From 0f211c1276f2910470b5dd1a5753d65f79df22ba Mon Sep 17 00:00:00 2001 From: KyungTae Kim Date: Mon, 29 Apr 2013 15:24:46 +0900 Subject: [PATCH] Add NULL check routine for frame on FrameView::scrollTo (N_SE-36624) [Title] Add NULL check routine for frame on FrameView::scrollTo [Issue] N_SE-36624 (same with http://slp-info.sec.samsung.net/gerrit/#/c/179408/) [Problem] Segmentation Fault on FrameView::scrollPositionChanged() because the frame() is NULL. [Cause] FrameView::scrollTo was called from resetScrollbars during FrameView destruction. In this case, because the frame() can be NULL, the below codes that access the frame() shouldn't be executed. [Solution] Add NULL check routine. Change-Id: I7eb507659901fd28c3e18969f3798cf84a1062b6 --- Source/WTF/wtf/Platform.h | 1 + Source/WebCore/page/FrameView.cpp | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/Source/WTF/wtf/Platform.h b/Source/WTF/wtf/Platform.h index f8b03c3..29bee99 100644 --- a/Source/WTF/wtf/Platform.h +++ b/Source/WTF/wtf/Platform.h @@ -777,6 +777,7 @@ com) : Patch to do not adjust cover rect as fixed pixel size*/ #define ENABLE_TIZEN_TEXT_CODEC_MEMORY_REDUCTION 1 /*KyungTae Kim(ktf.kim@samsung.com) : Share Encode & Decode buffer for TextCodecUTF8 for memory reduction */ #define ENABLE_TIZEN_ADJUST_CONTENTS_SIZE_FOR_MINUS_X_WORKAROUND 1 /*KyungTae Kim(ktf.kim@samsung.com) : Workaround patch that adjusts contents size of minus x position contents */ #define ENABLE_TIZEN_EWK_CONTEXT_CACHE_MANAGER_NULL_CHECK_WORKAROUND 1 /* KyungTae Kim(ktf.kim@samsung.com) : Add null check to fix crash issue. */ +#define ENABLE_TIZEN_FRAMEVIEW_NULL_CHECK_WORKAROUND 1 /* KyungTae Kim(ktf.kim@samsung.com) : Add null check to fix crash issue. */ #define ENABLE_TIZEN_DO_NOT_APPLY_SCROLLOFFSET_FOR_DELEGATESSCROLLING 1 /* Eunmi Lee(eunmi15.lee@samsung.com) : Fix the wrong position of hitTest result when we do hit test in the subFrame (It should be contributed to the opensource) */ diff --git a/Source/WebCore/page/FrameView.cpp b/Source/WebCore/page/FrameView.cpp index f388d21..8c42246 100755 --- a/Source/WebCore/page/FrameView.cpp +++ b/Source/WebCore/page/FrameView.cpp @@ -2676,6 +2676,12 @@ void FrameView::scrollTo(const IntSize& newOffset) { LayoutSize offset = scrollOffset(); ScrollView::scrollTo(newOffset); +#if ENABLE(TIZEN_FRAMEVIEW_NULL_CHECK_WORKAROUND) + // If it is called from resetScrollbars during FrameView destruction, the frame() can be 0. + // In this case, the below codes that access the frame() shouldn't be executed. + if (!frame()) + return; +#endif if (offset != scrollOffset()) scrollPositionChanged(); frame()->loader()->client()->didChangeScrollOffset(); -- 2.7.4