Need to check NULL frame in EventHandler::updateDragAndDrop.
authorjianli@chromium.org <jianli@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 30 Sep 2009 17:52:33 +0000 (17:52 +0000)
committerjianli@chromium.org <jianli@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 30 Sep 2009 17:52:33 +0000 (17:52 +0000)
https://bugs.webkit.org/show_bug.cgi?id=29929

Reviewed by Darin Adler.

WebCore:

Test: http/tests/misc/drag-over-iframe-invalid-source-crash.html

* page/EventHandler.cpp:
(WebCore::EventHandler::updateDragAndDrop):

LayoutTests:

Add a new test for the bug.

* http/tests/misc/drag-over-iframe-invalid-source-crash-expected.txt: Added.
* http/tests/misc/drag-over-iframe-invalid-source-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@48934 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/misc/drag-over-iframe-invalid-source-crash-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/misc/drag-over-iframe-invalid-source-crash.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/page/EventHandler.cpp

index e806ed0..c550f58 100644 (file)
@@ -1,3 +1,15 @@
+2009-09-30  Jian Li  <jianli@chromium.org>
+
+        Reviewed by Darin Adler.
+
+        Need to check NULL frame in EventHandler::updateDragAndDrop.
+        https://bugs.webkit.org/show_bug.cgi?id=29929
+
+        Add a new test for the bug.
+
+        * http/tests/misc/drag-over-iframe-invalid-source-crash-expected.txt: Added.
+        * http/tests/misc/drag-over-iframe-invalid-source-crash.html: Added.
+
 2009-09-29  Simon Fraser  <simon.fraser@apple.com>
 
         Reviewed by Dan Bernstein.
diff --git a/LayoutTests/http/tests/misc/drag-over-iframe-invalid-source-crash-expected.txt b/LayoutTests/http/tests/misc/drag-over-iframe-invalid-source-crash-expected.txt
new file mode 100644 (file)
index 0000000..b4bcccc
--- /dev/null
@@ -0,0 +1,6 @@
+CONSOLE MESSAGE: line 0: Not allowed to load local resource: file:
+This page tests that we don't crash if we drag something to an iframe that has an invalid source.
+
+
+SUCCESS - didn't crash
+
diff --git a/LayoutTests/http/tests/misc/drag-over-iframe-invalid-source-crash.html b/LayoutTests/http/tests/misc/drag-over-iframe-invalid-source-crash.html
new file mode 100644 (file)
index 0000000..3d37326
--- /dev/null
@@ -0,0 +1,22 @@
+<head>
+<script>
+window.onload = function () {
+    if (window.layoutTestController)
+        layoutTestController.dumpAsText(); 
+
+    var abe = document.getElementById("abe");
+    var dragTarget = document.getElementById("dragTarget");
+
+    eventSender.mouseMoveTo(abe.offsetLeft + 50, abe.offsetTop + 50);
+    eventSender.mouseDown();
+    eventSender.leapForward(500);
+    eventSender.mouseMoveTo(dragTarget.offsetLeft + 10, dragTarget.offsetTop + 10);
+    eventSender.mouseUp();
+}
+</script>
+</head>
+
+<p>This page tests that we don't crash if we drag something to an iframe that has an invalid source.</p>
+<img id="abe" src="http://127.0.0.1:8000/security/resources/abe.png">
+<div>SUCCESS - didn't crash</div>
+<iframe id="dragTarget" src="file:"></iframe> 
index aa028b9..bb61c35 100644 (file)
@@ -1,3 +1,15 @@
+2009-09-30  Jian Li  <jianli@chromium.org>
+
+        Reviewed by Darin Adler.
+
+        Need to check NULL frame in EventHandler::updateDragAndDrop.
+        https://bugs.webkit.org/show_bug.cgi?id=29929
+
+        Test: http/tests/misc/drag-over-iframe-invalid-source-crash.html
+
+        * page/EventHandler.cpp:
+        (WebCore::EventHandler::updateDragAndDrop):
+
 2009-09-29  Simon Fraser  <simon.fraser@apple.com>
 
         Reviewed by Dan Bernstein.
index 1075e72..4a63c9c 100644 (file)
@@ -1528,15 +1528,15 @@ bool EventHandler::updateDragAndDrop(const PlatformMouseEvent& event, Clipboard*
         // it is sometimes incorrect when dragging within subframes, as seen with
         // LayoutTests/fast/events/drag-in-frames.html.
         if (newTarget) {
-            if (newTarget->hasTagName(frameTag) || newTarget->hasTagName(iframeTag))
-                accept = static_cast<HTMLFrameElementBase*>(newTarget)->contentFrame()->eventHandler()->updateDragAndDrop(event, clipboard);
+            Frame* frame = (newTarget->hasTagName(frameTag) || newTarget->hasTagName(iframeTag)) ? static_cast<HTMLFrameElementBase*>(newTarget)->contentFrame() : 0;
+            if (frame)
+                accept = frame->eventHandler()->updateDragAndDrop(event, clipboard);
             else
                 accept = dispatchDragEvent(eventNames().dragenterEvent, newTarget, event, clipboard);
         }
 
         if (m_dragTarget) {
-            Frame* frame = (m_dragTarget->hasTagName(frameTag) || m_dragTarget->hasTagName(iframeTag)) 
-                            ? static_cast<HTMLFrameElementBase*>(m_dragTarget.get())->contentFrame() : 0;
+            Frame* frame = (m_dragTarget->hasTagName(frameTag) || m_dragTarget->hasTagName(iframeTag)) ? static_cast<HTMLFrameElementBase*>(m_dragTarget.get())->contentFrame() : 0;
             if (frame)
                 accept = frame->eventHandler()->updateDragAndDrop(event, clipboard);
             else
@@ -1544,8 +1544,9 @@ bool EventHandler::updateDragAndDrop(const PlatformMouseEvent& event, Clipboard*
         }
     } else {
         if (newTarget) {
-            if (newTarget->hasTagName(frameTag) || newTarget->hasTagName(iframeTag))
-                accept = static_cast<HTMLFrameElementBase*>(newTarget)->contentFrame()->eventHandler()->updateDragAndDrop(event, clipboard);
+            Frame* frame = (newTarget->hasTagName(frameTag) || newTarget->hasTagName(iframeTag)) ? static_cast<HTMLFrameElementBase*>(newTarget)->contentFrame() : 0;
+            if (frame)
+                accept = frame->eventHandler()->updateDragAndDrop(event, clipboard);
             else
                 accept = dispatchDragEvent(eventNames().dragoverEvent, newTarget, event, clipboard);
         }