElementById('target');
+ var called = false;
+
+ function onDragStart() {
+ called = true;
+ eventSender.mouseUp();
+ eventSender.mouseDown();
+ }
+
+ eventSender.mouseMoveTo(target.offsetLeft + target.offsetWidth / 2, target.offsetTop + target.offsetHeight / 2);
+ eventSender.mouseDown();
+ eventSender.leapForward(100);
+ eventSender.mouseMoveTo(500, 500);
+ eventSender.mouseUp();
+
+ document.getElementById('container').textContent = called ? 'PASS - mouse up and down inside a dragstart did not crash WebKit'
+ : 'FAIL - dragstart was never fired.';
+}
+
+</script>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (149253 => 149254)
--- trunk/Source/WebCore/ChangeLog 2013-04-28 03:38:57 UTC (rev 149253)
+++ trunk/Source/WebCore/ChangeLog 2013-04-28 03:43:25 UTC (rev 149254)
@@ -1,3 +1,18 @@
+2013-04-27 Ryosuke Niwa <[email protected]>
+
+ Pressing mouse button inside a dragstart event causes a crash
+ https://bugs.webkit.org/show_bug.cgi?id=115296
+
+ Reviewed by Darin Adler.
+
+ Add a missing null pointer check. We should better encapsulate the states in DragState in the long term
+ but this is good enough for now.
+
+ Test: fast/events/mousedown-inside-dragstart-should-not-cause-crash.html
+
+ * page/EventHandler.cpp:
+ (WebCore::EventHandler::handleDrag):
+
2013-04-27 Gyuyoung Kim <[email protected]>
Unreviewed build fix when disabling video and video-track.
Modified: trunk/Source/WebCore/page/EventHandler.cpp (149253 => 149254)
--- trunk/Source/WebCore/page/EventHandler.cpp 2013-04-28 03:38:57 UTC (rev 149253)
+++ trunk/Source/WebCore/page/EventHandler.cpp 2013-04-28 03:43:25 UTC (rev 149254)
@@ -3598,7 +3598,7 @@
m_mouseDownMayStartDrag = false;
return true;
}
- if (dragState().shouldDispatchEvents()) {
+ if (dragState().m_dragSrc && dragState().shouldDispatchEvents()) {
// Drag was canned at the last minute - we owe m_dragSrc a DRAGEND event
dispatchDragSrcEvent(eventNames().dragendEvent, event.event());
m_mouseDownMayStartDrag = false;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
