projects / profile / ivi / webkit-efl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 319b9c3) | patch
Crash in in WebCore::EventHandler::mouseMoved.
authorinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 18 Jan 2012 00:33:10 +0000 (00:33 +0000)
committerinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 18 Jan 2012 00:33:10 +0000 (00:33 +0000)
commit8b7877b1c4430dc495ddb01fcc3a0bd4fd55178d
tree0e700a33f530e82c743be8e187b8f234fb7e3f0dtree | snapshot
parent319b9c315cc5c7070b1aab54e06b0e0e5347345bcommit | diff
Crash in in WebCore::EventHandler::mouseMoved.
https://bugs.webkit.org/show_bug.cgi?id=76462

Reviewed by Ryosuke Niwa.

Source/WebCore:

handleMouseMoveEvent call in EventHandler::mouseMoved can
blow away the frame from underneath. Protect it with a frameview
refptr.

Test: fast/events/mouse-moved-remove-frame-crash.html

* page/EventHandler.cpp:
(WebCore::EventHandler::mouseMoved):

LayoutTests:

* fast/events/mouse-moved-remove-frame-crash-expected.txt: Added.
* fast/events/mouse-moved-remove-frame-crash.html: Added.
* fast/events/resources/mouse-move.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@105212 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog diff | blob | history
LayoutTests/fast/events/mouse-moved-remove-frame-crash-expected.txt [new file with mode: 0644] blob
LayoutTests/fast/events/mouse-moved-remove-frame-crash.html [new file with mode: 0644] blob
LayoutTests/fast/events/resources/mouse-move.html [new file with mode: 0644] blob
Source/WebCore/ChangeLog diff | blob | history
Source/WebCore/page/EventHandler.cpp diff | blob | history
Domain: Web Framework / Uncategorized;