Skip to site navigation (Press enter)

[webkit-changes] [165153] branches/safari-537.75-branch/Source/WebCore

matthew_hanson Wed, 05 Mar 2014 17:41:54 -0800

Title: [165153] branches/safari-537.75-branch/Source/WebCore

Revision: 165153
Author: [email protected]
Date: 2014-03-05 17:47:31 -0800 (Wed, 05 Mar 2014)

Log Message

Merge r158802.


Modified Paths

branches/safari-537.75-branch/Source/WebCore/ChangeLog
branches/safari-537.75-branch/Source/WebCore/html/RangeInputType.cpp
branches/safari-537.75-branch/Source/WebCore/html/shadow/SliderThumbElement.cpp

Diff

Modified: branches/safari-537.75-branch/Source/WebCore/ChangeLog (165152 => 165153)


--- branches/safari-537.75-branch/Source/WebCore/ChangeLog	2014-03-06 01:46:21 UTC (rev 165152)
+++ branches/safari-537.75-branch/Source/WebCore/ChangeLog	2014-03-06 01:47:31 UTC (rev 165153)
@@ -1,5 +1,23 @@
 2014-03-05  Matthew Hanson  <[email protected]>
 
+        Merge r158802.
+
+    2013-11-06  Ryosuke Niwa  <[email protected]>
+
+            Crash in SliderThumbElement::dragFrom
+            https://bugs.webkit.org/show_bug.cgi?id=123873
+
+            Reviewed by Sam Weinig.
+
+            Moved Ref.
+
+            * html/RangeInputType.cpp:
+            (WebCore::RangeInputType::handleMouseDownEvent):
+            * html/shadow/SliderThumbElement.cpp:
+            (WebCore::SliderThumbElement::dragFrom):
+
+2014-03-05  Matthew Hanson  <[email protected]>
+
         Merge r158724.
 
     2013-11-05  Ryosuke Niwa  <[email protected]>

Modified: branches/safari-537.75-branch/Source/WebCore/html/RangeInputType.cpp (165152 => 165153)


--- branches/safari-537.75-branch/Source/WebCore/html/RangeInputType.cpp	2014-03-06 01:46:21 UTC (rev 165152)
+++ branches/safari-537.75-branch/Source/WebCore/html/RangeInputType.cpp	2014-03-06 01:47:31 UTC (rev 165153)
@@ -161,7 +161,7 @@
     ASSERT(element()->shadow());
     if (targetNode != element() && !targetNode->isDescendantOf(element()->userAgentShadowRoot()))
         return;
-    RefPtr<SliderThumbElement> thumb = sliderThumbElementOf(element());
+    SliderThumbElement* thumb = sliderThumbElementOf(element());
     if (targetNode == thumb)
         return;
     thumb->dragFrom(event->absoluteLocation());

Modified: branches/safari-537.75-branch/Source/WebCore/html/shadow/SliderThumbElement.cpp (165152 => 165153)


--- branches/safari-537.75-branch/Source/WebCore/html/shadow/SliderThumbElement.cpp	2014-03-06 01:46:21 UTC (rev 165152)
+++ branches/safari-537.75-branch/Source/WebCore/html/shadow/SliderThumbElement.cpp	2014-03-06 01:47:31 UTC (rev 165153)
@@ -247,6 +247,7 @@
 
 void SliderThumbElement::dragFrom(const LayoutPoint& point)
 {
+    RefPtr<SliderThumbElement> protect(this);
     setPositionFromPoint(point);
     startDragging();
 }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes