Crash in in WebCore::EventHandler::mouseMoved.
https://bugs.webkit.org/show_bug.cgi?id=76462
Reviewed by Ryosuke Niwa.
Source/WebCore:
handleMouseMoveEvent call in EventHandler::mouseMoved can
blow away the frame from underneath. Protect it with a frameview
refptr.
Test: fast/events/mouse-moved-remove-frame-crash.html
* page/EventHandler.cpp:
(WebCore::EventHandler::mouseMoved):
LayoutTests:
* fast/events/mouse-moved-remove-frame-crash-expected.txt: Added.
* fast/events/mouse-moved-remove-frame-crash.html: Added.
* fast/events/resources/mouse-move.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@105212
268f45cc-cd09-0410-ab3c-
d52691b4dbfc