WebCore:
authoradele@apple.com <adele@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 16 Nov 2007 07:00:50 +0000 (07:00 +0000)
committeradele@apple.com <adele@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 16 Nov 2007 07:00:50 +0000 (07:00 +0000)
        Reviewed by Oliver.

        Fix for <rdar://problem/5566652> CrashTracer: [USER] 3 crashes in Safari at HTMLSelectElement::menuListDefaultEventHandler (reproducible on mactc30.com)

        Test: fast/forms/menulist-no-renderer-onmousedown.html

        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::defaultEventHandler): Nil check the renderer here.  None of the default behavior makes sense if there's no renderer.
        (WebCore::HTMLSelectElement::listBoxDefaultEventHandler): Moved the nil check to the main defaultEventHandler.

LayoutTests:

        Reviewed by Oliver.

        Test for <rdar://problem/5566652> CrashTracer: [USER] 3 crashes in Safari at HTMLSelectElement::menuListDefaultEventHandler (reproducible on mactc30.com)

        * fast/forms/menulist-no-renderer-onmousedown-expected.txt: Added.
        * fast/forms/menulist-no-renderer-onmousedown.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@27843 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/forms/menulist-no-renderer-onmousedown-expected.txt [new file with mode: 0644]
LayoutTests/fast/forms/menulist-no-renderer-onmousedown.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/html/HTMLSelectElement.cpp

index 0779214..bc91248 100644 (file)
@@ -1,3 +1,12 @@
+2007-11-15  Adele Peterson  <adele@apple.com>
+
+        Reviewed by Oliver.
+
+        Test for <rdar://problem/5566652> CrashTracer: [USER] 3 crashes in Safari at HTMLSelectElement::menuListDefaultEventHandler (reproducible on mactc30.com)
+
+        * fast/forms/menulist-no-renderer-onmousedown-expected.txt: Added.
+        * fast/forms/menulist-no-renderer-onmousedown.html: Added.
+
 2007-11-15  Khoo Yit Phang  <khooyp@cs.umd.edu>
 
         Reviewed by Darin.
diff --git a/LayoutTests/fast/forms/menulist-no-renderer-onmousedown-expected.txt b/LayoutTests/fast/forms/menulist-no-renderer-onmousedown-expected.txt
new file mode 100644 (file)
index 0000000..88ad08f
--- /dev/null
@@ -0,0 +1,2 @@
+This tests that we don't crash if a menu list's renderer is destroyed during the mouse down event. 
+
diff --git a/LayoutTests/fast/forms/menulist-no-renderer-onmousedown.html b/LayoutTests/fast/forms/menulist-no-renderer-onmousedown.html
new file mode 100644 (file)
index 0000000..2d1c090
--- /dev/null
@@ -0,0 +1,20 @@
+<html>
+    <head>
+        <script>
+            function test()
+            {
+                if (window.layoutTestController)
+                    layoutTestController.dumpAsText();
+                var sl = document.getElementById('sl');
+                var event = document.createEvent("MouseEvent");
+                event.initMouseEvent("mousedown", true, true, window, 1, sl.offsetLeft, sl.offsetTop, sl.offsetLeft, sl.offsetTop, false, false, false, false, 0, document);
+                sl.dispatchEvent(event);
+            }
+        </script>
+    </head>
+    <body onload="test()">
+        This tests that we don't crash if a menu list's renderer is destroyed during the mouse down event.
+        <br>
+        <select id="sl" onmousedown="this.style.display='none'"><option>test</select>
+    </body>
+</html>
index 8d0c9c6..530f9f5 100644 (file)
@@ -1,3 +1,15 @@
+2007-11-15  Adele Peterson  <adele@apple.com>
+
+        Reviewed by Oliver.
+
+        Fix for <rdar://problem/5566652> CrashTracer: [USER] 3 crashes in Safari at HTMLSelectElement::menuListDefaultEventHandler (reproducible on mactc30.com)
+
+        Test: fast/forms/menulist-no-renderer-onmousedown.html
+
+        * html/HTMLSelectElement.cpp:
+        (WebCore::HTMLSelectElement::defaultEventHandler): Nil check the renderer here.  None of the default behavior makes sense if there's no renderer.
+        (WebCore::HTMLSelectElement::listBoxDefaultEventHandler): Moved the nil check to the main defaultEventHandler.
+
 2007-11-15  Antti Koivisto  <antti@apple.com>
 
         Reviewed by Adele.
index d0c045c..44332e9 100644 (file)
@@ -592,6 +592,9 @@ void HTMLSelectElement::dispatchBlurEvent()
 
 void HTMLSelectElement::defaultEventHandler(Event* evt)
 {
+    if (!renderer())
+        return;
+    
     if (usesMenuList())
         menuListDefaultEventHandler(evt);
     else 
@@ -686,9 +689,6 @@ void HTMLSelectElement::menuListDefaultEventHandler(Event* evt)
 
 void HTMLSelectElement::listBoxDefaultEventHandler(Event* evt)
 {
-    if (!renderer())
-        return;
-
     if (evt->type() == mousedownEvent && evt->isMouseEvent() && static_cast<MouseEvent*>(evt)->button() == LeftButton) {
         focus();