Title: [158802] trunk/Source/WebCore
- Revision
- 158802
- Author
- [email protected]
- Date
- 2013-11-06 16:20:03 -0800 (Wed, 06 Nov 2013)
Log Message
Crash in SliderThumbElement::dragFrom
https://bugs.webkit.org/show_bug.cgi?id=123873
Reviewed by Sam Weinig.
Moved Ref.
* html/RangeInputType.cpp:
(WebCore::RangeInputType::handleMouseDownEvent):
* html/shadow/SliderThumbElement.cpp:
(WebCore::SliderThumbElement::dragFrom):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (158801 => 158802)
--- trunk/Source/WebCore/ChangeLog 2013-11-07 00:04:52 UTC (rev 158801)
+++ trunk/Source/WebCore/ChangeLog 2013-11-07 00:20:03 UTC (rev 158802)
@@ -1,3 +1,17 @@
+2013-11-06 Ryosuke Niwa <[email protected]>
+
+ Crash in SliderThumbElement::dragFrom
+ https://bugs.webkit.org/show_bug.cgi?id=123873
+
+ Reviewed by Sam Weinig.
+
+ Moved Ref.
+
+ * html/RangeInputType.cpp:
+ (WebCore::RangeInputType::handleMouseDownEvent):
+ * html/shadow/SliderThumbElement.cpp:
+ (WebCore::SliderThumbElement::dragFrom):
+
2013-11-06 Daniel Bates <[email protected]>
Cleanup FontMac.mm
Modified: trunk/Source/WebCore/html/RangeInputType.cpp (158801 => 158802)
--- trunk/Source/WebCore/html/RangeInputType.cpp 2013-11-07 00:04:52 UTC (rev 158801)
+++ trunk/Source/WebCore/html/RangeInputType.cpp 2013-11-07 00:20:03 UTC (rev 158802)
@@ -149,10 +149,10 @@
ASSERT(element().shadowRoot());
if (targetNode != &element() && !targetNode->isDescendantOf(element().userAgentShadowRoot()))
return;
- Ref<SliderThumbElement> thumb(typedSliderThumbElement());
- if (targetNode == &thumb.get())
+ SliderThumbElement& thumb = typedSliderThumbElement();
+ if (targetNode == &thumb)
return;
- thumb->dragFrom(event->absoluteLocation());
+ thumb.dragFrom(event->absoluteLocation());
}
#if ENABLE(TOUCH_EVENTS)
Modified: trunk/Source/WebCore/html/shadow/SliderThumbElement.cpp (158801 => 158802)
--- trunk/Source/WebCore/html/shadow/SliderThumbElement.cpp 2013-11-07 00:04:52 UTC (rev 158801)
+++ trunk/Source/WebCore/html/shadow/SliderThumbElement.cpp 2013-11-07 00:20:03 UTC (rev 158802)
@@ -232,6 +232,7 @@
void SliderThumbElement::dragFrom(const LayoutPoint& point)
{
+ Ref<SliderThumbElement> protect(*this);
setPositionFromPoint(point);
startDragging();
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
