Make sure we don't mishandle HTMLFrameOwnerElement lifecycle
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 28 Apr 2016 23:38:09 +0000 (23:38 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 28 Apr 2016 23:38:09 +0000 (23:38 +0000)
commitb1a2567df05944760ccba94e2fbe20d2032a7f1c
tree72e6b82405aa563b28787c7539c2eea7b1483815
parent46ee984805fd435fc158bc49d13625a71abcb137
Make sure we don't mishandle HTMLFrameOwnerElement lifecycle
https://bugs.webkit.org/show_bug.cgi?id=157040

Reviewed by Chris Dumez.

Source/WebCore:

Protect a couple of sites where event handling could result in the owning frame
being destroyed during execution.

Tested by fast/dom/HTMLAnchorElement/anchor-in-noscroll-iframe-crash.html.

* inspector/InspectorDOMAgent.cpp:
(WebCore::InspectorDOMAgent::didCommitLoad):
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::scrollRectToVisible):

LayoutTests:

* fast/dom/HTMLAnchorElement/anchor-in-noscroll-iframe-crash-expected.txt: Added.
* fast/dom/HTMLAnchorElement/anchor-in-noscroll-iframe-crash.html: Added.
* fast/dom/HTMLAnchorElement/resources/iframe-with-anchor-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200216 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/dom/HTMLAnchorElement/anchor-in-noscroll-iframe-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/dom/HTMLAnchorElement/anchor-in-noscroll-iframe-crash.html [new file with mode: 0644]
LayoutTests/fast/dom/HTMLAnchorElement/resources/iframe-with-anchor-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/inspector/InspectorDOMAgent.cpp
Source/WebCore/rendering/RenderLayer.cpp